last executing test programs:

5m20.963477684s ago: executing program 4 (id=281):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00"/11], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRES8=r0, @ANYRESDEC=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
syz_emit_ethernet(0x129, &(0x7f0000000900)={@local, @local, @void, {@ipv4={0x800, @dccp={{0x23, 0x4, 0x1, 0x6, 0x11b, 0x67, 0x0, 0xbb, 0x21, 0x0, @empty, @multicast1, {[@lsrr={0x83, 0xf, 0xb0, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @private=0xa010102]}, @lsrr={0x83, 0x27, 0x85, [@remote, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @private=0xa010102, @multicast1, @broadcast, @rand_addr=0x64010100, @multicast1]}, @timestamp={0x44, 0x14, 0x38, 0x0, 0x9, [0x6, 0xfff, 0x785, 0x80000000]}, @rr={0x7, 0xb, 0x62, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x23, 0xf6, [@local, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x43}, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}]}}, {{0x4e23, 0x4e21, 0x4, 0x1, 0x9, 0x0, 0x0, 0x0, 0x6, '\x00', 0x5, "9d92e2"}, "493d758bfa28d9ffbf86b05bc2f71f9d41b1075743628ca00c33f0700329f0dad4ee4e7ead6980fb171cca91c73511f355cca6f2f334783cfe88132b48510ccf0955622da8365ceea9177143b5b84c994e927452be21d53929802fcd7ad70667ea38a69664d7f86a9f999369acc55670ef1692355f63e9e7b2643fa9ae2f7d"}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
timer_create(0x3, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/tty/drivers\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000340))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)

5m20.091185107s ago: executing program 4 (id=290):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x2, 0x4, 0xff}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="5400000010000104000000000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff00000000000002c0012800e00010069703667726574617000000018000280140007002001001000000000000000000000000208000a00"], 0x54}}, 0x0)

5m19.505966626s ago: executing program 4 (id=293):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x1, 0x1, 0x1, 0x154, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="c00000001300e99900000000008000002001000000000000000000000000000200000000000000000000ffffe000000100000000000004000a00600000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000003600000000000000ffffffffffffffff00000000000000000100000000000000000000000000000000000000000000000000000000000000000100020000000008001f0041de53ade89a584701000000"], 0xc0}, 0x1, 0x0, 0x0, 0x20004001}, 0x20000004)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
syz_usb_connect$uac1(0x2, 0x71, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xb8, 0x15, 0x701, 0x70bd2c, 0x0, {{@in=@multicast1=0xe0000002, @in=@remote, 0x0, 0x0, 0x4, 0x0, 0xa, 0x80, 0x0, 0x32}, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x0, 0x100}, 0xffbffffe, 0x6e6bb1}}, 0xb8}}, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file1\x00', r0}, 0x18)

5m16.445109203s ago: executing program 4 (id=311):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xf43b000)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x9, 0x0, &(0x7f0000000640)="b9ff03076844268cb8", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(r1, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
brk(0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x1, 0xc5, &(0x7f0000000180)=""/197, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x6f}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3d0}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[], 0xa0}, 0x1, 0xfffff000, 0x0, 0x40008b0}, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0x40106726, &(0x7f00000000c0))
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)

