last executing test programs:

4m20.326817931s ago: executing program 1 (id=69):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e00)={&(0x7f0000000c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc8, 0xc8, 0x3, [@struct={0xa, 0x1, 0x0, 0x4, 0x0, 0x3, [{0xf, 0x1, 0x1}]}, @union={0x8, 0x5, 0x0, 0x5, 0x1, 0xfffffff7, [{0x3, 0x5, 0xeaa}, {0xb, 0x4, 0x8}, {0x7, 0x1, 0x80000001}, {0xa, 0x1, 0x7}, {0x0, 0x3, 0x4}]}, @decl_tag={0xe, 0x0, 0x0, 0x11, 0x3}, @volatile={0x8, 0x0, 0x0, 0x9, 0x4}, @typedef={0xb}, @var={0xb, 0x0, 0x0, 0xe, 0x1, 0x2}, @struct={0x3, 0x0, 0x0, 0x4, 0x0, 0x5}, @enum64={0x3, 0x2, 0x0, 0x13, 0x0, 0x0, [{0x9, 0x34d2f723, 0x8}, {0x1, 0x31, 0x2afee35e}]}]}, {0x0, [0x0]}}, &(0x7f0000000dc0)=""/14, 0xe3, 0xe, 0x1, 0x3, 0x10000, @value}, 0x28)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x10)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000080), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r6=>0x0})
sendmsg$can_bcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
sendmsg$can_bcm(r5, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r6}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r5], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3000490, &(0x7f0000000280)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@bsdgroups}, {@auto_da_alloc}, {@jqfmt_vfsv1}, {@nouid32}, {@journal_dev={'journal_dev', 0x3d, 0x9}}, {@grpjquota}, {}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b)
fadvise64(r8, 0x100e2, 0x8, 0x4)
r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r9}, './file0\x00'})
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_tracing={0x1a, 0x14, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}, [@map_val={0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffff8}}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x1}]}, &(0x7f0000000140)='syzkaller\x00', 0x400, 0x0, 0x0, 0x41100, 0x38, '\x00', r6, 0x1a, r9, 0x8, &(0x7f00000002c0)={0x3, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xb998, 0xffffffffffffffff, 0x7, &(0x7f00000003c0)=[0x1, r10, r0, r0, r3, r0], &(0x7f0000000400)=[{0x1, 0x2, 0xb, 0x7}, {0x5, 0x4, 0xf, 0xa}, {0x0, 0x3, 0x9, 0x5}, {0x0, 0x4, 0xe}, {0x4, 0x4, 0x7, 0x1}, {0x5, 0x5, 0x7, 0x5}, {0x1, 0x2, 0x0, 0x4}], 0x10, 0x6, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x7, 0x8, 0x8000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

4m19.163993754s ago: executing program 1 (id=72):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
recvmmsg(r4, &(0x7f0000002ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=""/126, 0x56}, {&(0x7f00000013c0)=""/145, 0x91}, {&(0x7f00000000c0)=""/145, 0x91}, {&(0x7f0000001480)=""/4106, 0x100a}], 0x4}, 0x4}], 0x18, 0x40, 0x0)
recvmsg$can_j1939(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/4, 0x4}], 0x1}, 0x0)

4m18.790394636s ago: executing program 1 (id=74):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x515f3157, 0x4, "78e114100985a79874342a70e113343972d01f"})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2)
syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x3811008, &(0x7f0000000140), 0xfe, 0x465, &(0x7f0000001200)="$eJzs3M1vFOUfAPDvzG7L+6/8EF9A0CoaiS8tLS9y8ILRxIMmJnrAeKptIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGGC2hismZ2Z8pSdtvd7rZb3c8nWXienZk83+/MPDvPzLPbAAbWaPZPErE9In6NiJF69e4VRuv/3b55efrPm5enk6hW3/gjqa136+bl6WLVYrtt9Uq1mtc3NWn36tsRU5XK7IW8Pr5w7r3x+YuXnjtzbur07OnZ85PHjx85vH/42OTRnuSZ5XVr74dz+/a88ta116ZPXnvnx6+zeLfnyxvzaEu68iqj9b3b1JMdNbbx7WgoJ+U+BkJHShGRHa6hWv8fiVJsWVw2Ei9/0tfggDVVrVarza7PuStV4D8siX5HAPRHcaHP7n+L1zoNPTaEGyfqN0BZ3rfzV31JefEWf2jJ/W0vjUbEySt/fZG9YjXPIQAAOvRtNv55ttn4L40HGtb7Xz6HsjMi/h8RuyLivojYHRH3R9TWfTAiHuqw/aUzJPeOf9Lrq0qsTdn474V8buvu8V9aG/dlKZfy6Z4dtfyHklNnKrOH8n1yMIY2ZfWJZdr47qVfPmu1rHH8l72y9ouxYB7H9fKSB3QzUwtT3WV9x42PI/aWm+WfRDGNk0TEnojYu8o2zjz91b5Wy1bOfxk9mGeqfhnxVP34X4kl+ReSlvOTE88fmzw6vjkqs4fGi7PiXj/9fPX1Vu13lX8PZMd/a9PzfzH/ncnmiPmLl87W5mvnO2/j6m+ftrynWe35P5y8WSsP5+99MLWwcGEiYjh59d73J+9sW9SL9bP8Dx5o3v93le/siYcjIjuJ90fEIxHxaB77YxHxeEQcWCb/H1584t3O81/mqXwPZfnPrHT8o/H4d14onf3+m87zL2TH/0itdDB/p53Pv3YD7GbfAQAAwL9FWvsOfJKOLZbTdGys/h3+3bE1rczNLzxzau798zP178rvjKG0eNI10vA8dCJ/NlzUJ5fUD+fPjT8vbanVx6bnKjP9Th4G3LYW/T/ze6nf0QFrzu+1YHCt0P+T9YoDWH+u/zC49H8YXPo/DK5m/f+jPsQBrD/Xfxhc+j8MLv0fBldX/X977+IA1lXL38anXf3kv53C391sXnxkrWmEA1Y40dFWkW6EmNe4sG0DhFFu+49ZrLKwqemiPn8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mg/AQAA//9IH+Eq")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x84)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)
getdents64(r3, &(0x7f0000000640)=""/172, 0xac)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1010000, &(0x7f00000002c0)={[{@uni_xlate}, {@numtail}, {@fat=@uid={'uid', 0x3d, 0xee01}}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@shortname_mixed}, {@rodir}], [{@dont_hash}, {@pcr={'pcr', 0x3d, 0x30}}]}, 0x1, 0x364, &(0x7f0000000a00)="$eJzs3U1oY1UbAOA3vWnSGfi+dicKQnQnaJnOTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQmc34OCR5OYmt0naaQerFJ8Hmpy+57znnPtDcntJTp9bjPal6bh8/fq1mJmpRHXxkcW4UYm5yKKwG+NqE2IAwOlwI6X4PeWOmFI54SkBACes9/7/QkQ0Yi6PvP7lYe2Td38AOPX6f/+fOazNzEEVr5zIlACAEzZ2///efdW13k+1+LVa+lQAAHBaPfH0M48urUQ83mjMRKy9udncbMZDw/qly/FSdGI1zsVs3IzILxS6D5Xe44WLK8vnGo3GTvw0F82ImOonNvMrhaWsl1+PhZiNuX5+/2ojpZRd+GRleaHRExG7O73xY62y2ZyOs/3xvz8bq8MLj6KT3lPExZXl841+B821In8nYm9436I7//mYjW+fH3STUvEJxpXlKwvFpIf5m816XBrshQPvgAAAAAAAAAAAAAAAAAAAAAAAwG2ZbwzMDdbPSd3nfKWc+fkJ9b31cfL8/vpAe/n6QKmeIqXfXnug+VYW+9YHGl2fZ9NCggAAAAAAAAAAAAAAAAAAADCwsVWLVqezur6xtd0uF3bWN7amIqIbefnrj744E+NtblGo5kPUIwZDNPrDbrdbKSsapyxiPD3rDl5EPvh0MONym/pgKyZOo35wVafzv3t+fHcYuTsrev5z2CaLyRuYlabx8EjPa//Pp3ScHTUonG9nw0h9fPSrKaVS5I1y+pVnxzuMSkT1+Aduuz0VB7dJ3cJX1168s9j7rc9T7r77Z5+8+s77v7Rbne7I0TuCtfWNm6ndqhSNj7dburu6iFQiL1TKZ0L1sPS9/ZFW9t2vT9319jdHGz2VI692z+eRNlm+OR+PptfyQneaI1VnhunT/Y3orE5POPlvVbiNY3rHe599mNIPPx95iKGpsZeNyt/z6gMAAAAAAAAAAAAAAAAAAJSVvive1/+y7/RhWQ8+dvIzAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/zvD//5cKe7sxEjlK4Y+dCVn11fWNiNq/vZkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzH/RUAAP//GOZaMg==")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)

4m18.350712708s ago: executing program 1 (id=75):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000005c0)={[{@dots}, {@dots}, {@dots}, {@dots}, {@fat=@nfs}, {@fat=@gid}, {@dots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x8b3}}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@dots}, {@dots}, {@fat=@umask={'umask', 0x3d, 0x7fff}}, {@nodots}, {@dots}, {@fat=@tz_utc}, {@nodots}, {@dots}, {@fat=@showexec}, {@nodots}, {@nodots}]}, 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
utimes(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004300), 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4m17.560313632s ago: executing program 1 (id=77):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000ac0)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

4m16.178880989s ago: executing program 1 (id=82):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x2c9ab000)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

4m14.886429496s ago: executing program 32 (id=82):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x2c9ab000)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

2m42.152031465s ago: executing program 2 (id=826):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000080)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_submit(r2, r3, 0x0)
io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0)

2m41.90599532s ago: executing program 2 (id=832):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262)

2m41.728381605s ago: executing program 2 (id=836):
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, 0x0, 0xfe33)

2m41.420768602s ago: executing program 2 (id=840):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2b05090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', 0x0)

2m41.229814475s ago: executing program 2 (id=843):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000200)='-1\x00', 0x3)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={0x0}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000600)=ANY=[@ANYRES16=r2], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
connect$pppoe(r0, &(0x7f00000016c0)={0x18, 0x0, {0x3, @random="3c38448f3736", 'macvlan1\x00'}}, 0x1e)

2m40.542741654s ago: executing program 2 (id=852):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r2, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m40.183882395s ago: executing program 33 (id=852):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r2, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m29.057958138s ago: executing program 6 (id=854):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2b05090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', 0x0)

2m28.893824594s ago: executing program 6 (id=968):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, 0x0, 0x4000010)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x8000004)

2m28.188752107s ago: executing program 6 (id=985):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x5, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x2f}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

2m27.916226504s ago: executing program 34 (id=985):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r1)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x5, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x2f}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

5.982815026s ago: executing program 3 (id=2490):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r3}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x8080, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])
stat(&(0x7f00000001c0)='./file0\x00', 0x0)

5.808742491s ago: executing program 3 (id=2492):
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x8}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r1, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40032043, 0x1})

5.446537468s ago: executing program 3 (id=2493):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$sg(0x0, 0x0, 0x2000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
io_setup(0x6, &(0x7f0000001380)=<r0=>0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x1, 0x800001, 0x0, 0x0, 0x0)
io_submit(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x29fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)
unshare(0x62040200)

4.48031258s ago: executing program 4 (id=2496):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a78000000060a010400000000000000000200000038000480340001800a0001006d617463680000002400028008000100756470000e0003007acc6338a90000b03bd9000008000240000000000900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

4.199916282s ago: executing program 4 (id=2497):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r0}, 0x10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x25, 0x2000, @fd, 0xb, 0x5, 0x8020, 0x7, 0x0, {0x2}})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x3f)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x33, "a4c3ea051fc8f66eedf1c6676b4e9ac4711a3ee41b102a78284f8818400000fe", "c493c69907ac61ee57f3ff6656218f8c880cab0b7f5f977f29b54144914986b5", "7795433781033bb967429b7c68c2566066943f3a566d7fd05557583a535a3b9e", "cba936683f411a1265d9ffb369dbe16de72fd8ee91c60f531196c136add25f43", "3fda464b4ffcb83f5c89e20fe8814b4e26bb81519905d65c5a0ae43be09d9f7b", "9900255a099270427859ce54", 0x43dd5e67, 0x9, 0x4, 0x5, 0x9}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
r2 = creat(0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
ioctl$USBDEVFS_SETCONFIGURATION(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)=0x1)
fchdir(0xffffffffffffffff)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x10000, 0xa)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000080)=0x10001)
syz_emit_ethernet(0x2da, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000fa", 0x2a4, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [{0x3, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000000000000000d8a000000"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x2, 0xe, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x19, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b6e483b108474bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f00000000000000000"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x18, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000))

3.869863679s ago: executing program 3 (id=2499):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_io_uring_setup(0x6883, &(0x7f0000000740)={0x0, 0x101828, 0x10100, 0x3}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000340))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001100)=""/224, 0xe0}], 0x1}, 0x5}], 0x2, 0x10000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007", @ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="6c3223f1260d20381f0dd3a76df02334e4bf8fadf760deeb4fc2bce179e7237fd7611122fe54a09db7f8577e252a3974d78d8dcbf2cb14eb960aa566c09ef53dbe77313d9f0077066095f0dc0afa84f7018a60674a45734375c33ce4001e82078751b0efe7f06010af7c18dcdd7bd7f3ecd166e8bc966d7b9ad7ca70f2db00d63fe16f8899781ff4ad549b7730d76a08ea9416eadb5199f79262c9680447d45fb485f96a33c5ec98fa388c193baae4ab285f862521ae", @ANYRES64=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX])

3.280398694s ago: executing program 5 (id=2501):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f00000001c0)=0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000003c0)={0x3, &(0x7f0000000380)=[{0x4, 0x12, 0x6, 0x40}, {0x800, 0x4, 0xfe, 0x1}, {0x6, 0x1, 0x0, 0x200}]}, 0x10)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
fgetxattr(r3, &(0x7f0000000000)=ANY=[], 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f00000003c0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.098290037s ago: executing program 0 (id=2503):
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x8}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r1, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40032043, 0x1})

3.040228552s ago: executing program 5 (id=2504):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x34)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r2 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000180)=0x10000, 0x4)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$int_in(r2, 0x5452, 0x0)
poll(0x0, 0x0, 0xff16)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x25, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, @void, @value}, 0x94)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r6, &(0x7f0000001580)={0xfc, {"a2e3ad1bed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f3b3568030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x7, &(0x7f0000ffc000/0x4000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, @exit], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
modify_ldt$write(0x1, &(0x7f0000000300)={0x9, 0x20000000, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0))

2.803363808s ago: executing program 0 (id=2505):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
setpriority(0x0, 0x0, 0x2)

2.64059535s ago: executing program 0 (id=2506):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x101, 0x7ffc, 0xcc, 0x0, 0xffffffffffffffff, 0x101, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)

2.603940415s ago: executing program 3 (id=2507):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x88c42, 0x10c)

2.372250763s ago: executing program 4 (id=2508):
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x1000100000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ff8}]})
getitimer(0x1, &(0x7f00000003c0))

2.218733619s ago: executing program 3 (id=2510):
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001680)={0x18, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffc01, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001c80)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x10, 0x0, @fd_index=0x7, 0x8, 0x0, 0x0, 0x9, 0x0, {0x1}})
io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