5m15.893322121s ago: executing program 4 (id=315):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x40, &(0x7f0000000040), 0x1, 0x4fb, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64sABwQ1ue1kOSAusQBskDkbjH9nsxk7SXceW7M9HGs28eeP5vrfWvOf9JvELYGxdjYiDiLgSEe9FxFz7fNLe4q3Wll334P7t1aP7t1eTaDTe/WfSrM/OxYnXZJ5t33M6Ir7/nYgfJafj1vb2N1fK5dJOu1yoV7YLtb39GxuVlfXSemmrWFxaXFp44+brxb719eXKb+59e+PtH3z8uy/d/fPBN3+SNWu2XXeyH/3U6nruOE5mMiLevoxgQzDR7s+VYTeEJ5JGxGci4pXm8z8XE8138wL+0LjspgEAl6TRmIvG3MkyADDq0mYOLEnz7VzAbKRpPt/K4b0YM2m5Wqtfv1Xd3Vpr5crmI5fe2iiXFtq5wvnIJVl58cPs+GG5GI+Wb0bECxHx06lnmuX86gXzDABA3z372Pz/n6nW/A8AjLjp8y5YHkw7AIDBOXf+BwBGjvkfAMaP+R8Axo/5HwDGj/kfAMbNnc78PzHslgAAA/G9d97JtsZR+/uv197f292svn9jrVTbzFd2V/Or1Z3t/Hq1ul4u5VerlfPuV65Wtxdfi90PCvVSrV6o7e0vV6q7W/Xl5vd6L5dyA+kVAHCWF17+5K9JRBy8+UxzixNrOZirYbSlw24AMDRy/jC+fAs3jC//xwe6LNH7iJ6/IvzREwRrfPgELwL67drn5f9hXMn/w/iS/4fxJf8P46vRSHqt+Z8eXwIAjBQ5fmCgP/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAETHb3OZPlNM0n494LiLmI5fc2iiXFiLi+Yj4y1RuKisvDrXFAMDTS/+etNf/ujb36uzjtVeS/0419xHx45+/+7MPVur1ncXs/L+Oz9c/ap8vDqP9AMB5OvN0Zx7veHD/9mpnG2R77n2rtbhoFveovbVqJmMy2/1pOnIRMfPvpFVuyz6vTPQh/sFhRHyuW/+TZm5kvr3y6ePxs9jPDTR++kj8tFnX2mf/Fp89deepnjHPW+sVxsUn2fjzVrfnL42rzf1018WPp5sj1NPrjH9Hp8a/zvM+3Rxruo1/Vy8a47Xff7dn3WHEFya7xU+O4yc94r96wfh3vvjlV3rVNX4ZcS26xz8Zq1CvbBdqe/s3Nior66X10laxuLS4tPDGzdeLhWaOutDJVJ/2jzevP9+z/7+OmOkRf/qc/n/tzF43jgfgX/3vvR9+pVf8w4hvfLX7+//iGfGzOfHrZ8Z/aGXmtz2X787ir7X6f/hp3//rF4x/92/7axe8FAAYgNre/uZKuVza6etBLvp8wxMHySW12cGIH2Sfx5/2Pi+1U2Zdr/njLz5+Kascek/7cjDkgQm4dA8f+mG3BAAAAAAAAAAAAAAA6OXS/5woHXYPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGX/DwAA////i8z3")
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8d42}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./file0\x00', 0x90, &(0x7f0000000140)=ANY=[], 0x6, 0x2d7, &(0x7f0000000340)="$eJzs3T9rJGUYAPBnNrN/1GJTWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2Fe4g4h+cu0rsbCz9BILgB7GxsxRsBTsjBEZmdia7m4ybjWQjmt+vSN688zzzPvPOJJkmT957cXpwP4uHTz//JQaDJDqjfsRREtvRicaTWDL6OgCA/7Kjoojfi5mWwz9/tSJ3sMG6AIDNOef3fy2tPt4rI364utoAgM24e+/tN3f39m6/lWWDuDP98nCcRET5eXZ892F8EJN4EDdjGMcR1YtCN6q3hXJ4pyiKPM1K2/HKND8cl5nTd3+sz7/7W0SVvxPD2K6mTt42qvw39m7vZDML+XlZx7P1+qMy/1YM4/mT5KX8Wy35Me7Fqy8v1H8jhvHT+/FRTOJ+VcQ8/4udLHu9+OaPz94pyyvzk/xw3K/i5oqtZvH8iu8RAAAAAAAAAAAAAAAAAAAAAAD/Pzfq3jn9qPr3lFN1/52t4/KLbmSNeX+fDzt50x8oaU407w8UnaIo8iK+bfrr3MyyrKgD5/190nghrRsLAgAAAAAAAAAAAAAAAAAAwDX3+JNPD/YnkwePLmXQdANII+LPuxH/9DyjhZmXYnVwv15zfzLp1MPlmHRxJraamCRiZRnlRVzStpw3eOZMzfXgu+/PBidPZjcujbYTDs5ftNu+1gUHH3dn+9ga0zxdB/tJ+x72T4oflDcuTt+4XrSv3o1TM72/q7B5FNe7nF7roeGFt6X3XDXIV8REsur74rVfZ2UvXMVSTK/a1db0bj1YSD/1bKz1PMdgln72Z0WiWwcAAAAAAAAAAAAAAAAAAGzU/K9/Ww4+XZnaKfobKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vM0iXk9fI6sWjx//WtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9/BUAAP//gxtVEw==")
ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f00000011c0)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff1a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xe32fa770305bfcda}, 0x4000814)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
write$UHID_INPUT(r1, &(0x7f0000000180)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b3b373b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5d31300d106d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a69508671568ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab811905352483b154cdc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dd0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006)

5m15.715618753s ago: executing program 4 (id=317):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x18)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
pipe(0x0)
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000200)=0x7ffe, 0x4)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="2400000018001101ffffffff000000000a010000ff00fd060000000008000400", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x84054)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setgroups(0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="f8000000160001000000000000000000fc010000000000000000000000000001ff0100000000000000000000000000010000000000000000a469325495f3872e0000800021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414aa000000000000000000000000000004d432000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000a000000f500"/176], 0xf8}, 0x1, 0x0, 0x0, 0x840}, 0x0)

5m15.517796537s ago: executing program 32 (id=317):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x18)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
pipe(0x0)
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000200)=0x7ffe, 0x4)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="2400000018001101ffffffff000000000a010000ff00fd060000000008000400", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x84054)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setgroups(0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="f8000000160001000000000000000000fc010000000000000000000000000001ff0100000000000000000000000000010000000000000000a469325495f3872e0000800021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414aa000000000000000000000000000004d432000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000a000000f500"/176], 0xf8}, 0x1, 0x0, 0x0, 0x840}, 0x0)

3m45.657168056s ago: executing program 0 (id=802):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000002000000850000008500"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
getpgid(0x0)

3m45.549493678s ago: executing program 0 (id=805):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00"/11], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRES8=r0, @ANYRESDEC=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
syz_emit_ethernet(0x12b, &(0x7f0000000900)={@local, @local, @void, {@ipv4={0x800, @dccp={{0x23, 0x4, 0x1, 0x6, 0x11d, 0x67, 0x0, 0xbb, 0x21, 0x0, @empty, @multicast1, {[@lsrr={0x83, 0xf, 0xb0, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @private=0xa010102]}, @lsrr={0x83, 0x27, 0x85, [@remote, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @private=0xa010102, @multicast1, @broadcast, @rand_addr=0x64010100, @multicast1]}, @timestamp={0x44, 0x14, 0x38, 0x0, 0x9, [0x6, 0xfff, 0x785, 0x80000000]}, @rr={0x7, 0xb, 0x62, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x23, 0xf6, [@local, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @dev={0xac, 0x14, 0x14, 0x43}, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}]}}, {{0x4e23, 0x4e21, 0x4, 0x1, 0x9, 0x0, 0x0, 0x0, 0x6, '\x00', 0x5, "9d92e2"}, "493d758bfa28d9ffbf86b05bc2f71f9d41b1075743628ca00c33f0700329f0dad4ee4e7ead6980fb171cca91c73511f355cca6f2f334783cfe88132b48510ccf0955622da8365ceea9177143b5b84c994e927452be21d53929802fcd7ad70667ea38a69664d7f86a9f999369acc55670ef1692355f63e9e7b2643fa9ae2f7df3d0"}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
timer_create(0x3, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/tty/drivers\x00', 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000340))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x1, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x8, 0xb}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r8}, 0x18)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000140)={r8, r7}, 0xc)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0xfb, 0x0, &(0x7f0000000440))
pipe2$9p(&(0x7f0000000240), 0x0)