2.085146274s ago: executing program 4 (id=2511):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, @remote, @mcast1, 0x0, 0x0, 0x9}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, 0x0, 0x7800, 0x1000000}})
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000000), 0x4)
r5 = socket(0x2, 0x3, 0xff)
connect$inet(r5, &(0x7f00000000c0)={0x2, 0xfff9, @multicast1}, 0x10)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0, 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0x844)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x4, r7}, 0x10)

1.707067646s ago: executing program 0 (id=2512):
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
dup2(r0, r0)
pipe(&(0x7f0000000d00)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
lseek(r3, 0x7, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
close(r3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32], 0x20}}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r6}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={0x0, 0x0, 0x0}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x714f, 0x0)

1.502875733s ago: executing program 7 (id=2513):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r3}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x8080, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])
stat(&(0x7f00000001c0)='./file0\x00', 0x0)

1.382220427s ago: executing program 5 (id=2514):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0), 0x0, 0xfffffffd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
mknod$loop(&(0x7f0000000000)='./file1/file0\x00', 0x40, 0x1)
openat(0xffffffffffffff9c, 0x0, 0x105002, 0xdf)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)

1.19703024s ago: executing program 7 (id=2515):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0, 0x0, 0x2}, 0x18)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c00000000000000", @ANYRES32=r1], 0x30}}, 0x0)

1.071229543s ago: executing program 5 (id=2516):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(r3, &(0x7f0000000080)={0x11, 0x4, r4, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x14)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xfff1}, {0xfff1, 0xa}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008010}, 0x40000)

942.053331ms ago: executing program 7 (id=2517):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x5b, 0x7fffffff}]})
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x5e21, @local}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

845.890318ms ago: executing program 7 (id=2518):
r0 = socket(0x10, 0x803, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb8af, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000600)='kfree\x00', r1}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="3400000000000000140012800b00010062617461647600000400028008000a0063"], 0x3c}, 0x1, 0x0, 0x0, 0x44020}, 0xc0b0)

547.648571ms ago: executing program 5 (id=2519):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r2 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18)
fallocate(r1, 0x0, 0x0, 0x1000f4)
io_setup(0x7d, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r2}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r1, 0x0, 0x0, 0xffffffffffffffff}])

463.640215ms ago: executing program 0 (id=2520):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, 0x0, &(0x7f0000000280)='%pS    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

406.440745ms ago: executing program 7 (id=2521):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f0000000040)='./file0\x00', 0x0)

337.373328ms ago: executing program 4 (id=2522):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r0, 0x0)

231.256572ms ago: executing program 7 (id=2523):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x5e, &(0x7f0000000240)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6c}}, {@lazytime}, {@errors_remount}, {@errors_continue}]}, 0x3, 0x44a, &(0x7f00000006c0)="$eJzs271vG2UYAPDn7CSlXyRU5aMfQKAgylfSpKV0YAGBxFAkJBjKGJK0CnUb1ASJVhEEhMqIKjGxIEYk/gImWBAwIbHCjipVKEsLk9HZd43t2E6dOnGpfz/p3Pe9O/d9nrt77ffujQPoW6PpSxKxKyL+iIjharV+h9HqPzdWlqb/WVmaTqJcfuvvpLLf9ZWl6XzX/H0788pAROGzJA40aXfh4qWzU6XS7IWsPr547v3xhYuXnp87N3Vm9szs+ckTJ44dnXjx+OQLXckzzev6/o/mD+57/Z0rb0yfuvLuL98lef4NeXTJaLuNT5bLXW6ut3bXlJOBHgZCR4rVbhqDlf4/HMVYPXnD8dqnPQ0O2FTlcrn8QOvNy2XgLpZEryMAeiP/ok/vf/Nli4Yed4RrL1dvgNK8b2RLdctAFLJ9Bhvub7tpNCJOLf/7dbrE5jyHAACo80M6/nmu2fivELXPhe7N5lBGIuK+iNgTEccjYm9E3B9R2ffBiHiow/YbJ0nWjn8KV2tr5aTDBtaRjv9eyua26sd/+egvRopZbXcl/8Hk9Fxp9kh2TA7H4La0PtGmjR9f/f2LVttqx3/pkrafjwWzOK4ObKt/z8zU4tTt5Fzr2icR+wca8j8ZlQm8fCYgPeT7ImL/BtuYe+bbg622rZ9/G12YZyp/E/FU9fwvR935X73Qkvbzk+P3RGn2yHh+Vaz162+X32zV/m3l3wXp+d/R9Pq/mf9IUjtfu9DJ//7V0+nr5T8/b3lPs9Hrfyh5u1IeytZ9OLW4eGEiYig5WQ26dv3k6nvzer5/mv/hQ837/55YPRIHIiK9iB+OiEci4tEs9sci4vGIONTmKPz8yhPvbTz/zZXmP9PR+V8tDEXjmuaF4tmfvq9rdKST/NPzf6xSOpytuZXPv1uJq9OrGQAAAP6vChGxK5LC2M1yoTA2Vv0b/r2xo1CaX1h89vT8B+dnqr8RGInBQv6ka7jmeehEdluf1ycb6kez58ZfFrdX6mPT86WZXicPfW5ni/6f+qvY6+iATef3WtC/9H/oX/o/9C/9H/pXk/6/vRdxAFuv2ff/xz2IA9h6Df3ftB/0Eff/0L820v99ZsDdoW1fHtq6OIAttbA91v+RvILCmkIU7ogwFDap0OtPJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO74LwAA///lI+j0")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

219.399637ms ago: executing program 4 (id=2524):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
ioctl$EVIOCGBITSW(r1, 0x80044502, 0x0)
setrlimit(0x3, &(0x7f0000000180)={0x9, 0x192c229e})
sendto$inet6(r0, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x6, @mcast1}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f0000000240), 0x3, 0x4e6, &(0x7f0000001240)="$eJzs3d9rXFkdAPDvnSRt2qZNqj7UgrVoJS3amaSxbfChRhB9Kljre4zJJIRMMiEzaZtQJMU/QBB/oU8+6YPgswjSP0GEgr6LLLuU3bbLsg+7O8tM7mzT2ZlkQpNMmvl84PTec+7N/Z4z0zkz557LvQF0rYsRMRERPRFxJSIG0/JMmmJjM1X3e/7s4XQ1JVGp3H03iSQtqx8rSZen0j/rj4gf/zDiZ8nn45bW1hemCoX8SprPlReXc6W19avzi1Nz+bn80sTY6I3xm+PXx0f2rK23vv/Wb3/55x/c+ue37v9v8p3LP69WayDdtrUd7dhoc7/NpvfVXou63ohY2U2wQ6wnbU9fpysCAEBbqr/xvxARX4uIF39o3OpXHQAAABwFle8OxEdJRKVSqZyplwEAAABHSqZ2DWySyabXAgxEJpPNbl7D+6U4mSkUS+VvzhZXl2Y2r5Udir7M7HwhP5JeKzwUfUk1P1pbf5m/1pAfi4izEfHrwRO1fHa6WJjp8LkPAAAA6BanGsb/7w9ujv8BAACAI2ao0xUAAAAA9p3xPwAAABx9Lcf/Se/BVgQAAADYDz+6fbuaKvXnX8/cW1tdKN67OpMvLWQXV6ez08WV5excsThXu2ff4k7HKxSLy9+OpdUHuXK+VM6V1tYnF4urS+XJ2nO9J/OeKAgAAAAH7+xXH/83iYiN75yopapj6bY2xuoT+1s7YD9ldrd7sl/1AA5eT6crAHSMC3yhe5mPB3YY2P+mIb/L0wYAAMBhMPzl15r/Nx8IbzADeehe5v+he5n/h+5l/h+63PGdd+lvteFfbRzfWUIAADgUBmopyWTTucCByGSy2YjTtccC9CWz84X8SESciYj/DPYdr+ZHO11pAAAAAAAAAAAAAAAAAAAAAAAAAHjDVCpJVAAAAIAjLSLzdpI+omt48NJA4/mBY8mHg7VlRNz/493fPZgql1dGq+XvfVZe/n1afq0TZzAAAACARvVxen0cDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB76fmzh9P1dJBxn34vIoaaxe+N/tqy/++DEXHyRRK9W/4uiYiePYi/8SgizjWLn1SrFUMfbNaiMX4mIk4cRPxoHf/UHsSHbva42v9MNPv8ZeJibdn889ebptf19GKr/i9T7/9q/Vyz/u90mzHOP/lbrmX8RxHne5v3P/X4yWv2vz/9yfp6q22VP0UMN/3+SV6JlSsvLudKa+tX5xen5vJz+aWxsdEb4zfHr4+P5GbnC/n036YxfvWVf3yyXftPtog/tEP7L7XZ/o+fPHj2xW3iX/568/f/3Dbxq6/9N9Lvger24fr6xub6Vhf++u8LDUXHtsafadH+nd7/y222/8qdX/y/zV0BgANQWltfmCoU8itWjuxK7wHEqv9/OiRN7uqVv2wtuZO+Mbs+Tuf6JAAAYH+8/NHf6ZoAAAAAAAAAAAAAAAAAAABA93rlpl89EbHXdyM7/uqdBfo711QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG19GgAA//9UPsbW")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0)
sendto$inet6(r0, &(0x7f0000000280)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd26d40a80d556092f1b278a026e27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f", 0x3be, 0x6d91fb6122d8910c, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x40000, 0x0, 0x0)
recvfrom(r0, &(0x7f0000001a80)=""/4053, 0xfd5, 0x40000000, 0x0, 0x0)

209.247379ms ago: executing program 0 (id=2525):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000140), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r0, 0x0, 0x415}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x1, 0x7800, 0x0, 0x3)

0s ago: executing program 5 (id=2526):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x343}}}}}}]}, 0x48}}, 0x0)

kernel console output (not intermixed with test programs):