3m44.661684971s ago: executing program 0 (id=811):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000040)={0x5, 0x7, 0x80a0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x1000, 0x1, 0x7fffffff, 0x4400, r3, 0xd3, '\x00', 0x0, r4, 0x3, 0x1, 0x3, 0x1}, 0x50)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec5, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r6}, 0x10)
connect$pppl2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x10, 0x0, {0xa, 0x4e20, 0x0, @loopback}}}, 0x32)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34060}], 0x1)

3m44.595407922s ago: executing program 0 (id=813):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x100c404, &(0x7f0000000480)={[{@dots}, {@dots}, {@nodots}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@fat=@time_offset={'time_offset', 0x3d, 0x2d8}}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@showexec}, {}, {@fat=@sys_immutable}, {@nodots}, {@nodots}, {@fat=@usefree}, {@nodots}, {@fat=@showexec}, {@nodots}, {@dots}]}, 0xfd, 0x1f0, &(0x7f0000000240)="$eJzs3cFqE1EUANCbmiYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadGNMYBjKj9ZxN7uS+l/fuDJlkk5sUha+3P0eWdWLnIA5i2om92Im58wAArpNpSvEtFdreCwDQjA0+/783vCUAYMtev3n78ulweHiU51nExflkNBkVj0X++Yvh4aP8p71q1sVkMrpxmX+cL393mOV342aZf1LMzy/TvYgY9eLh/SI/yz17Ncx/nd+P91uuHQAAAAAAAAAAAAAAAAAAAAAA2nI38rmV/X3295fzgzJfHC30B1rq39ONO93ysGoPlM6aKAoAAAAAAAAAAAAAAAAAAAD+MSennz6+G48/HFdBPyIWn+muGHN10ClfeKPB7Qc7UW/6oCyzxqKd8hRtt8DB6ou7SRDdv+Xq1A3yBtYarD29Kc2C1e+CeVuMK6f3ImL96g+O6m5+mlIaf7l3fHIaae3g6h7Rb/SOBAAAAAAAAAAAAAAAAAAA/6+FX33/JmtjQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQgur//2sEZxFxK/44eL7WbmTtFgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC19SMAAP//j3Mj5w==")
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000040), 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff}) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1, &(0x7f00000000c0)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18}, 0x1001) (async)
sendmmsg$unix(r2, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000100)='+', 0x1}], 0x1}}], 0x1, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
chdir(&(0x7f0000000340)='./file0\x00') (async, rerun: 64)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x5e, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) (async, rerun: 64)
flistxattr(r3, 0x0, 0xffffffffffffffb1) (async, rerun: 64)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
open$dir(&(0x7f0000000000)='./file0/file0\x00', 0x80000, 0x70)
open(&(0x7f0000000080)='./file0/file1\x00', 0x10000, 0x9)

3m44.352735086s ago: executing program 0 (id=814):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x1, 0x1, 0x1, 0x154, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="c00000001300e99900000000008000002001000000000000000000000000000200000000000000000000ffffe000000100000000000004000a00600000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000003600000000000000ffffffffffffffff00000000000000000100000000000000000000000000000000000000000000000000000000000000000100020000000008001f0041de53ade89a584701000000"], 0xc0}, 0x1, 0x0, 0x0, 0x20004001}, 0x20000004)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000e5b7030000000700008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=@updpolicy={0xb8, 0x15, 0x701, 0x70bd2c, 0x0, {{@in=@multicast1=0xe0000002, @in=@remote, 0x0, 0x0, 0x4, 0x0, 0xa, 0x80, 0x0, 0x32}, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x0, 0x100}, 0xffbffffe, 0x6e6bb1}}, 0xb8}}, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file1\x00', r0}, 0x18)

3m44.293892617s ago: executing program 0 (id=815):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000002000000850000008500"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
getpgid(0x0)

3m44.242440628s ago: executing program 33 (id=815):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000002000000850000008500"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
getpgid(0x0)

1m6.959751547s ago: executing program 3 (id=1681):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket(0x1, 0x80802, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x2, r2, 0x0)

1m6.869799268s ago: executing program 3 (id=1682):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x40, &(0x7f0000000000)={[{@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0x3}}]}, 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
ioctl$FIBMAP(r0, 0x1, 0x0)

1m6.7588842s ago: executing program 3 (id=1683):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0xa02000, &(0x7f0000000740)={[{@noblock_validity}, {}, {@user_xattr}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7e}}, {@orlov}, {@nouser_xattr}, {@nouser_xattr}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r6, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8)
getsockname$packet(r8, &(0x7f0000000180)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x24, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r9, {}, {0x0, 0xffff}, {0xffff, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x2)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
ioctl$VHOST_VDPA_GET_STATUS(r10, 0x8001af71, &(0x7f0000000100))

1m5.325594162s ago: executing program 3 (id=1687):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x1, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000180)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$int_in(r5, 0x5452, 0x0)
connect$can_bcm(r5, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYRES64=r3], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0)
sendmsg$can_bcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB='\a'], 0x48}}, 0x24000004)
ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000300)="4ce1a9361118344ab795da35c0b0c43ce79cebc233481a2b8e278bcb05d229695b28013ecf64070e71d61f7e26fe6da8962e6aa8d71f487d49aa3a7f51b915228900198fed93a311f0b80dc6b80a321c9ec2db8166e103d68669f5617fb200d5038bdbaa7804083074e786f4", 0x1000}, 0x38)
ioctl$BTRFS_IOC_BALANCE_V2(r6, 0xc4009420, &(0x7f00000004c0)={0x4, 0x1, {0x9, @struct={0xf, 0x1}, 0x0, 0xa6f, 0x6, 0xd2, 0xe6d, 0x7, 0x12, @struct={0x6f, 0x5}, 0xbb26, 0x1, [0x0, 0xf, 0x7, 0x1000, 0x6d, 0x1]}, {0x0, @usage=0x66b9abb, <r7=>0x0, 0x6a15ac5a, 0x7, 0x4, 0x7, 0x8001, 0x410, @usage=0x6, 0xb1, 0x80000000, [0x3ff, 0x5, 0x2f2, 0x191, 0x2, 0x9]}, {0x7fff, @usage=0x7, 0x0, 0x3, 0x7, 0x80000001, 0x7ff, 0x7, 0xc8, @usage=0x2, 0x300c, 0x8, [0x7, 0x5, 0x6, 0x0, 0xffffffff, 0x800]}, {0x2, 0x200, 0xffffffffffffffff}})
ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, &(0x7f00000008c0)={r7, 0x3, 0x5})
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe)