e0: port 3(team0) entered disabled state
[  257.969216][   T30] audit: type=1326 audit(1749679279.041:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  257.982645][ T9656] team0: entered allmulticast mode
[  258.007919][   T30] audit: type=1326 audit(1749679279.041:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.034064][ T9656] team_slave_0: entered allmulticast mode
[  258.040089][   T30] audit: type=1326 audit(1749679279.041:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.050300][ T9656] team_slave_1: entered allmulticast mode
[  258.064848][   T30] audit: type=1326 audit(1749679279.041:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.095114][   T30] audit: type=1326 audit(1749679279.041:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.114811][ T9656] bridge0: port 3(team0) entered blocking state
[  258.123558][   T30] audit: type=1326 audit(1749679279.041:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.123992][ T9656] bridge0: port 3(team0) entered forwarding state
[  258.154269][   T30] audit: type=1326 audit(1749679279.051:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.179137][   T30] audit: type=1326 audit(1749679279.051:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9650 comm="syz.4.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  258.195251][ T9660] bond0: entered promiscuous mode
[  258.216467][ T9660] dummy0: entered promiscuous mode
[  258.532103][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  258.561865][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_0
[  258.579192][ T9685] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1289'.
[  258.592476][ T9675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  258.601672][ T9675] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.064225][ T9694] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1294'.
[  259.162051][ T9696] ip6gre1: entered allmulticast mode
[  259.192026][ T9698] bond0: entered promiscuous mode
[  259.218608][ T9698] bond_slave_0: entered promiscuous mode
[  259.257215][ T9698] bond_slave_1: entered promiscuous mode
[  259.377240][ T9707] loop5: detected capacity change from 0 to 512
[  259.386442][ T9707] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  259.401810][ T9707] EXT4-fs (loop5): 1 truncate cleaned up
[  259.411631][ T9707] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  259.717581][ T9723] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1306'.
[  259.769891][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.916038][ T9732] ip6gre2: entered allmulticast mode
[  260.005513][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1310'.
[  260.020850][ T9735] IPVS: Error joining to the multicast group
[  260.468763][ T9747] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1314'.
[  260.576041][ T9758] ip6gre1: entered allmulticast mode
[  262.236421][ T9809] smc: net device bond0 erased user defined pnetid SYZ0
[  262.535104][ T9821] loop5: detected capacity change from 0 to 512
[  262.586005][ T9821] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.592208][ T9827] siw: device registration error -23
[  262.614836][ T9821] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  262.678319][ T9821] EXT4-fs error (device loop5): ext4_get_inode_usage:884: inode #12: comm syz.5.1343: corrupted xattr block 6: invalid header
[  262.820560][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.301901][ T9849] loop5: detected capacity change from 0 to 512
[  263.309415][ T9849] EXT4-fs: Ignoring removed nobh option
[  263.388274][ T9849] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.404137][ T9849] EXT4-fs error (device loop5): ext4_lookup:1787: inode #15: comm syz.5.1348: iget: bad i_size value: 15393162788874
[  263.405977][ T9853] netdevsim netdevsim0: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  263.470536][ T9853] netdevsim netdevsim0: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  263.691676][ T9863] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1356'.
[  263.971699][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.239237][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  264.239258][   T30] audit: type=1326 audit(1749679285.421:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.277635][   T30] audit: type=1326 audit(1749679285.421:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.357576][   T30] audit: type=1326 audit(1749679285.421:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.408432][   T30] audit: type=1326 audit(1749679285.421:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.459031][   T30] audit: type=1326 audit(1749679285.421:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.482091][   T30] audit: type=1326 audit(1749679285.481:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.507963][   T30] audit: type=1326 audit(1749679285.481:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.541386][   T30] audit: type=1326 audit(1749679285.481:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.598709][   T30] audit: type=1326 audit(1749679285.481:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.615605][ T9895] loop7: detected capacity change from 0 to 512
[  264.623688][   T30] audit: type=1326 audit(1749679285.481:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9876 comm="syz.3.1363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  264.665213][ T9895] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  264.712910][ T9899] siw: device registration error -23
[  264.724149][ T9895] EXT4-fs (loop7): 1 truncate cleaned up
[  264.738962][ T9895] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  264.875761][ T9909] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1376'.
[  264.907368][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.084041][ T9924] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  265.112771][ T9924] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  265.488345][ T9939] loop4: detected capacity change from 0 to 512
[  265.520793][ T9939] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  265.549857][ T9941] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1389'.
[  265.576632][ T9939] EXT4-fs (loop4): 1 truncate cleaned up
[  265.584911][ T9939] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  265.663878][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.701571][ T9945] netlink: 276 bytes leftover after parsing attributes in process `syz.3.1390'.
[  265.826130][ T9951] loop3: detected capacity change from 0 to 128
[  265.849731][ T9951] FAT-fs (loop3): Directory bread(block 162) failed
[  265.866217][ T9951] FAT-fs (loop3): Directory bread(block 163) failed
[  265.890815][ T9951] FAT-fs (loop3): Directory bread(block 164) failed
[  265.899583][ T9954] netlink: 'syz.7.1392': attribute type 10 has an invalid length.
[  265.928713][ T9951] FAT-fs (loop3): Directory bread(block 165) failed
[  265.973763][ T9951] FAT-fs (loop3): Directory bread(block 166) failed
[  265.998135][ T9951] FAT-fs (loop3): Directory bread(block 167) failed
[  266.031864][ T9951] FAT-fs (loop3): Directory bread(block 168) failed
[  266.040068][ T9954] bridge0: port 3(team0) entered disabled state
[  266.046876][ T9954] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.054715][ T9954] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.065262][ T9951] FAT-fs (loop3): Directory bread(block 169) failed
[  266.078994][ T9949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1390'.
[  266.089305][ T9945] FAT-fs (loop3): Directory bread(block 162) failed
[  266.106293][ T9945] FAT-fs (loop3): Directory bread(block 163) failed
[  266.114436][ T9952] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1392'.
[  266.118887][ T9945] syz.3.1390: attempt to access beyond end of device
[  266.118887][ T9945] loop3: rw=3, sector=226, nr_sectors = 6 limit=128
[  266.138818][ T9954] bridge0: port 3(team0) entered blocking state
[  266.145436][ T9954] bridge0: port 3(team0) entered forwarding state
[  266.152340][ T9954] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.159773][ T9954] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.167401][ T9954] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.172900][ T9945] syz.3.1390: attempt to access beyond end of device
[  266.172900][ T9945] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128
[  266.174635][ T9954] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.202297][ T9954] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  266.257240][ T9952] team0: left allmulticast mode
[  266.277299][ T9952] team_slave_0: left allmulticast mode
[  266.296142][ T9952] team_slave_1: left allmulticast mode
[  266.307817][ T9952] bridge0: port 3(team0) entered disabled state
[  266.334406][ T9952] bridge_slave_1: left allmulticast mode
[  266.340462][ T9952] bridge_slave_1: left promiscuous mode
[  266.347641][ T9952] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.377335][ T9952] bridge_slave_0: left allmulticast mode
[  266.383165][ T9952] bridge_slave_0: left promiscuous mode
[  266.389182][ T9952] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.493155][ T9952] bond0: (slave bridge0): Releasing backup interface
[  266.616608][ T9974] loop0: detected capacity change from 0 to 512
[  266.648743][ T9977] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1400'.
[  266.660915][ T9974] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  266.694461][ T9974] EXT4-fs (loop0): 1 truncate cleaned up
[  266.705307][ T9974] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.717885][ T9978] tipc: Started in network mode
[  266.725706][ T9978] tipc: Node identity ac14140f, cluster identity 4711
[  266.747267][ T9978] tipc: New replicast peer: 255.255.255.255
[  266.761245][ T9978] tipc: Enabled bearer <udp:syz2>, priority 10
[  267.650268][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.693142][ T9989] loop3: detected capacity change from 0 to 256
[  267.870886][ T9996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1408'.
[  267.980400][   T10] tipc: Node number set to 2886997007
[  268.049081][T10003] netlink: 196 bytes leftover after parsing attributes in process `syz.5.1409'.
[  268.209911][T10011] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1415'.
[  268.311651][T10017] loop4: detected capacity change from 0 to 256
[  268.375937][T10022] syzkaller1: entered promiscuous mode
[  268.381727][T10022] syzkaller1: entered allmulticast mode
[  268.771315][T10038] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1428'.
[  268.851865][T10034] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1426'.
[  269.082504][T10049] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1432'.
[  269.095081][T10053] loop5: detected capacity change from 0 to 256
[  269.130009][T10057] syzkaller1: entered promiscuous mode
[  269.135902][T10057] syzkaller1: entered allmulticast mode
[  269.333683][T10065] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1440'.
[  269.435236][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1443'.
[  269.689896][T10082] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1449'.
[  269.827178][T10093] smc: net device bond0 applied user defined pnetid SYZ0
[  269.835845][T10093] smc: net device bond0 erased user defined pnetid SYZ0
[  269.950504][T10099] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1455'.
[  270.223070][T10114] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1459'.
[  270.319999][T10117] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1460'.
[  270.336268][T10120] netlink: 'syz.7.1463': attribute type 10 has an invalid length.
[  270.558258][T10120] team0: left promiscuous mode
[  270.564391][T10120] team_slave_0: left promiscuous mode
[  270.570463][T10120] team_slave_1: left promiscuous mode
[  270.799341][T10142] hub 6-0:1.0: USB hub found
[  270.805230][T10142] hub 6-0:1.0: 1 port detected
[  270.847108][T10145] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1469'.
[  272.965920][T10192] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  273.114513][T10198] bond1: (slave veth0_to_bond): Releasing active interface
[  273.336420][T10208] syzkaller1: entered promiscuous mode
[  273.342049][T10208] syzkaller1: entered allmulticast mode
[  273.423804][T10218] smc: net device bond0 applied user defined pnetid SYZ0
[  273.445003][T10223] smc: net device bond0 erased user defined pnetid SYZ0
[  273.590280][T10232] loop3: detected capacity change from 0 to 256
[  273.615325][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  273.615345][   T30] audit: type=1804 audit(1749679294.801:1342): pid=10232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1501" name="/newroot/304/file1/file0" dev="loop3" ino=1048653 res=1 errno=0
[  273.706743][T10243] netlink: 'syz.5.1500': attribute type 10 has an invalid length.
[  273.736432][T10243] bridge0: entered promiscuous mode
[  273.763470][T10243] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  273.780566][T10229] __nla_validate_parse: 4 callbacks suppressed
[  273.780587][T10229] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1500'.
[  273.798268][T10229] team0: left allmulticast mode
[  273.803450][T10229] team_slave_0: left allmulticast mode
[  273.809044][T10229] team_slave_1: left allmulticast mode
[  273.816408][T10229] bridge0: port 3(team0) entered disabled state
[  273.838404][T10229] bridge_slave_1: left allmulticast mode
[  273.844593][T10229] bridge_slave_1: left promiscuous mode
[  273.850904][T10229] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.863453][T10229] bridge_slave_0: left allmulticast mode
[  273.869276][T10229] bridge_slave_0: left promiscuous mode
[  273.876882][T10229] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.899768][T10248] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1506'.
[  273.911205][T10248] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1506'.
[  273.920792][T10248] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1506'.
[  273.921401][T10229] bond0: (slave bridge0): Releasing backup interface
[  273.941134][T10229] bridge0 (unregistering): left promiscuous mode
[  274.321289][T10261] syzkaller1: entered promiscuous mode
[  274.332756][T10261] syzkaller1: entered allmulticast mode
[  274.340203][T10263] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1514'.
[  274.346550][T10265] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1513'.
[  274.574924][T10273] netlink: 'syz.5.1517': attribute type 10 has an invalid length.
[  274.605658][T10273] team0: left promiscuous mode
[  274.611796][T10273] team_slave_0: left promiscuous mode
[  274.652121][T10273] team_slave_1: left promiscuous mode
[  274.737792][T10278] loop0: detected capacity change from 0 to 256
[  274.801852][   T30] audit: type=1804 audit(1749679295.981:1343): pid=10278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1519" name="/newroot/313/file1/file0" dev="loop0" ino=1048654 res=1 errno=0
[  275.090209][T10291] netlink: 'syz.4.1520': attribute type 10 has an invalid length.
[  275.129688][T10291] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1520'.
[  275.561401][T10299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1526'.
[  275.585176][T10300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1527'.
[  275.617610][T10300] IPVS: Error joining to the multicast group
[  275.904830][T10305] syzkaller1: entered promiscuous mode
[  275.924278][T10305] syzkaller1: entered allmulticast mode
[  276.060681][T10311] smc: net device bond0 applied user defined pnetid SYZ0
[  276.078318][T10314] smc: net device bond0 erased user defined pnetid SYZ0
[  276.093443][T10317] loop4: detected capacity change from 0 to 256
[  276.155863][   T30] audit: type=1804 audit(1749679297.331:1344): pid=10317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1535" name="/newroot/319/file1/file0" dev="loop4" ino=1048655 res=1 errno=0
[  276.309274][T10331] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1539'.
[  276.606012][T10339] netlink: 'syz.0.1541': attribute type 10 has an invalid length.
[  277.014770][T10354] syzkaller1: entered promiscuous mode
[  277.020329][T10354] syzkaller1: entered allmulticast mode
[  277.026913][T10352] hub 6-0:1.0: USB hub found
[  277.032837][T10352] hub 6-0:1.0: 1 port detected
[  277.750094][T10372] loop7: detected capacity change from 0 to 1024
[  278.040676][T10372] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.115616][   T30] audit: type=1800 audit(1749679299.291:1345): pid=10372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1556" name="bus" dev="loop7" ino=18 res=0 errno=0
[  278.125153][T10372] EXT4-fs error (device loop7): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  278.310165][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.744386][T10410] loop4: detected capacity change from 0 to 512
[  278.797508][T10412] __nla_validate_parse: 5 callbacks suppressed
[  278.797529][T10412] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1572'.
[  278.821378][T10410] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  278.842993][T10410] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  278.861592][T10410] EXT4-fs (loop4): mount failed
[  278.981574][T10424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1575'.
[  279.106981][T10429] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1576'.
[  280.171375][T10443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1581'.
[  280.478422][T10452] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1583'.
[  280.500611][T10452] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1583'.
[  280.557310][T10454] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1584'.
[  280.715875][T10463] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1588'.
[  280.857680][T10465] siw: device registration error -23
[  280.882513][T10468] netlink: 'syz.0.1590': attribute type 10 has an invalid length.
[  281.067094][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1595'.
[  281.143278][T10485] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1597'.
[  281.163790][T10485] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  281.173661][T10485] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  281.182498][T10485] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  281.191311][T10485] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  281.293385][T10485] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  281.304729][T10485] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  281.314444][T10485] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  281.324391][T10485] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  281.435484][T10489] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  281.446460][T10489] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  281.851607][T10502] loop7: detected capacity change from 0 to 512
[  281.931066][T10502] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  281.942555][T10502] System zones: 1-12
[  281.962270][T10508] netlink: 'syz.0.1605': attribute type 10 has an invalid length.
[  281.971384][T10502] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.1603: corrupted in-inode xattr: e_value size too large
[  282.022864][T10502] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1603: couldn't read orphan inode 15 (err -117)
[  282.084907][T10502] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  282.124474][T10510] siw: device registration error -23
[  282.229917][T10502] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  282.472158][T10522] IPVS: Error joining to the multicast group
[  282.768736][T10536] netlink: 'syz.5.1616': attribute type 10 has an invalid length.
[  282.863225][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.089586][T10551] netlink: 'syz.3.1624': attribute type 10 has an invalid length.
[  283.450305][T10578] netlink: 'syz.4.1633': attribute type 10 has an invalid length.
[  283.528533][T10585] siw: device registration error -23
[  283.612809][T10578] team0: left promiscuous mode
[  283.620986][T10578] team_slave_0: left promiscuous mode
[  283.641451][T10578] team_slave_1: left promiscuous mode
[  283.660802][T10578] batman_adv: batadv0: Adding interface: team0
[  283.681790][T10578] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.719763][T10578] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  283.907340][T10599] __nla_validate_parse: 9 callbacks suppressed
[  283.907360][T10599] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1639'.
[  284.092095][T10614] siw: device registration error -23
[  284.096473][T10612] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1646'.
[  284.424004][T10627] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1652'.
[  284.565147][T10637] hub 6-0:1.0: USB hub found
[  284.565496][T10637] hub 6-0:1.0: 1 port detected
[  284.753712][T10638] loop0: detected capacity change from 0 to 2048
[  285.028156][   T30] audit: type=1326 audit(1749679306.211:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.028218][   T30] audit: type=1326 audit(1749679306.211:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.030056][   T30] audit: type=1326 audit(1749679306.211:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104656][   T30] audit: type=1326 audit(1749679306.211:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104712][   T30] audit: type=1326 audit(1749679306.211:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104755][   T30] audit: type=1326 audit(1749679306.211:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104803][   T30] audit: type=1326 audit(1749679306.211:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104848][   T30] audit: type=1326 audit(1749679306.211:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104898][   T30] audit: type=1326 audit(1749679306.211:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.104944][   T30] audit: type=1326 audit(1749679306.211:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.4.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  285.134534][T10641] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1655' sets config #1
[  285.574637][T10654] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1661'.
[  285.684143][T10658] loop7: detected capacity change from 0 to 1024
[  285.722825][T10658] EXT4-fs (loop7): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  285.754859][T10664] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1666'.
[  285.824082][T10658] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  286.276171][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.291385][T10679] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1669'.
[  286.517761][T10686] hub 6-0:1.0: USB hub found
[  286.523033][T10686] hub 6-0:1.0: 1 port detected
[  287.617135][T10726] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1686'.
[  287.728499][T10731] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1686'.
[  287.730213][T10728] netdevsim netdevsim0: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  287.773512][T10728] netdevsim netdevsim0: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  287.790899][T10726] loop4: detected capacity change from 0 to 128
[  287.838824][T10726] FAT-fs (loop4): Directory bread(block 162) failed
[  287.852804][T10726] FAT-fs (loop4): Directory bread(block 163) failed
[  287.859457][T10726] FAT-fs (loop4): Directory bread(block 164) failed
[  287.871576][T10726] FAT-fs (loop4): Directory bread(block 165) failed
[  287.878490][T10726] FAT-fs (loop4): Directory bread(block 166) failed
[  287.886272][T10726] FAT-fs (loop4): Directory bread(block 167) failed
[  287.893375][T10726] FAT-fs (loop4): Directory bread(block 168) failed
[  287.906926][T10726] FAT-fs (loop4): Directory bread(block 169) failed
[  288.721551][T10755] smc: net device bond0 applied user defined pnetid SYZ0
[  288.736224][T10756] smc: net device bond0 erased user defined pnetid SYZ0
[  289.024833][T10759] loop0: detected capacity change from 0 to 8192
[  289.112202][T10765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1703'.
[  289.154370][T10763] bond0: (slave bond_slave_0): Releasing backup interface
[  289.245740][T10763] bond0: (slave bond_slave_1): Releasing backup interface
[  289.307801][T10763] team0: Port device team_slave_0 removed
[  289.327594][T10763] team0: Port device team_slave_1 removed
[  289.359561][T10765] IPVS: Error joining to the multicast group
[  289.579772][T10782] netdevsim netdevsim4: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  289.642117][T10782] netdevsim netdevsim4: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  289.673053][T10784] smc: net device bond0 applied user defined pnetid SYZ0
[  289.688915][T10789] loop3: detected capacity change from 0 to 1024
[  289.695007][T10784] smc: net device bond0 erased user defined pnetid SYZ0
[  289.777926][T10789] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.869285][T10789] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.1714: Allocating blocks 497-513 which overlap fs metadata
[  289.955276][T10789] EXT4-fs (loop3): pa ffff888032157658: logic 256, phys. 369, len 9
[  289.963549][T10789] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  290.006033][T10789] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  290.171597][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.398170][T10807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1721'.
[  290.444347][T10807] IPVS: Error joining to the multicast group
[  290.604129][T10813] netlink: 188 bytes leftover after parsing attributes in process `syz.7.1723'.
[  290.673868][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.694156][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.717531][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.733842][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.750086][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.790892][ T6967] hid-generic FFFC:0003:0000.0006: unknown main item tag 0x0
[  290.815920][ T6967] hid-generic FFFC:0003:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  290.855669][T10822] smc: net device bond0 applied user defined pnetid SYZ0
[  290.892085][T10822] smc: net device bond0 erased user defined pnetid SYZ0
[  291.063992][T10832] netlink: 'syz.4.1731': attribute type 10 has an invalid length.
[  291.801869][T10862] smc: net device bond0 applied user defined pnetid SYZ0
[  291.836838][T10862] smc: net device bond0 erased user defined pnetid SYZ0
[  291.955219][T10867] netlink: 'syz.5.1744': attribute type 10 has an invalid length.
[  292.166508][T10879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1750'.
[  292.419821][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  292.419841][   T30] audit: type=1326 audit(1749679313.601:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.4.1753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  292.532598][   T30] audit: type=1326 audit(1749679313.631:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.4.1753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  292.670159][   T30] audit: type=1326 audit(1749679313.631:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.4.1753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  292.702921][   T30] audit: type=1326 audit(1749679313.631:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.4.1753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  292.736058][T10892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1756'.
[  292.752714][   T30] audit: type=1326 audit(1749679313.631:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10884 comm="syz.4.1753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  292.796781][T10892] IPVS: Error joining to the multicast group
[  292.854743][T10896] netlink: 'syz.7.1758': attribute type 10 has an invalid length.
[  293.528934][T10914] loop0: detected capacity change from 0 to 512
[  293.589756][T10914] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  293.602592][T10914] System zones: 1-12
[  293.613570][T10914] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.1764: corrupted in-inode xattr: e_value size too large
[  293.672932][T10914] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.1764: couldn't read orphan inode 15 (err -117)
[  293.691507][T10914] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  293.826595][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.846552][T10922] netlink: 100 bytes leftover after parsing attributes in process `syz.7.1768'.
[  293.972508][T10926] netlink: 'syz.0.1770': attribute type 10 has an invalid length.
[  294.713016][T10942] netlink: 196 bytes leftover after parsing attributes in process `syz.7.1779'.
[  294.831353][T10947] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1780'.
[  294.882786][T10947] IPVS: Error joining to the multicast group
[  295.730481][T10970] loop3: detected capacity change from 0 to 1024
[  295.767955][T10970] EXT4-fs: Ignoring removed nobh option
[  295.784236][T10970] EXT4-fs: Ignoring removed bh option
[  295.853803][T10970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.876845][T10977] netlink: 196 bytes leftover after parsing attributes in process `syz.5.1792'.
[  295.890789][T10979] netlink: 'syz.0.1793': attribute type 10 has an invalid length.
[  295.929760][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.130928][T10984] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1796'.
[  296.467653][T10993] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  296.494748][T10999] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1799'.
[  296.524510][T10999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1799'.
[  296.619206][T11007] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1802'.
[  296.943848][T11015] netlink: 'syz.3.1804': attribute type 10 has an invalid length.
[  296.977943][T11015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1804'.
[  297.224972][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.233490][T11025] netlink: 'syz.3.1807': attribute type 10 has an invalid length.
[  297.244451][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.252032][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.264710][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.272142][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.301228][ T5918] hid-generic FFFC:0003:0000.0007: unknown main item tag 0x0
[  297.320783][ T5918] hid-generic FFFC:0003:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  297.487782][T11028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1809'.
[  297.562675][T11036] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1812'.
[  297.891970][T11045] loop5: detected capacity change from 0 to 1024
[  297.937449][T11045] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  297.951703][T11045] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  297.974980][T11053] loop0: detected capacity change from 0 to 1024
[  297.993823][T11045] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  298.018090][T11051] 8021q: adding VLAN 0 to HW filter on device bond2
[  298.025318][T11058] netlink: 'syz.7.1821': attribute type 10 has an invalid length.
[  298.039508][T11053] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.059629][T11045] EXT4-fs error (device loop5): ext4_get_journal_inode:5796: inode #5: comm syz.5.1817: unexpected bad inode w/o EXT4_IGET_BAD
[  298.065664][   T30] audit: type=1800 audit(1749679319.241:1375): pid=11053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1819" name="bus" dev="loop0" ino=18 res=0 errno=0
[  298.109811][T11053] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  298.131118][T11045] EXT4-fs (loop5): no journal found
[  298.137638][T11045] EXT4-fs (loop5): can't get journal size
[  298.144632][T11056] bond2: (slave veth5): Enslaving as an active interface with an up link
[  298.184989][T11045] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  298.195206][T11051] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  298.291373][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.401466][T11069] loop7: detected capacity change from 0 to 1024
[  298.420576][T11069] EXT4-fs: Ignoring removed nobh option
[  298.434605][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.441393][T11069] EXT4-fs: Ignoring removed bh option
[  298.480240][T11069] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.584594][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.298835][   T30] audit: type=1326 audit(1749679320.481:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11091 comm="syz.4.1831" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f535898e929 code=0x0
[  299.636181][T11112] loop5: detected capacity change from 0 to 512
[  299.662098][T11112] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  299.679677][T11112] System zones: 1-12
[  299.685454][T11112] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.1837: corrupted in-inode xattr: e_value size too large
[  299.701337][T11112] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1837: couldn't read orphan inode 15 (err -117)
[  299.716601][T11112] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.909172][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.082700][   T30] audit: type=1326 audit(1749679321.261:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.165531][T11139] __nla_validate_parse: 3 callbacks suppressed
[  300.165550][T11139] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1835'.
[  300.179575][T11138] loop0: detected capacity change from 0 to 1024
[  300.323728][   T30] audit: type=1326 audit(1749679321.261:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.355288][T11144] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1851'.
[  300.386982][T11138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.412536][   T30] audit: type=1326 audit(1749679321.261:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.483708][   T30] audit: type=1326 audit(1749679321.261:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.532830][   T30] audit: type=1326 audit(1749679321.261:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.540892][T11138] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  300.606045][   T30] audit: type=1326 audit(1749679321.261:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.702520][   T30] audit: type=1326 audit(1749679321.261:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.778038][T11153] netlink: 276 bytes leftover after parsing attributes in process `syz.3.1852'.
[  300.778235][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.796758][   T30] audit: type=1326 audit(1749679321.261:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11133 comm="syz.3.1848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  300.835669][T11154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1852'.
[  300.889803][T11153] loop3: detected capacity change from 0 to 128
[  300.912799][T11156] loop5: detected capacity change from 0 to 512
[  300.927997][T11153] FAT-fs (loop3): Directory bread(block 162) failed
[  300.945183][T11153] FAT-fs (loop3): Directory bread(block 163) failed
[  300.982467][T11156] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  300.992954][T11153] FAT-fs (loop3): Directory bread(block 164) failed
[  301.000566][T11153] FAT-fs (loop3): Directory bread(block 165) failed
[  301.026252][T11153] FAT-fs (loop3): Directory bread(block 166) failed
[  301.045447][T11153] FAT-fs (loop3): Directory bread(block 167) failed
[  301.052102][T11153] FAT-fs (loop3): Directory bread(block 168) failed
[  301.072010][T11156] EXT4-fs (loop5): 1 truncate cleaned up
[  301.095369][T11156] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.109345][T11153] FAT-fs (loop3): Directory bread(block 169) failed
[  301.137471][T11153] FAT-fs (loop3): Directory bread(block 162) failed
[  301.172795][T11153] FAT-fs (loop3): Directory bread(block 163) failed
[  301.206457][T11153] syz.3.1852: attempt to access beyond end of device
[  301.206457][T11153] loop3: rw=3, sector=226, nr_sectors = 6 limit=128
[  301.252583][T11153] syz.3.1852: attempt to access beyond end of device
[  301.252583][T11153] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128
[  301.589106][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.754353][T11174] smc: net device bond0 applied user defined pnetid SYZ0
[  301.768666][T11174] smc: net device bond0 erased user defined pnetid SYZ0
[  301.833351][T11179] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1863'.
[  302.021302][T11191] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1868'.
[  302.342033][T11198] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1870'.
[  302.449066][T11214] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1873'.
[  302.466418][T11214] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1873'.
[  302.480947][T11219] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  302.480947][T11219]    program syz.3.1874 not setting count and/or reply_len properly
[  302.543845][T11214] loop0: detected capacity change from 0 to 128
[  302.737709][T11214] FAT-fs (loop0): Directory bread(block 162) failed
[  302.761866][T11214] FAT-fs (loop0): Directory bread(block 163) failed
[  302.793758][T11214] FAT-fs (loop0): Directory bread(block 164) failed
[  302.816392][T11214] FAT-fs (loop0): Directory bread(block 165) failed
[  302.846250][T11214] FAT-fs (loop0): Directory bread(block 166) failed
[  302.875777][T11214] FAT-fs (loop0): Directory bread(block 167) failed
[  302.902907][T11214] FAT-fs (loop0): Directory bread(block 168) failed
[  302.926577][T11214] FAT-fs (loop0): Directory bread(block 169) failed
[  302.987795][T11214] FAT-fs (loop0): Directory bread(block 162) failed
[  303.015479][T11214] FAT-fs (loop0): Directory bread(block 163) failed
[  303.031954][T11227] loop7: detected capacity change from 0 to 512
[  303.047259][T11214] syz.0.1873: attempt to access beyond end of device
[  303.047259][T11214] loop0: rw=3, sector=226, nr_sectors = 6 limit=128
[  303.079646][T11227] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  303.101777][T11227] System zones: 1-12
[  303.111970][T11214] syz.0.1873: attempt to access beyond end of device
[  303.111970][T11214] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128