1m5.076620896s ago: executing program 3 (id=1690):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@utf8no}, {@uni_xlateno}, {@fat=@errors_remount}, {@fat=@check_strict}, {@fat=@codepage={'codepage', 0x3d, '936'}}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@fat=@fmask={'fmask', 0x3d, 0xfffffffffffffff9}}, {@utf8no}, {@uni_xlate}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'cp864'}}, {@rodir}], [{@dont_appraise}]}, 0x26, 0x33d, &(0x7f0000000600)="$eJzs3U1oHGUYAOB3M0k2DdTkIBQ9rd4EKU3Eg54SSoViDloZ/LsYbOpPNhayuBAPSXNRPCpeBD1560GPPYsHEW8evFpBquLF3gItjszOZHf2J3ZVNvXneQ7l5f3ed79vph/ZSch+eWklNi/OxKWbN2/E3FwtplfOrsRBLRZjKpIoXAkA4L/kIMvi16xw5+r35w+j2QmvCwCYnM77/ysne4n63VwNAHAcxvz+/6mR2csTWxYAMEEHMfD+/2Df8MCP+ae7vxMAAPx7PfP8C0+urkVcaDTmIrbeaaftNB7vja9eiteiGRtxJhbidkTxoFA8LeT/PnF+7dyZRu7HxUjzjnYasbXXTosnhdWk01+PpViIxbI/6/Ynef9Sp78REVf22ulU3l9rpzMxX87/3XxsxHIsxL1D/RHn184tN8oXSPN5i/kj9mPu8CLy9Z+Ohfjm5bgczbgYeW9v/btLjcbZbK2vv3213qkDAAAAAAAAAAAAAAAAAAAAAIBJON3oWuyef5Nt7bXfvjBYsNh3Pk5aDJfnA+0X5wNl9cPTed5NBs8H6j+fp51Ox9RdvXIAAAAAAAAAAAAAAAAAAAD452jtzMZ6s7mx3dp5a7Ma7FUyb3z16RcnYrDm9aSXieni5fpqylxUupLotmfd9izpqymDJKJXfPVad8XVmnr3Koba86A+NFQr17TebJ584IePRnX91sskMXRb+oNaOX9laOueIvUHXUcHy3eouZ5l2VHtux8Od0UtYnroP+7vBLNl8OWNV+97pHXq0c7Q5+WhDw89vPDs9Q8++XlzvRnlrWk2Z7dbt7O/PGlS2T+18j7XRuyE0cF+L7O/3dpZT7795bn73/t6oDgZvX+yaubNo+f6bDAzWwT5Mse50pkRm3908OKt7u798zfz1Mcr69d2v/9p3K7KFwkHdQAAAAAAAAAAAAAAAAAAwLGofFZ8LMVnrx97erKrAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDj1fv7/5VgfygzTnBrL4aH6hvbrSMnP3GslwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/Y7wEAAP//SSV3Bg==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001240)='cgroup.controllers\x00', 0x275a, 0x0)

1m4.701082331s ago: executing program 3 (id=1696):
syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f00000002c0)='./file0/file0\x00', 0x141840, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
unlink(&(0x7f0000000300)='./file0/file0\x00')
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000140)={'syztnl1\x00', <r1=>0x0, 0x20, 0x7, 0x2, 0x1, {{0x10, 0x4, 0x3, 0x5, 0x40, 0x66, 0x0, 0x1, 0x29, 0x0, @local, @empty, {[@generic={0x83, 0x9, "3a88981bb345d2"}, @lsrr={0x83, 0x13, 0xb5, [@broadcast, @loopback, @multicast2, @private=0xa010102]}, @noop, @ra={0x94, 0x4}, @ssrr={0x89, 0xb, 0xb2, [@loopback, @broadcast]}]}}}}})
setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f00000000c0)={@local, @empty, r1}, 0xc)

1m4.396084576s ago: executing program 34 (id=1696):
syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f00000002c0)='./file0/file0\x00', 0x141840, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
unlink(&(0x7f0000000300)='./file0/file0\x00')
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000140)={'syztnl1\x00', <r1=>0x0, 0x20, 0x7, 0x2, 0x1, {{0x10, 0x4, 0x3, 0x5, 0x40, 0x66, 0x0, 0x1, 0x29, 0x0, @local, @empty, {[@generic={0x83, 0x9, "3a88981bb345d2"}, @lsrr={0x83, 0x13, 0xb5, [@broadcast, @loopback, @multicast2, @private=0xa010102]}, @noop, @ra={0x94, 0x4}, @ssrr={0x89, 0xb, 0xb2, [@loopback, @broadcast]}]}}}}})
setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f00000000c0)={@local, @empty, r1}, 0xc)

2.023006169s ago: executing program 7 (id=2723):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, 0x0, 0x0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x10000}, 0x0, 0x0)

1.636938455s ago: executing program 6 (id=2733):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x40002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x19)
ioctl$TIOCSTI(r0, 0x5412, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0)
r3 = dup3(r1, r2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
sendmsg$NL80211_CMD_TDLS_OPER(r3, 0x0, 0x800)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x189001, 0x0)
write$binfmt_aout(r4, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ff00"})
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_pts(r4, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

1.491266337s ago: executing program 5 (id=2737):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000300)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

1.365772909s ago: executing program 5 (id=2738):
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000000000)=""/149, 0x95)
lseek(r1, 0x7ff, 0x1)
getdents64(r1, 0x0, 0x10)