[  303.118201][T11227] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.1879: corrupted in-inode xattr: e_value size too large
[  303.197781][T11227] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1879: couldn't read orphan inode 15 (err -117)
[  303.285522][T11227] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  303.332262][T11237] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1883'.
[  303.467195][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.663415][T11256] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  303.670486][T11256] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  303.706145][T11256] vhci_hcd vhci_hcd.0: Device attached
[  303.734976][T11257] vhci_hcd: connection closed
[  303.754370][   T12] vhci_hcd: stop threads
[  303.783850][   T12] vhci_hcd: release socket
[  303.812450][   T12] vhci_hcd: disconnect device
[  304.133740][T11275] loop5: detected capacity change from 0 to 128
[  304.165045][T11275] FAT-fs (loop5): Directory bread(block 162) failed
[  304.186044][T11275] FAT-fs (loop5): Directory bread(block 163) failed
[  304.212386][T11275] FAT-fs (loop5): Directory bread(block 164) failed
[  304.219135][T11275] FAT-fs (loop5): Directory bread(block 165) failed
[  304.237758][T11275] FAT-fs (loop5): Directory bread(block 166) failed
[  304.252527][T11280] netlink: 'syz.3.1898': attribute type 1 has an invalid length.
[  304.281240][T11275] FAT-fs (loop5): Directory bread(block 167) failed
[  304.292608][T11275] FAT-fs (loop5): Directory bread(block 168) failed
[  304.322337][T11275] FAT-fs (loop5): Directory bread(block 169) failed
[  304.423922][T11280] 8021q: adding VLAN 0 to HW filter on device bond3
[  304.545392][T11282] bond3: (slave veth7): Enslaving as an active interface with an up link
[  304.597176][T11284] bond2: (slave veth0_to_bond): Releasing backup interface
[  304.635701][T11284] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  304.665422][T11275] FAT-fs (loop5): Directory bread(block 162) failed
[  304.714548][T11275] FAT-fs (loop5): Directory bread(block 163) failed
[  304.743629][T11275] syz.5.1896: attempt to access beyond end of device
[  304.743629][T11275] loop5: rw=3, sector=226, nr_sectors = 6 limit=128
[  304.799722][T11275] syz.5.1896: attempt to access beyond end of device
[  304.799722][T11275] loop5: rw=2051, sector=232, nr_sectors = 2 limit=128
[  305.018451][T11291] netlink: 'syz.3.1901': attribute type 10 has an invalid length.
[  305.320585][T11298] __nla_validate_parse: 2 callbacks suppressed
[  305.320605][T11298] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1905'.
[  305.400497][T11300] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1906'.
[  305.682810][T11308] siw: device registration error -23
[  305.837856][T11314] loop4: detected capacity change from 0 to 1024
[  305.861613][T11254] warn_alloc: 2 callbacks suppressed
[  305.861633][T11254] syz.7.1888: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  305.887076][T11254] CPU: 0 UID: 0 PID: 11254 Comm: syz.7.1888 Not tainted 6.16.0-rc1-next-20250611-syzkaller #0 PREEMPT(full) 
[  305.887114][T11254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  305.887127][T11254] Call Trace:
[  305.887135][T11254]  <TASK>
[  305.887144][T11254]  dump_stack_lvl+0x189/0x250
[  305.887175][T11254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.887195][T11254]  ? __pfx__printk+0x10/0x10
[  305.887219][T11254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  305.887243][T11254]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  305.887277][T11254]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  305.887303][T11254]  warn_alloc+0x214/0x310
[  305.887335][T11254]  ? __pfx_warn_alloc+0x10/0x10
[  305.887369][T11254]  ? __get_vm_area_node+0x28f/0x300
[  305.887392][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887424][T11254]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  305.887483][T11254]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  305.887505][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887532][T11254]  ? __get_vm_area_node+0x28f/0x300
[  305.887554][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887580][T11254]  __vmalloc_node_range_noprof+0x56a/0x12f0
[  305.887604][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887626][T11254]  ? do_syscall_64+0xfa/0x3b0
[  305.887669][T11254]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  305.887710][T11254]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  305.887741][T11254]  ? rcu_is_watching+0x15/0xb0
[  305.887761][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887785][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887808][T11254]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  305.887829][T11254]  ? hash_netiface_create+0x358/0xfe0
[  305.887855][T11254]  ? hash_netiface_create+0x2fe/0xfe0
[  305.887886][T11254]  hash_netiface_create+0x358/0xfe0
[  305.887921][T11254]  ? __nla_parse+0x40/0x60
[  305.887944][T11254]  ? __pfx_hash_netiface_create+0x10/0x10
[  305.887972][T11254]  ip_set_create+0xa94/0x1940
[  305.888000][T11254]  ? ip_set_create+0x4a2/0x1940
[  305.888040][T11254]  ? __pfx_ip_set_create+0x10/0x10
[  305.888111][T11254]  nfnetlink_rcv_msg+0xb4d/0x1130
[  305.888140][T11254]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  305.888190][T11254]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  305.888214][T11254]  ? kasan_save_free_info+0x46/0x50
[  305.888321][T11254]  netlink_rcv_skb+0x205/0x470
[  305.888356][T11254]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  305.888385][T11254]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  305.888431][T11254]  ? bpf_lsm_capable+0x9/0x20
[  305.888450][T11254]  ? security_capable+0x7e/0x2e0
[  305.888485][T11254]  nfnetlink_rcv+0x26a/0x2520
[  305.888516][T11254]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  305.888546][T11254]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  305.888581][T11254]  ? __dev_queue_xmit+0x27e/0x3a70
[  305.888605][T11254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.888639][T11254]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  305.888665][T11254]  ? __pfx___dev_queue_xmit+0x10/0x10
[  305.888706][T11254]  ? ref_tracker_free+0x63a/0x7d0
[  305.888724][T11254]  ? __copy_skb_header+0xa7/0x550
[  305.888750][T11254]  ? __pfx_ref_tracker_free+0x10/0x10
[  305.888792][T11254]  ? skb_clone+0x246/0x3a0
[  305.888819][T11254]  ? __netlink_deliver_tap+0x807/0x850
[  305.888839][T11254]  ? netlink_deliver_tap+0x2e/0x1b0
[  305.888867][T11254]  ? netlink_deliver_tap+0x2e/0x1b0
[  305.888886][T11254]  ? netlink_deliver_tap+0x2e/0x1b0
[  305.888913][T11254]  netlink_unicast+0x758/0x8d0
[  305.888957][T11254]  netlink_sendmsg+0x805/0xb30
[  305.888989][T11254]  ? __pfx_netlink_sendmsg+0x10/0x10
[  305.889013][T11254]  ? aa_sock_msg_perm+0xf1/0x1d0
[  305.889043][T11254]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  305.889068][T11254]  ? __pfx_netlink_sendmsg+0x10/0x10
[  305.889090][T11254]  __sock_sendmsg+0x21c/0x270
[  305.889121][T11254]  ____sys_sendmsg+0x505/0x830
[  305.889150][T11254]  ? __pfx_____sys_sendmsg+0x10/0x10
[  305.889184][T11254]  ? import_iovec+0x74/0xa0
[  305.889213][T11254]  ___sys_sendmsg+0x21f/0x2a0
[  305.889238][T11254]  ? __pfx____sys_sendmsg+0x10/0x10
[  305.889316][T11254]  ? __fget_files+0x2a/0x420
[  305.889339][T11254]  ? __fget_files+0x3a0/0x420
[  305.889375][T11254]  __x64_sys_sendmsg+0x19b/0x260
[  305.889401][T11254]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  305.889436][T11254]  ? rcu_is_watching+0x15/0xb0
[  305.889462][T11254]  ? do_syscall_64+0xbe/0x3b0
[  305.889493][T11254]  do_syscall_64+0xfa/0x3b0
[  305.889517][T11254]  ? lockdep_hardirqs_on+0x9c/0x150
[  305.889543][T11254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.889562][T11254]  ? clear_bhb_loop+0x60/0xb0
[  305.889588][T11254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.889607][T11254] RIP: 0033:0x7ff68598e929
[  305.889627][T11254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.889644][T11254] RSP: 002b:00007ff6867fb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  305.889667][T11254] RAX: ffffffffffffffda RBX: 00007ff685bb5fa0 RCX: 00007ff68598e929
[  305.889682][T11254] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000007
[  305.889696][T11254] RBP: 00007ff685a10b39 R08: 0000000000000000 R09: 0000000000000000
[  305.889709][T11254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  305.889720][T11254] R13: 0000000000000000 R14: 00007ff685bb5fa0 R15: 00007fff92f0b6f8
[  305.889755][T11254]  </TASK>
[  305.889893][T11254] Mem-Info:
[  306.139075][T11320] netlink: 'syz.0.1914': attribute type 10 has an invalid length.
[  306.151726][T11254] active_anon:9530 inactive_anon:0 isolated_anon:0
[  306.151726][T11254]  active_file:3095 inactive_file:50205 isolated_file:0
[  306.151726][T11254]  unevictable:768 dirty:261 writeback:0
[  306.151726][T11254]  slab_reclaimable:11360 slab_unreclaimable:96057
[  306.151726][T11254]  mapped:34588 shmem:6691 pagetables:1200
[  306.151726][T11254]  sec_pagetables:0 bounce:0
[  306.151726][T11254]  kernel_misc_reclaimable:0
[  306.151726][T11254]  free:1284473 free_pcp:12486 free_cma:0
[  306.238533][T11314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.243164][T11254] Node 0 active_anon:38120kB inactive_anon:0kB active_file:12380kB inactive_file:200616kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138352kB dirty:1044kB writeback:0kB shmem:25228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12072kB pagetables:4664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  306.323024][T11314] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, 
[  306.325046][   T30] kauditd_printk_skb: 103 callbacks suppressed
[  306.325062][   T30] audit: type=1800 audit(1749679327.491:1488): pid=11314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1911" name="bus" dev="loop4" ino=18 res=0 errno=0
[  306.330954][T11314] inode 18: 
[  306.352417][T11254] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  306.366432][T11314] block 177:
[  306.398612][T11254] Node 0 
[  306.403306][T11314] freeing already freed block (bit 11); block bitmap corrupt.
[  306.438066][T11254] DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  306.627365][T11328] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1917'.
[  306.654560][T11254] lowmem_reserve[]: 0 2500 2502 2502 2502
[  306.660922][T11254] Node 0 DMA32 free:1208720kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38072kB inactive_anon:0kB active_file:12380kB inactive_file:198912kB unevictable:1536kB writepending:1168kB present:3129332kB managed:2560892kB mlocked:0kB bounce:0kB free_pcp:38600kB local_pcp:24484kB free_cma:0kB
[  306.673726][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.693619][T11254] lowmem_reserve[]: 0 0 1 1 1
[  306.693681][T11254] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  306.792451][T11254] lowmem_reserve[]: 0 0 0 0 0
[  306.797261][T11254] Node 1 Normal free:3913796kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12420kB local_pcp:7104kB free_cma:0kB
[  306.862422][T11254] lowmem_reserve[]: 0 0 0 0 0
[  306.867320][T11254] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  306.887479][T11254] Node 0 DMA32: 2*4kB (UE) 7*8kB (UE) 9*16kB (E) 308*32kB (ME) 205*64kB (UME) 86*128kB (ME) 22*256kB (M) 13*512kB (UME) 17*1024kB (UM) 5*2048kB (UM) 277*4096kB (M) = 1208720kB
[  306.906064][T11254] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  306.918771][T11254] Node 1 Normal: 163*4kB (UME) 61*8kB (UME) 43*16kB (UME) 157*32kB (UME) 48*64kB (UME) 7*128kB (UME) 4*256kB (UM) 3*512kB (UM) 1*1024kB (M) 0*2048kB 952*4096kB (M) = 3913796kB
[  306.937867][T11254] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  306.948782][T11254] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  306.958460][T11254] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  306.970296][T11254] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  306.980278][T11254] 57306 total pagecache pages
[  306.986566][T11254] 0 pages in swap cache
[  306.991007][T11254] Free swap  = 124996kB
[  306.995483][T11254] Total swap = 124996kB
[  306.999661][T11254] 2097051 pages RAM
[  307.004074][T11254] 0 pages HighMem/MovableOnly
[  307.008859][T11254] 424722 pages reserved
[  307.013093][T11254] 0 pages cma reserved
[  307.155309][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.167859][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.182609][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.200327][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.210533][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.230819][ T3080] hid-generic FFFC:0003:0000.0008: unknown main item tag 0x0
[  307.244129][ T3080] hid-generic FFFC:0003:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  307.645003][T11355] hub 6-0:1.0: USB hub found
[  307.650441][T11355] hub 6-0:1.0: 1 port detected
[  309.228167][T11374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1934'.
[  309.263041][T11374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1934'.
[  309.364015][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.389575][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.412994][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.439093][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.453379][T11378] loop4: detected capacity change from 0 to 128
[  309.467011][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.476430][T11378] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  309.491322][ T5918] hid-generic FFFC:0003:0000.0009: unknown main item tag 0x0
[  309.522680][   T30] audit: type=1800 audit(1749679330.691:1489): pid=11378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1936" name="bus" dev="loop4" ino=1048657 res=0 errno=0
[  309.572674][ T5918] hid-generic FFFC:0003:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  309.759472][T11380] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1937'.
[  310.467757][T11396] loop3: detected capacity change from 0 to 512
[  310.495384][T11396] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  310.512544][T11396] System zones: 1-12
[  310.517256][T11396] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.1945: corrupted in-inode xattr: e_value size too large
[  310.567075][T11396] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1945: couldn't read orphan inode 15 (err -117)
[  310.604856][T11396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.758444][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.164407][T11409] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1950'.
[  313.205902][T11444] siw: device registration error -23
[  313.332969][T11446] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1963'.
[  313.478800][T11450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1965'.
[  313.759965][T11454] bond3: (slave veth0_to_bond): Releasing backup interface
[  314.465423][T11479] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1976'.
[  314.525795][T11482] netlink: 192 bytes leftover after parsing attributes in process `syz.7.1974'.
[  315.523154][T11515] tipc: Started in network mode
[  315.528190][T11515] tipc: Node identity 020f2909369, cluster identity 4711
[  315.580386][T11515] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  315.590137][T11520] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1991'.
[  315.607564][T11519] tipc: Disabling bearer <eth:syzkaller0>
[  315.851135][T11537] siw: device registration error -23
[  316.112917][T11550] netlink: 96 bytes leftover after parsing attributes in process `syz.7.2003'.
[  316.320164][T11564] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2006'.
[  316.351462][T11564] loop5: detected capacity change from 0 to 128
[  316.371529][T11564] FAT-fs (loop5): Directory bread(block 162) failed
[  316.391496][T11564] FAT-fs (loop5): Directory bread(block 163) failed
[  316.411834][T11564] FAT-fs (loop5): Directory bread(block 164) failed
[  316.429864][T11564] FAT-fs (loop5): Directory bread(block 165) failed
[  316.440340][T11569] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2008'.
[  316.442152][T11564] FAT-fs (loop5): Directory bread(block 166) failed
[  316.472867][T11564] FAT-fs (loop5): Directory bread(block 167) failed
[  316.500069][T11564] FAT-fs (loop5): Directory bread(block 168) failed
[  316.512836][T11564] FAT-fs (loop5): Directory bread(block 169) failed
[  316.529086][T11564] FAT-fs (loop5): Directory bread(block 162) failed
[  316.562445][T11564] FAT-fs (loop5): Directory bread(block 163) failed
[  316.569865][T11564] syz.5.2006: attempt to access beyond end of device
[  316.569865][T11564] loop5: rw=3, sector=226, nr_sectors = 6 limit=128
[  316.609033][T11573] siw: device registration error -23
[  316.646589][T11564] syz.5.2006: attempt to access beyond end of device
[  316.646589][T11564] loop5: rw=2051, sector=232, nr_sectors = 2 limit=128
[  317.307606][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.314205][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.490739][T11587] vlan2: entered allmulticast mode
[  317.513815][T11587] bridge_slave_0: entered allmulticast mode
[  317.600586][T11590] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2018'.
[  317.917037][T11610] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2024'.
[  317.979222][T11615] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2027'.
[  317.994089][T11615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2027'.
[  318.008807][T11615] loop3: detected capacity change from 0 to 128
[  318.026309][T11615] FAT-fs (loop3): Directory bread(block 162) failed
[  318.042725][T11615] FAT-fs (loop3): Directory bread(block 163) failed
[  318.049376][T11615] FAT-fs (loop3): Directory bread(block 164) failed
[  318.083294][T11615] FAT-fs (loop3): Directory bread(block 165) failed
[  318.089970][T11615] FAT-fs (loop3): Directory bread(block 166) failed
[  318.102069][T11615] FAT-fs (loop3): Directory bread(block 167) failed
[  318.125214][T11615] FAT-fs (loop3): Directory bread(block 168) failed
[  318.132052][T11615] FAT-fs (loop3): Directory bread(block 169) failed
[  318.166638][T11621] loop7: detected capacity change from 0 to 512
[  318.176148][T11621] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  318.274687][T11615] FAT-fs (loop3): Directory bread(block 162) failed
[  318.281619][T11615] FAT-fs (loop3): Directory bread(block 163) failed
[  318.291476][T11615] syz.3.2027: attempt to access beyond end of device
[  318.291476][T11615] loop3: rw=3, sector=226, nr_sectors = 6 limit=128
[  318.302990][T11621] EXT4-fs (loop7): 1 truncate cleaned up
[  318.307116][T11615] syz.3.2027: attempt to access beyond end of device
[  318.307116][T11615] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128
[  318.328513][T11621] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  318.368334][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.467521][T11625] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2029'.
[  319.403132][T11636] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2036'.
[  319.645034][T11645] loop4: detected capacity change from 0 to 1024
[  319.724932][T11645] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  319.805496][   T30] audit: type=1800 audit(1749679340.991:1490): pid=11645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2043" name="bus" dev="loop4" ino=18 res=0 errno=0
[  319.886869][T11645] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  320.000186][T11666] loop0: detected capacity change from 0 to 1024
[  320.032041][T11666] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  320.076057][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.103613][   T30] audit: type=1800 audit(1749679341.281:1491): pid=11666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2047" name="file1" dev="loop0" ino=15 res=0 errno=0
[  320.421168][T11666] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.2047: Allocating blocks 497-513 which overlap fs metadata
[  320.461060][T11664] EXT4-fs (loop0): pa ffff888059e2de80: logic 32, phys. 161, len 22
[  320.469717][T11664] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  320.596264][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.642977][   T30] audit: type=1326 audit(1749679341.821:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11683 comm="syz.3.2054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  320.643753][T11687] hub 6-0:1.0: USB hub found
[  320.669516][   T30] audit: type=1326 audit(1749679341.851:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11683 comm="syz.3.2054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  320.698177][T11687] hub 6-0:1.0: 1 port detected
[  321.007038][   T30] audit: type=1326 audit(1749679342.191:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.111137][   T30] audit: type=1326 audit(1749679342.211:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.192528][   T30] audit: type=1326 audit(1749679342.241:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.216554][   T30] audit: type=1326 audit(1749679342.241:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.241349][   T30] audit: type=1326 audit(1749679342.241:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.263652][T11700] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  321.264430][   T30] audit: type=1326 audit(1749679342.241:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11698 comm="syz.0.2060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6da78e929 code=0x7ffc0000
[  321.958600][T11726] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2070'.
[  322.189661][T11731] siw: device registration error -23
[  322.343498][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2075'.
[  322.527976][T11748] loop5: detected capacity change from 0 to 512
[  322.551234][T11748] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.2077: bg 0: block 5: invalid block bitmap
[  322.580746][T11748] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  322.598501][T11748] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2077: invalid indirect mapped block 3 (level 2)
[  322.624075][T11748] EXT4-fs (loop5): 2 truncates cleaned up
[  322.679397][T11748] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  322.766625][T11748] EXT4-fs (loop5): shut down requested (1)
[  322.923120][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.017642][T11763] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2083'.
[  323.291700][T11773] loop5: detected capacity change from 0 to 1024
[  323.341465][T11773] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  323.459387][T11773] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  323.579941][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.783233][T11804] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2098'.
[  324.854433][T11807] siw: device registration error -23
[  325.031733][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2100'.
[  325.191562][T11815] netlink: 'syz.3.2101': attribute type 10 has an invalid length.
[  325.290821][T11815] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2101'.
[  325.983421][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  325.983441][   T30] audit: type=1326 audit(1749679347.171:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11835 comm="syz.0.2111" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc6da78e929 code=0x0
[  326.376418][T11846] netdevsim netdevsim3: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  326.409347][T11846] netdevsim netdevsim3: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  326.497335][T11850] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2113'.
[  326.586977][   T30] audit: type=1326 audit(1749679347.601:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.039302][   T30] audit: type=1326 audit(1749679347.601:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.202490][   T30] audit: type=1326 audit(1749679347.761:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.392487][   T30] audit: type=1326 audit(1749679347.771:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.482483][   T30] audit: type=1326 audit(1749679347.771:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.621075][   T30] audit: type=1326 audit(1749679347.841:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  327.747808][   T30] audit: type=1326 audit(1749679347.851:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  328.733120][   T30] audit: type=1326 audit(1749679347.861:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  328.762474][   T30] audit: type=1326 audit(1749679347.881:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.5.2116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f3f0018e929 code=0x7ffc0000
[  330.346874][T11887] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2129'.
[  330.430744][T11889] 9pnet_fd: Insufficient options for proto=fd
[  330.761972][T11897] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2133'.
[  330.923410][ T6967] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  330.970064][T11901] loop0: detected capacity change from 0 to 1024
[  331.006927][T11901] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.062165][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  331.062186][   T30] audit: type=1800 audit(1749679352.231:1551): pid=11901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2135" name="bus" dev="loop0" ino=18 res=0 errno=0
[  331.096829][ T6967] usb 4-1: device descriptor read/64, error -71
[  331.115799][T11901] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  331.207685][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.383098][ T6967] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  332.272031][T11922] 9pnet_fd: Insufficient options for proto=fd
[  332.289159][T11924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'.
[  332.343299][ T6967] usb 4-1: device descriptor read/64, error -71
[  332.418126][T11928] loop5: detected capacity change from 0 to 128
[  332.629944][ T6967] usb usb4-port1: attempt power cycle
[  332.633724][T11928] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  332.693027][T11928] ext4 filesystem being mounted at /395/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  333.046378][T11928] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  333.213528][ T6967] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  333.375111][ T6967] usb 4-1: device descriptor read/8, error -71
[  333.392808][T11946] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2146'.
[  333.523812][T11948] loop4: detected capacity change from 0 to 2048
[  333.594827][T11948]  loop4: p1 < > p4
[  333.604065][T11948] loop4: p4 size 8388608 extends beyond EOD, truncated
[  333.630882][ T6967] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  333.686755][ T6967] usb 4-1: device descriptor read/8, error -71
[  334.022959][ T6967] usb usb4-port1: unable to enumerate USB device
[  334.848531][T11968] loop4: detected capacity change from 0 to 512
[  335.011928][T11968] EXT4-fs: Ignoring removed nobh option
[  335.234635][T11968] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.511085][T11968] EXT4-fs error (device loop4): ext4_lookup:1787: inode #15: comm syz.4.2155: iget: bad i_size value: 15393162788874
[  337.470956][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.551106][T11988] loop0: detected capacity change from 0 to 512
[  337.614491][T11988] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  337.631003][T11988] EXT4-fs (loop0): 1 truncate cleaned up
[  337.714515][T11988] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  337.787404][T11994] loop4: detected capacity change from 0 to 128
[  337.804445][T11996] netlink: 'syz.5.2165': attribute type 10 has an invalid length.
[  337.812312][T11996] netlink: 'syz.5.2165': attribute type 19 has an invalid length.
[  337.820370][T11996] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2165'.
[  337.823711][T11994] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  337.874826][T11998] loop7: detected capacity change from 0 to 2048
[  337.893024][T11994] ext4 filesystem being mounted at /434/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  337.937508][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.969569][T11998]  loop7: p1 < > p4
[  337.979238][T11998] loop7: p4 size 8388608 extends beyond EOD, truncated
[  338.014893][T11994] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  338.059530][T12003] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2169'.
[  338.131670][T12005] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2168'.
[  338.804473][   T30] audit: type=1326 audit(1749679359.991:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.835421][   T30] audit: type=1326 audit(1749679360.011:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.858511][   T30] audit: type=1326 audit(1749679360.021:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.882032][   T30] audit: type=1326 audit(1749679360.021:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.895840][T12035] loop5: detected capacity change from 0 to 128
[  338.933835][   T30] audit: type=1326 audit(1749679360.021:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.957589][   T30] audit: type=1326 audit(1749679360.021:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  338.981876][   T30] audit: type=1326 audit(1749679360.041:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="syz.3.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  339.006247][   T30] audit: type=1326 audit(1749679360.041:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  339.012613][T12038] loop4: detected capacity change from 0 to 2048
[  339.029660][   T30] audit: type=1326 audit(1749679360.041:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  339.057890][   T30] audit: type=1326 audit(1749679360.041:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12031 comm="gtp" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  339.062250][T12035] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  339.096563][T12042] xt_hashlimit: size too large, truncated to 1048576
[  339.097882][T12035] ext4 filesystem being mounted at /404/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  339.166841][T12038]  loop4: p1 < > p4
[  339.191385][T12038] loop4: p4 size 8388608 extends beyond EOD, truncated
[  339.203698][T12048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2182'.
[  339.399911][T12054] 9pnet_fd: Insufficient options for proto=fd
[  339.408566][T12035] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  339.627194][T12058] loop4: detected capacity change from 0 to 2048
[  339.708431][T12058]  loop4: p1 < > p4
[  339.733701][T12058] loop4: p4 size 8388608 extends beyond EOD, truncated
[  340.187044][T12081] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2193'.
[  340.215189][T12081] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2193'.
[  340.247784][T12081] loop3: detected capacity change from 0 to 128
[  340.297568][T12081] FAT-fs (loop3): Directory bread(block 162) failed
[  340.329114][T12081] FAT-fs (loop3): Directory bread(block 163) failed
[  340.351011][T12079] loop4: detected capacity change from 0 to 2048
[  340.364782][T12081] FAT-fs (loop3): Directory bread(block 164) failed
[  340.389366][T12081] FAT-fs (loop3): Directory bread(block 165) failed
[  340.420093][T12081] FAT-fs (loop3): Directory bread(block 166) failed
[  340.443200][T12081] FAT-fs (loop3): Directory bread(block 167) failed
[  340.473582][T12081] FAT-fs (loop3): Directory bread(block 168) failed
[  340.485238][T12079]  loop4: p1 < > p4
[  340.501319][T12079] loop4: p4 size 8388608 extends beyond EOD, truncated
[  340.511801][T12085] 9pnet_fd: Insufficient options for proto=fd
[  340.520949][T12081] FAT-fs (loop3): Directory bread(block 169) failed
[  340.556154][T12081] FAT-fs (loop3): Directory bread(block 162) failed
[  340.587997][T12081] FAT-fs (loop3): Directory bread(block 163) failed
[  340.620918][T12081] syz.3.2193: attempt to access beyond end of device
[  340.620918][T12081] loop3: rw=3, sector=226, nr_sectors = 6 limit=128
[  340.690936][T12081] syz.3.2193: attempt to access beyond end of device
[  340.690936][T12081] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128
[  340.860091][T12090] loop4: detected capacity change from 0 to 128
[  340.916285][T12090] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  340.929950][T12090] ext4 filesystem being mounted at /443/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  341.049781][T12090] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  341.212745][T12103] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2204'.
[  341.336466][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.368172][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.398581][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.432853][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.440396][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.477667][  T880] hid-generic FFFC:0003:0000.000A: unknown main item tag 0x0
[  341.509464][  T880] hid-generic FFFC:0003:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  341.741217][T12123] loop3: detected capacity change from 0 to 128
[  341.825689][T12123] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  341.976203][T12123] ext4 filesystem being mounted at /466/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  342.156512][T12123] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  342.398537][T12141] loop3: detected capacity change from 0 to 1024
[  342.503081][T12141] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  342.519404][T12146] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2209'.
[  342.790251][T12141] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  343.118027][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.267604][T12167] loop4: detected capacity change from 0 to 128
[  343.325228][T12167] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  343.378735][T12167] ext4 filesystem being mounted at /451/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  343.549647][T12167] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  344.040022][T12178] loop5: detected capacity change from 0 to 8192
[  344.050629][T12186] hub 6-0:1.0: USB hub found
[  344.055622][T12186] hub 6-0:1.0: 1 port detected
[  344.255149][T12190] loop7: detected capacity change from 0 to 512
[  344.300750][T12190] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  344.343964][T12190] System zones: 1-12
[  344.348837][T12190] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.2241: corrupted in-inode xattr: e_value size too large
[  344.382946][T12190] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.2241: couldn't read orphan inode 15 (err -117)
[  344.405941][T12190] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.408574][T12200] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2244'.
[  344.469255][T12200] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2244'.
[  344.521042][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.545844][T12200] loop3: detected capacity change from 0 to 128
[  344.567397][T12200] FAT-fs (loop3): Directory bread(block 162) failed
[  344.575066][T12200] FAT-fs (loop3): Directory bread(block 163) failed
[  344.592586][T12200] FAT-fs (loop3): Directory bread(block 164) failed
[  344.599254][T12200] FAT-fs (loop3): Directory bread(block 165) failed
[  344.621334][T12200] FAT-fs (loop3): Directory bread(block 166) failed
[  344.643572][T12200] FAT-fs (loop3): Directory bread(block 167) failed
[  344.686786][T12200] FAT-fs (loop3): Directory bread(block 168) failed
[  344.716847][T12200] FAT-fs (loop3): Directory bread(block 169) failed
[  344.757264][T12210] loop4: detected capacity change from 0 to 2048
[  344.758937][T12200] FAT-fs (loop3): Directory bread(block 162) failed
[  344.768034][T12212] loop7: detected capacity change from 0 to 128
[  344.780096][T12200] FAT-fs (loop3): Directory bread(block 163) failed
[  344.787796][T12200] syz.3.2244: attempt to access beyond end of device
[  344.787796][T12200] loop3: rw=3, sector=226, nr_sectors = 6 limit=128
[  344.803196][T12200] syz.3.2244: attempt to access beyond end of device
[  344.803196][T12200] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128
[  344.819440][T12210]  loop4: p1 < > p4
[  344.826767][T12212] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  344.840662][T12210] loop4: p4 size 8388608 extends beyond EOD, truncated
[  344.848131][T12212] ext4 filesystem being mounted at /211/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  344.881366][T12213] netlink: 'syz.0.2248': attribute type 10 has an invalid length.
[  344.901612][T12213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2248'.
[  344.912764][T12210] mmap: syz.4.2251 (12210) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  344.962085][T12212] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  345.156439][T12218] loop5: detected capacity change from 0 to 512
[  345.178038][T12217] loop7: detected capacity change from 0 to 1024
[  345.200615][T12218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.231062][T12218] ext4 filesystem being mounted at /420/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  345.240919][T12217] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  345.375627][T12217] EXT4-fs error (device loop7): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  345.591885][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.717771][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  345.717794][   T30] audit: type=1800 audit(1749679366.501:1580): pid=12217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2252" name="bus" dev="loop7" ino=18 res=0 errno=0
[  345.904867][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.928012][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2260'.
[  346.310710][T12251] hub 6-0:1.0: USB hub found
[  346.316362][T12251] hub 6-0:1.0: 1 port detected
[  346.387209][T12257] netlink: 'syz.4.2263': attribute type 10 has an invalid length.
[  346.448008][T12257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2263'.
[  347.487693][T12272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2272'.
[  347.523690][   T30] audit: type=1326 audit(1749679368.701:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12275 comm="syz.7.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff68598e929 code=0x7ffc0000
[  347.596710][   T30] audit: type=1326 audit(1749679368.711:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12275 comm="syz.7.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff68598e929 code=0x7ffc0000
[  347.856194][T12284] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2277'.
[  347.861588][   T30] audit: type=1326 audit(1749679368.731:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12275 comm="syz.7.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7ff68598e929 code=0x7ffc0000
[  347.888484][   T30] audit: type=1326 audit(1749679368.731:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12275 comm="syz.7.2273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff68598e929 code=0x7ffc0000
[  347.994473][T12284] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2277'.
[  348.256456][T12298] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2279'.
[  348.328487][T12297] bond_slave_1: entered promiscuous mode
[  348.360683][T12302] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  348.393005][T12302] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  348.525237][T12298] bond_slave_1 (unregistering): left promiscuous mode
[  349.190210][T12322] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2284'.
[  349.844792][T12337] loop5: detected capacity change from 0 to 128
[  349.952477][   T30] audit: type=1800 audit(1749679371.131:1585): pid=12337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2292" name="bus" dev="loop5" ino=1048661 res=0 errno=0
[  350.047336][T12347] syz.5.2292: attempt to access beyond end of device
[  350.047336][T12347] loop5: rw=2049, sector=793, nr_sectors = 248 limit=128
[  350.100454][T12349] __nla_validate_parse: 1 callbacks suppressed
[  350.100475][T12349] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2299'.
[  350.578245][T12371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2308'.
[  351.135673][T12383] loop7: detected capacity change from 0 to 512
[  351.193521][T12385] wg2: entered promiscuous mode
[  351.202960][T12385] wg2: entered allmulticast mode
[  351.253893][T12383] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  351.290499][T12392] netlink: 'syz.0.2316': attribute type 1 has an invalid length.
[  351.325862][T12392] 8021q: adding VLAN 0 to HW filter on device bond3
[  351.335753][T12383] ext4 filesystem being mounted at /225/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  351.342093][T12392] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  351.503433][T12399] loop0: detected capacity change from 0 to 1024
[  351.552988][T12399] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  351.574731][   T30] audit: type=1800 audit(1749679372.761:1586): pid=12399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2319" name="bus" dev="loop0" ino=18 res=0 errno=0
[  351.668178][T12399] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  351.691500][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.806798][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.030425][T12416] loop4: detected capacity change from 0 to 512
[  352.077933][T12418] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2326'.
[  352.176472][T12422] loop5: detected capacity change from 0 to 2048
[  352.234500][T12422]  loop5: p1 < > p4
[  352.240618][T12422] loop5: p4 size 8388608 extends beyond EOD, truncated
[  352.282827][T12416] EXT4-fs: Ignoring removed oldalloc option
[  352.301019][T12416] EXT4-fs: test_dummy_encryption requires encrypt feature
[  352.314455][T12427] loop7: detected capacity change from 0 to 512
[  352.342978][T12427] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  352.361955][T12427] System zones: 1-12
[  352.367371][T12427] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.2329: corrupted in-inode xattr: e_value size too large
[  352.383681][T12427] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.2329: couldn't read orphan inode 15 (err -117)
[  352.399697][T12427] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.458622][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.022694][T12433] loop3: detected capacity change from 0 to 512
[  353.108933][T12433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.158702][T12433] ext4 filesystem being mounted at /483/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  353.206426][T12462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2338'.
[  353.447749][T12469] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  353.461813][T12469] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  353.564941][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.621927][T12475] loop7: detected capacity change from 0 to 512
[  353.635676][T12475] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a840c19d, mo2=0002]
[  353.643995][T12475] System zones: 1-12
[  353.648642][T12475] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.2344: corrupted in-inode xattr: e_value size too large
[  353.665430][T12475] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.2344: couldn't read orphan inode 15 (err -117)
[  353.680988][T12475] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.737893][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.930255][T12484] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2348'.
[  354.307454][T12501] 9pnet_fd: Insufficient options for proto=fd
[  354.419665][T12505] netlink: 'syz.3.2354': attribute type 1 has an invalid length.
[  354.470458][T12505] 8021q: adding VLAN 0 to HW filter on device bond4
[  354.510596][T12505] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  354.905793][T12520] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2361'.
[  354.931947][T12518] loop3: detected capacity change from 0 to 2048
[  355.188582][T12503] loop5: detected capacity change from 0 to 512
[  355.250984][T12518]  loop3: p1 < > p4
[  355.287041][T12518] loop3: p4 size 8388608 extends beyond EOD, truncated
[  355.341386][T12503] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.421370][T12503] ext4 filesystem being mounted at /438/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  355.667423][T12536] 9pnet_fd: Insufficient options for proto=fd
[  355.753218][T12538] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2365'.
[  355.800253][T12538] 0ªî{X¹¦: renamed from gretap0
[  355.816016][T12538] 0ªî{X¹¦: entered allmulticast mode
[  355.831894][T12538] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  355.906284][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.079535][T12546] loop3: detected capacity change from 0 to 2048
[  356.126604][T12551] netlink: 136 bytes leftover after parsing attributes in process `ext4'.
[  356.144206][T12546]  loop3: p1 < > p4
[  356.175639][T12546] loop3: p4 size 8388608 extends beyond EOD, truncated
[  356.464060][T12563] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2377'.
[  356.807819][T12576] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2383'.
[  357.088818][   T30] audit: type=1326 audit(1749679378.261:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.128587][T12583] loop0: detected capacity change from 0 to 1024
[  357.147657][T12583] EXT4-fs: Ignoring removed orlov option
[  357.176560][   T30] audit: type=1326 audit(1749679378.261:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.228493][   T30] audit: type=1326 audit(1749679378.271:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.253239][   T30] audit: type=1326 audit(1749679378.271:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.254776][T12583] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.276218][   T30] audit: type=1326 audit(1749679378.271:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.276276][   T30] audit: type=1326 audit(1749679378.281:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.276324][   T30] audit: type=1326 audit(1749679378.281:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.276372][   T30] audit: type=1326 audit(1749679378.281:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.276420][   T30] audit: type=1326 audit(1749679378.281:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.276466][   T30] audit: type=1326 audit(1749679378.281:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12586 comm="syz.3.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f062d58e929 code=0x7ffc0000
[  357.434452][T12592] loop4: detected capacity change from 0 to 2048
[  357.498064][T12592]  loop4: p1 < > p4
[  357.536979][T12592] loop4: p4 size 8388608 extends beyond EOD, truncated
[  357.707555][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.927637][T12605] loop0: detected capacity change from 0 to 2048
[  358.068012][T12603] loop4: detected capacity change from 0 to 8192
[  358.208813][T12609] loop5: detected capacity change from 0 to 1024
[  358.240118][T12609] EXT4-fs: inline encryption not supported
[  358.283060][T12609] EXT4-fs: Ignoring removed bh option
[  358.362646][T12609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.731970][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.984228][T12638] loop4: detected capacity change from 0 to 512
[  359.030399][T12638] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  359.036876][  T880] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  359.082377][T12638] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  359.111360][T12638] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  359.125676][T12638] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  359.150619][T12638] System zones: 0-2, 18-18, 34-35
[  359.158211][T12638] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  359.280809][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.327264][  T880] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  359.487190][T12642] loop4: detected capacity change from 0 to 2048
[  359.545080][T12642]  loop4: p1 < > p4
[  359.564581][T12642] loop4: p4 size 8388608 extends beyond EOD, truncated
[  360.344671][ T5852] Bluetooth: hci4: command 0x0406 tx timeout
[  360.777324][T12665] loop0: detected capacity change from 0 to 1024
[  361.157766][T12665] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0002]
[  361.166189][T12665] System zones: 0-1, 3-8
[  361.172871][T12665] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.185088][T12665] ext4 filesystem being mounted at /518/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.217826][T12665] EXT4-fs error (device loop0): ext4_map_blocks:816: inode #15: block 1: comm syz.0.2413: lblock 1 mapped to illegal pblock 1 (length 15)
[  361.311059][T12665] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[  361.340797][T12665] EXT4-fs (loop0): This should not happen!! Data will be lost
[  361.340797][T12665] 
[  361.389530][T12678] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  361.453331][T12678] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  361.738100][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.291013][T12693] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2424'.
[  362.323498][T12693] x_tables: ip_tables: udp match: only valid for protocol 17
[  362.618676][T12705] loop0: detected capacity change from 0 to 128
[  362.678235][   T30] kauditd_printk_skb: 77 callbacks suppressed
[  362.678255][   T30] audit: type=1800 audit(1749679383.861:1674): pid=12705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2427" name="bus" dev="loop0" ino=1048663 res=0 errno=0
[  362.870409][T12709] syz.0.2427: attempt to access beyond end of device
[  362.870409][T12709] loop0: rw=2049, sector=809, nr_sectors = 232 limit=128
[  364.498702][T12737] netdevsim netdevsim5: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  364.528005][T12737] netdevsim netdevsim5: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  365.426300][T12755] netlink: 'syz.4.2442': attribute type 4 has an invalid length.
[  366.116660][T12769] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2446'.
[  366.215608][T12753] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  366.240638][T12769] x_tables: ip_tables: udp match: only valid for protocol 17
[  366.299450][T12753] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  366.413809][T12770] loop5: detected capacity change from 0 to 512
[  366.455460][T12753] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  366.486194][T12753] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  366.494686][T12770] EXT4-fs: Ignoring removed nobh option
[  366.546995][T12753] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  366.566301][T12753] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  366.591037][T12753] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  366.619715][T12753] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  366.659335][T12753] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  366.695464][T12753] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  366.754478][T12770] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.848052][T12770] EXT4-fs error (device loop5): ext4_lookup:1787: inode #15: comm syz.5.2443: iget: bad i_size value: 15393162788874
[  366.928452][T12782] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2450'.
[  367.126092][T12790] loop3: detected capacity change from 0 to 1024
[  367.140198][T12790] EXT4-fs: Ignoring removed bh option
[  367.147763][T12790] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  367.171988][T12790] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.2453: inode #2304: comm syz.3.2453: iget: illegal inode #
[  367.335094][T12790] EXT4-fs (loop3): Remounting filesystem read-only
[  367.352003][T12790] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  367.401946][T12790] EXT4-fs (loop3): mount failed
[  367.453328][ T5153] Bluetooth: hci2: command 0x0406 tx timeout
[  367.964836][T12802] loop0: detected capacity change from 0 to 128
[  368.060678][   T30] audit: type=1800 audit(1749679389.241:1675): pid=12802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2456" name="bus" dev="loop0" ino=1048665 res=0 errno=0
[  368.266422][T12805] syz.0.2456: attempt to access beyond end of device
[  368.266422][T12805] loop0: rw=2049, sector=409, nr_sectors = 632 limit=128
[  368.461362][T12814] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  368.506179][ T5153] Bluetooth: hci0: command 0x0406 tx timeout
[  368.572430][ T5153] Bluetooth: hci3: command 0x0406 tx timeout
[  368.653170][ T5153] Bluetooth: hci1: command 0x0406 tx timeout
[  368.736520][ T5153] Bluetooth: hci4: command 0x0406 tx timeout
[  369.323134][T12820] loop0: detected capacity change from 0 to 8192
[  369.405856][T12820]  loop0: p1 p2 p4
[  369.409796][T12820] loop0: p1 size 65536 extends beyond EOD, truncated
[  369.441534][   T30] audit: type=1326 audit(1749679390.621:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.468755][T12820] loop0: p2 start 861536256 is beyond EOD, truncated
[  369.499671][   T30] audit: type=1326 audit(1749679390.651:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.529878][T12820] loop0: p4 size 65536 extends beyond EOD, truncated
[  369.537940][ T5153] Bluetooth: hci2: command 0x0406 tx timeout
[  369.586542][   T30] audit: type=1326 audit(1749679390.651:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.609498][   T30] audit: type=1326 audit(1749679390.671:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.644190][   T30] audit: type=1326 audit(1749679390.671:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.681476][   T30] audit: type=1326 audit(1749679390.711:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.774117][   T30] audit: type=1326 audit(1749679390.711:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.851186][   T30] audit: type=1326 audit(1749679390.711:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  369.916873][   T30] audit: type=1326 audit(1749679390.721:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12823 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  370.132913][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2467'.
[  370.514653][T12849] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  370.521322][T12849] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  370.540024][T12849] vhci_hcd vhci_hcd.0: Device attached
[  370.565589][T12827] infiniband syz2: set down
[  370.570553][T12827] infiniband syz2: added veth0_to_bond
[  370.580629][ T5153] Bluetooth: hci0: command 0x0406 tx timeout
[  370.589373][T12853] vhci_hcd vhci_hcd.0: port 0 already used
[  370.590921][T12827] syz2: rxe_create_cq: returned err = -12
[  370.602883][T12827] infiniband syz2: Couldn't create ib_mad CQ
[  370.622856][T12849] loop4: detected capacity change from 0 to 1024
[  370.631046][T12849] EXT4-fs: Ignoring removed nobh option
[  370.638537][T12827] infiniband syz2: Couldn't open port 1
[  370.652877][ T5153] Bluetooth: hci3: command 0x0406 tx timeout
[  370.733177][ T5153] Bluetooth: hci1: command 0x0406 tx timeout
[  370.759749][T12849] EXT4-fs: Ignoring removed bh option
[  370.813860][ T5153] Bluetooth: hci4: command 0x0406 tx timeout
[  370.826259][  T880] usb 42-1: SetAddress Request (2) to port 0
[  370.847027][T12827] RDS/IB: syz2: added
[  370.856709][T12849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.879558][  T880] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  370.890356][T12827] smc: adding ib device syz2 with port count 1
[  370.932177][T12827] smc:    ib device syz2 port 1 has pnetid 
[  371.009999][T12849] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  371.096111][T12849] EXT4-fs (loop4): Remounting filesystem read-only
[  371.172004][T12851] vhci_hcd: connection closed
[  371.201063][ T5012] vhci_hcd: stop threads
[  371.244248][ T5012] vhci_hcd: release socket
[  371.283912][ T5012] vhci_hcd: disconnect device
[  371.727457][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.850707][  T880] usb 42-1: enqueue for inactive port 0
[  372.232006][  T880] usb usb42-port1: attempt power cycle
[  372.365746][ T5918] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  372.391649][T12874] loop3: detected capacity change from 0 to 1024
[  372.431025][T12874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.521843][ T5918] usb 5-1: Using ep0 maxpacket: 32
[  372.543471][ T5918] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  372.554522][ T5918] usb 5-1: config 0 has no interface number 0
[  372.574349][ T5918] usb 5-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  372.607824][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.630094][ T5918] usb 5-1: Product: syz
[  372.643700][ T5918] usb 5-1: Manufacturer: syz
[  372.651031][ T5918] usb 5-1: SerialNumber: syz
[  372.696936][ T5918] usb 5-1: config 0 descriptor??
[  372.717916][ T5918] radio-si470x 5-1:0.35: could not find interrupt in endpoint
[  372.727365][ T5918] radio-si470x 5-1:0.35: probe with driver radio-si470x failed with error -5
[  372.797230][  T880] usb usb42-port1: unable to enumerate USB device
[  372.834157][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.920970][ T5918] radio-raremono 5-1:0.35: this is not Thanko's Raremono.
[  372.928713][ T5918] usbhid 5-1:0.35: couldn't find an input interrupt endpoint
[  372.949740][ T5918] usb 5-1: USB disconnect, device number 2
[  373.635176][T12891] netlink: 'syz.3.2485': attribute type 1 has an invalid length.
[  373.719601][T12891] 8021q: adding VLAN 0 to HW filter on device bond5
[  373.764532][   T30] kauditd_printk_skb: 108 callbacks suppressed
[  373.764550][   T30] audit: type=1326 audit(1749679395.024:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.814344][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.816323][T12891] bond4: (slave veth0_to_bond): Releasing active interface
[  373.824278][   T30] audit: type=1326 audit(1749679395.055:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.863026][   T30] audit: type=1326 audit(1749679395.055:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.886101][   T30] audit: type=1326 audit(1749679395.055:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.909171][   T30] audit: type=1326 audit(1749679395.065:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.916833][T12891] bond5: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  373.932903][   T30] audit: type=1326 audit(1749679395.065:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  373.967099][   T30] audit: type=1326 audit(1749679395.065:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  374.003104][   T30] audit: type=1326 audit(1749679395.065:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  374.026801][   T30] audit: type=1326 audit(1749679395.065:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f535898e929 code=0x7ffc0000
[  374.050382][   T30] audit: type=1326 audit(1749679395.065:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.4.2486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f53589858e7 code=0x7ffc0000
[  374.610485][T12908] 9pnet_fd: Insufficient options for proto=fd
[  375.902456][T12918] loop7: detected capacity change from 0 to 128
[  376.229779][T12921] syz.7.2494: attempt to access beyond end of device
[  376.229779][T12921] loop7: rw=2049, sector=649, nr_sectors = 392 limit=128
[  376.360547][T12925] netdevsim netdevsim4: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  376.394513][T12925] netdevsim netdevsim4: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  376.982811][T12937] 9pnet_fd: Insufficient options for proto=fd
[  377.282605][T12939] 9pnet_fd: Insufficient options for proto=fd
[  377.559800][T12945] loop7: detected capacity change from 0 to 512
[  377.603075][T12945] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.659493][T12945] ext4 filesystem being mounted at /260/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  378.226366][ T8883] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.546694][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.561298][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.241815][T12981] 9pnet_fd: Insufficient options for proto=fd
[  379.571291][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2516'.
[  379.806292][T12987] hsr_slave_0 (unregistering): left promiscuous mode
[  380.065978][T12994] loop5: detected capacity change from 0 to 128
[  380.120847][   T30] kauditd_printk_skb: 204 callbacks suppressed
[  380.120867][   T30] audit: type=1800 audit(1749679401.532:2007): pid=12994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2519" name="bus" dev="loop5" ino=1048669 res=0 errno=0
[  380.178771][T12996] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2520'.
[  380.237180][T13000] syz.5.2519: attempt to access beyond end of device
[  380.237180][T13000] loop5: rw=2049, sector=761, nr_sectors = 280 limit=128
[  380.338629][T13003] loop7: detected capacity change from 0 to 512
[  380.346987][T13003] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  380.354250][T13005] loop4: detected capacity change from 0 to 512
[  380.404007][T13003] EXT4-fs error (device loop7): xattr_find_entry:333: inode #15: comm syz.7.2523: corrupted xattr entries
[  380.432918][T13003] EXT4-fs (loop7): 1 truncate cleaned up
[  380.445585][T13005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.467815][T13007] loop0: detected capacity change from 0 to 4096
[  380.469495][T13003] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  380.486635][T13005] ext4 filesystem being mounted at /507/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  380.561443][   T30] audit: type=1800 audit(1749679401.939:2008): pid=13005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2524" name="file1" dev="loop4" ino=15 res=0 errno=0
[  380.585293][T13007] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.650713][T13003] loop7: detected capacity change from 512 to 0
[  380.674453][   T30] audit: type=1800 audit(1749679402.082:2009): pid=13007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2525" name="file1" dev="loop0" ino=15 res=0 errno=0
[  380.700001][T13003] 
[  380.702392][T13003] ======================================================
[  380.709433][T13003] WARNING: possible circular locking dependency detected
[  380.716471][T13003] 6.16.0-rc1-next-20250611-syzkaller #0 Not tainted
[  380.723074][T13003] ------------------------------------------------------
[  380.730085][T13003] syz.7.2523/13003 is trying to acquire lock:
[  380.736142][T13003] ffffffff8f87e0a8 (uevent_sock_mutex){+.+.}-{4:4}, at: kobject_uevent_net_broadcast+0x27e/0x560
[  380.746698][T13003] 
[  380.746698][T13003] but task is already holding lock:
[  380.754080][T13003] ffff888024f9bb58 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: loop_set_status+0x227/0xaf0
[  380.764291][T13003] 
[  380.764291][T13003] which lock already depends on the new lock.
[  380.764291][T13003] 
[  380.774702][T13003] 
[  380.774702][T13003] the existing dependency chain (in reverse order) is:
[  380.783713][T13003] 
[  380.783713][T13003] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}:
[  380.792337][T13003]        lock_acquire+0x120/0x360
[  380.797369][T13003]        blk_alloc_queue+0x538/0x620
[  380.802657][T13003]        __blk_mq_alloc_disk+0x162/0x340
[  380.808379][T13003]        loop_add+0x41b/0xad0
[  380.813063][T13003]        loop_init+0x173/0x230
[  380.817822][T13003]        do_one_initcall+0x233/0x820
[  380.823110][T13003]        do_initcall_level+0x137/0x1f0
[  380.828569][T13003]        do_initcalls+0x69/0xd0
[  380.833418][T13003]        kernel_init_freeable+0x3d9/0x570
[  380.839141][T13003]        kernel_init+0x1d/0x1d0
[  380.843986][T13003]        ret_from_fork+0x3f9/0x770
[  380.849101][T13003]        ret_from_fork_asm+0x1a/0x30
[  380.854385][T13003] 
[  380.854385][T13003] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  380.861594][T13003]        lock_acquire+0x120/0x360
[  380.866624][T13003]        fs_reclaim_acquire+0x72/0x100
[  380.872088][T13003]        kmem_cache_alloc_node_noprof+0x47/0x3c0
[  380.878504][T13003]        __alloc_skb+0x112/0x2d0
[  380.883524][T13003]        alloc_uevent_skb+0x7d/0x230
[  380.888817][T13003]        kobject_uevent_net_broadcast+0x2fa/0x560
[  380.895236][T13003]        kobject_uevent_env+0x55b/0x8c0
[  380.900875][T13003]        kobject_synth_uevent+0x527/0xb00
[  380.906696][T13003]        bus_uevent_store+0x115/0x170
[  380.912106][T13003]        kernfs_fop_write_iter+0x378/0x4f0
[  380.917921][T13003]        vfs_write+0x54b/0xa90
[  380.922689][T13003]        ksys_write+0x145/0x250
[  380.927537][T13003]        do_syscall_64+0xfa/0x3b0
[  380.932565][T13003]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.938974][T13003] 
[  380.938974][T13003] -> #0 (uevent_sock_mutex){+.+.}-{4:4}:
[  380.946795][T13003]        validate_chain+0xb9b/0x2140
[  380.952080][T13003]        __lock_acquire+0xab9/0xd20
[  380.957278][T13003]        lock_acquire+0x120/0x360
[  380.962309][T13003]        __mutex_lock+0x182/0xe80
[  380.967340][T13003]        kobject_uevent_net_broadcast+0x27e/0x560
[  380.973864][T13003]        kobject_uevent_env+0x55b/0x8c0
[  380.979418][T13003]        loop_set_status+0x4d3/0xaf0
[  380.984704][T13003]        lo_ioctl+0xa5e/0x2410
[  380.989556][T13003]        blkdev_ioctl+0x5a5/0x6d0
[  380.994577][T13003]        __se_sys_ioctl+0xf9/0x170
[  380.999691][T13003]        do_syscall_64+0xfa/0x3b0
[  381.004715][T13003]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.011128][T13003] 
[  381.011128][T13003] other info that might help us debug this:
[  381.011128][T13003] 
[  381.021353][T13003] Chain exists of:
[  381.021353][T13003]   uevent_sock_mutex --> fs_reclaim --> &q->q_usage_counter(io)#24
[  381.021353][T13003] 
[  381.035235][T13003]  Possible unsafe locking scenario:
[  381.035235][T13003] 
[  381.042679][T13003]        CPU0                    CPU1
[  381.048038][T13003]        ----                    ----
[  381.053401][T13003]   lock(&q->q_usage_counter(io)#24);
[  381.058781][T13003]                                lock(fs_reclaim);
[  381.065368][T13003]                                lock(&q->q_usage_counter(io)#24);
[  381.073268][T13003]   lock(uevent_sock_mutex);
[  381.077867][T13003] 
[  381.077867][T13003]  *** DEADLOCK ***
[  381.077867][T13003] 
[  381.086009][T13003] 3 locks held by syz.7.2523/13003:
[  381.091203][T13003]  #0: ffff8880250b1400 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2c/0xaf0
[  381.100776][T13003]  #1: ffff888024f9bb58 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: loop_set_status+0x227/0xaf0
[  381.111393][T13003]  #2: ffff888024f9bb90 (&q->q_usage_counter(queue)#22){+.+.}-{0:0}, at: loop_set_status+0x227/0xaf0
[  381.122272][T13003] 
[  381.122272][T13003] stack backtrace:
[  381.128161][T13003] CPU: 0 UID: 0 PID: 13003 Comm: syz.7.2523 Not tainted 6.16.0-rc1-next-20250611-syzkaller #0 PREEMPT(full) 
[  381.128181][T13003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  381.128191][T13003] Call Trace:
[  381.128198][T13003]  <TASK>
[  381.128206][T13003]  dump_stack_lvl+0x189/0x250
[  381.128223][T13003]  ? __pfx_dump_stack_lvl+0x10/0x10
[  381.128240][T13003]  ? __pfx__printk+0x10/0x10
[  381.128258][T13003]  ? print_lock_name+0xde/0x100
[  381.128274][T13003]  print_circular_bug+0x2ee/0x310
[  381.128291][T13003]  check_noncircular+0x134/0x160
[  381.128308][T13003]  validate_chain+0xb9b/0x2140
[  381.128330][T13003]  __lock_acquire+0xab9/0xd20
[  381.128353][T13003]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  381.128375][T13003]  lock_acquire+0x120/0x360
[  381.128393][T13003]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  381.128420][T13003]  __mutex_lock+0x182/0xe80
[  381.128438][T13003]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  381.128460][T13003]  ? vsnprintf+0xe11/0xf00
[  381.128475][T13003]  ? kobject_uevent_net_broadcast+0x27e/0x560
[  381.128497][T13003]  ? __pfx___mutex_lock+0x10/0x10
[  381.128514][T13003]  ? add_uevent_var+0x278/0x450
[  381.128537][T13003]  ? kobject_uevent_env+0x50a/0x8c0
[  381.128558][T13003]  ? __pfx_add_uevent_var+0x10/0x10
[  381.128579][T13003]  kobject_uevent_net_broadcast+0x27e/0x560
[  381.128603][T13003]  kobject_uevent_env+0x55b/0x8c0
[  381.128626][T13003]  loop_set_status+0x4d3/0xaf0
[  381.128645][T13003]  lo_ioctl+0xa5e/0x2410
[  381.128668][T13003]  ? stack_trace_save+0x9c/0xe0
[  381.128684][T13003]  ? __pfx_lo_ioctl+0x10/0x10
[  381.128707][T13003]  ? kasan_save_track+0x4f/0x80
[  381.128728][T13003]  ? kasan_save_track+0x3e/0x80
[  381.128746][T13003]  ? kasan_save_free_info+0x46/0x50
[  381.128762][T13003]  ? __kasan_slab_free+0x62/0x70
[  381.128774][T13003]  ? kfree+0x18e/0x440
[  381.128793][T13003]  ? tomoyo_check_open_permission+0x2c2/0x3b0
[  381.128810][T13003]  ? do_dentry_open+0x35e/0x1970
[  381.128826][T13003]  ? vfs_open+0x3b/0x340
[  381.128840][T13003]  ? path_openat+0x2ee5/0x3830
[  381.128862][T13003]  ? __lock_acquire+0xab9/0xd20
[  381.128883][T13003]  ? __lock_acquire+0xab9/0xd20
[  381.128910][T13003]  ? __lock_acquire+0xab9/0xd20
[  381.128937][T13003]  ? __lock_acquire+0xab9/0xd20
[  381.128962][T13003]  ? is_bpf_text_address+0x26/0x2b0
[  381.128984][T13003]  ? is_bpf_text_address+0x292/0x2b0
[  381.129004][T13003]  ? is_bpf_text_address+0x26/0x2b0
[  381.129025][T13003]  ? kernel_text_address+0xa5/0xe0
[  381.129043][T13003]  ? __kernel_text_address+0xd/0x40
[  381.129059][T13003]  ? unwind_get_return_address+0x4d/0x90
[  381.129080][T13003]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  381.129095][T13003]  ? arch_stack_walk+0xfc/0x150
[  381.129113][T13003]  ? stack_trace_save+0x9c/0xe0
[  381.129128][T13003]  ? stack_depot_save_flags+0x40/0x900
[  381.129153][T13003]  ? kasan_save_track+0x4f/0x80
[  381.129172][T13003]  ? kasan_save_track+0x3e/0x80
[  381.129190][T13003]  ? kasan_save_free_info+0x46/0x50
[  381.129206][T13003]  ? __kasan_slab_free+0x62/0x70
[  381.129217][T13003]  ? kfree+0x18e/0x440
[  381.129235][T13003]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  381.129250][T13003]  ? security_file_ioctl+0xcb/0x2d0
[  381.129264][T13003]  ? __se_sys_ioctl+0x47/0x170
[  381.129282][T13003]  ? do_syscall_64+0xfa/0x3b0
[  381.129299][T13003]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.129321][T13003]  ? do_vfs_ioctl+0xf37/0x1990
[  381.129341][T13003]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  381.129362][T13003]  ? kasan_quarantine_put+0xdd/0x220
[  381.129383][T13003]  ? blkdev_common_ioctl+0xfc3/0x2450
[  381.129397][T13003]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  381.129414][T13003]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  381.129430][T13003]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  381.129442][T13003]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  381.129458][T13003]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  381.129474][T13003]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  381.129495][T13003]  ? __lock_acquire+0xab9/0xd20
[  381.129519][T13003]  ? __pfx_lo_ioctl+0x10/0x10
[  381.129539][T13003]  blkdev_ioctl+0x5a5/0x6d0
[  381.129553][T13003]  ? __pfx_blkdev_ioctl+0x10/0x10
[  381.129565][T13003]  ? __fget_files+0x2a/0x420
[  381.129582][T13003]  ? bpf_lsm_file_ioctl+0x9/0x20
[  381.129602][T13003]  ? __pfx_blkdev_ioctl+0x10/0x10
[  381.129614][T13003]  __se_sys_ioctl+0xf9/0x170
[  381.129634][T13003]  do_syscall_64+0xfa/0x3b0
[  381.129651][T13003]  ? lockdep_hardirqs_on+0x9c/0x150
[  381.129668][T13003]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.129682][T13003]  ? clear_bhb_loop+0x60/0xb0
[  381.129697][T13003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.129711][T13003] RIP: 0033:0x7ff68598e929
[  381.129726][T13003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  381.129740][T13003] RSP: 002b:00007ff6867fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  381.129756][T13003] RAX: ffffffffffffffda RBX: 00007ff685bb5fa0 RCX: 00007ff68598e929
[  381.129767][T13003] RDX: 00002000000000c0 RSI: 0000000000004c04 RDI: 0000000000000005
[  381.129777][T13003] RBP: 00007ff685a10b39 R08: 0000000000000000 R09: 0000000000000000
[  381.129786][T13003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  381.129795][T13003] R13: 0000000000000000 R14: 00007ff685bb5fa0 R15: 00007fff92f0b6f8
[  381.129826][T13003]  </TASK>
[  381.129883][    C0] vkms_vblank_simulate: vblank timer overrun
[  381.651226][    C0] vkms_vblank_simulate: vblank timer overrun
[  381.679909][ T5838] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.683884][    C1] I/O error, dev loop7, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  381.698861][T13013] syz.7.2523: attempt to access beyond end of device
[  381.698861][T13013] loop7: rw=12288, sector=26, nr_sectors = 2 limit=0
[  381.737039][ T8883] syz-executor: attempt to access beyond end of device
[  381.737039][ T8883] loop7: rw=12288, sector=26, nr_sectors = 2 limit=0
[  381.784423][T12715] syz.7.2432: attempt to access beyond end of device
[  381.784423][T12715] loop7: rw=524288, sector=12, nr_sectors = 2 limit=0
[  381.801083][T12715] syz.7.2432: attempt to access beyond end of device
[  381.801083][T12715] loop7: rw=524288, sector=14, nr_sectors = 2 limit=0
[  381.816426][T12715] syz.7.2432: attempt to access beyond end of device
[  381.816426][T12715] loop7: rw=524288, sector=16, nr_sectors = 2 limit=0
[  381.830824][T12715] syz.7.2432: attempt to access beyond end of device
[  381.830824][T12715] loop7: rw=524288, sector=18, nr_sectors = 2 limit=0
[  381.833435][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.844421][T12715] syz.7.2432: attempt to access beyond end of device
[  381.844421][T12715] loop7: rw=12288, sector=10, nr_sectors = 2 limit=0
[  381.866623][T12715] EXT4-fs error (device loop7): ext4_get_inode_loc:4930: inode #2: block 5: comm syz.7.2432: unable to read itable block
[  381.880962][T12715] syz.7.2432: attempt to access beyond end of device
[  381.880962][T12715] loop7: rw=145409, sector=2, nr_sectors = 2 limit=0
[  381.894305][T12715] Buffer I/O error on dev loop7, logical block 1, lost sync page write
[  381.903174][T12715] EXT4-fs (loop7): I/O error while writing superblock
[  381.910074][T12715] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6255: IO failure
[  381.919076][T12715] syz.7.2432: attempt to access beyond end of device
[  381.919076][T12715] loop7: rw=145409, sector=2, nr_sectors = 2 limit=0
[  381.932401][T12715] Buffer I/O error on dev loop7, logical block 1, lost sync page write
[  381.940840][T12715] EXT4-fs (loop7): I/O error while writing superblock
[  381.947832][T12715] EXT4-fs error (device loop7): ext4_dirty_inode:6459: inode #2: comm syz.7.2432: mark_inode_dirty error
[  381.959242][T12715] syz.7.2432: attempt to access beyond end of device
[  381.959242][T12715] loop7: rw=145409, sector=2, nr_sectors = 2 limit=0
[  381.972820][T12715] Buffer I/O error on dev loop7, logical block 1, lost sync page write
[  381.981256][T12715] EXT4-fs (loop7): I/O error while writing superblock
[  381.992800][ T4266] EXT4-fs error (device loop7): __ext4_get_inode_loc_noinmem:4915: inode #2: block 5: comm kworker/u8:6: unable to read itable block
[  382.006603][ T4266] Buffer I/O error on dev loop7, logical block 1, lost sync page write
[  382.015215][ T4266] EXT4-fs (loop7): I/O error while writing superblock
[  382.023598][T12715] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.033289][T12715] Buffer I/O error on dev loop7, logical block 1, lost sync page write
[  382.041894][T12715] EXT4-fs (loop7): I/O error while writing superblock
[  382.082638][ T4266] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.139070][ T4266] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.199180][ T4266] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.259185][ T4266] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.652676][ T4266] bond0 (unregistering): Released all slaves
[  382.949145][ T4266] hsr_slave_0: left promiscuous mode
[  382.966146][ T4266] hsr_slave_1: left promiscuous mode
[  382.986124][ T4266] veth1_macvtap: left promiscuous mode
[  382.991722][ T4266] veth0_macvtap: left promiscuous mode
[  383.222336][ T1159] smc: removing ib device syz2