1.29279309s ago: executing program 6 (id=2739):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
listen(r1, 0x0)
listen(r0, 0x0)

1.172180312s ago: executing program 6 (id=2740):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x48)

1.093704314s ago: executing program 6 (id=2742):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafbe863cac50580cd8b", 0x17}, {&(0x7f0000000440)="9c74dfbf77572856c809ff86bb648daf351a32ad5ea7e5599da7a5b3d468381d8ff50420", 0x24}], 0x2)

1.092857163s ago: executing program 5 (id=2743):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000000)=""/32)

1.043764054s ago: executing program 7 (id=2746):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c0000001000370401000000ffdbdf2500000000", @ANYRES32=r1, @ANYBLOB="890c0400010000000500100005000000240012800b0001006772657461700000140002800800040003000000060003008000000045"], 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @multicast2}}}], 0x20}}], 0x1, 0x4040880)

996.884625ms ago: executing program 5 (id=2747):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

996.552775ms ago: executing program 7 (id=2748):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg$unix(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001e00)=""/4096, 0x1000}], 0x1}, 0x40010000)

973.736335ms ago: executing program 6 (id=2749):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

973.204886ms ago: executing program 5 (id=2750):
r0 = fsopen(&(0x7f0000000080)='proc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000180)='rootcontext', &(0x7f0000000040)='E\xe1\x85\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c250000000000202020"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00'}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

897.626116ms ago: executing program 6 (id=2751):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000845, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})

823.499917ms ago: executing program 1 (id=2754):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r2)
r3 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r7=>0x0})
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000180)=0x10, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10)
bind$xdp(r3, &(0x7f0000000240)={0x2c, 0x1, r4, 0x13, r5}, 0x10)

733.777429ms ago: executing program 7 (id=2755):
r0 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x400, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x11a}, 0x20)

733.412649ms ago: executing program 7 (id=2756):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x68, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x6, 0x6}, 0x3c)

732.979649ms ago: executing program 7 (id=2757):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@journal_dev={'journal_dev', 0x3d, 0x2d353}}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
fchown(r0, 0xffffffffffffffff, 0xee01)

338.236315ms ago: executing program 1 (id=2758):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f00000001c0)='ext4_error\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='ext4_error\x00', r0, 0x0, 0x141147af}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x0, &(0x7f0000000080), 0x64, 0x52a, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDvOPZ2s5ttUuAAlSiFFmVXsHbS0DbiUIqE4FQJKPclJE4UxYmj2Gk3VkWy4g9AQgiQOMGFCxJ/ABKqxIUjQqoEZxAgEIItHDiUDrI9SfNjnHi3bpyNPx9pMu/ND3/fc/TG82aeZgIYWU9HxMsR8W6aprciYjJbXsim2OtO7e3evv/GYntKIk1f/WcSSbZs/7OSbH492+1qRHz9KxHfSk7Gbey01hZqtepWlq801zcrjZ3W7dX1hZXqSnVjbm72hfkX55+fnxlIPW9ExEtf+usPvvuzL7/0q8++/qc7f7/57XaxJrL1h+vxgIqnrexWvdT5Lg7vsPWQwS6iYqeGmfG8LcZOLLn3AZcJAIB87XP8D0XEpyLiVkzG2OmnswAAAMAjKP3CRLyTRKT5rvRYDgAAADxCCp0xsEmhnI0FmIhCoVzujuH9SFwr1OqN5meW69sbS92xslNRKiyv1qoz2VjhqSgl7fxsJ/1e/rlj+bmIeCIivj853smXF+u1pWFf/AAAAIARcf1Y//8/k93+PwAAAHDJTA27AAAAAMAHTv8fAAAALj/9fwAAALjUvvrKK+0p3X//9dJrO9tr9dduL1Uba+X17cXyYn1rs7xSr690ntm3ftbn1er1zc/FxvbdSrPaaFYaO6076/Xtjead1SOvwAYAAADO0ROfePMPSUTsfX68M7Vd6W/XPjcDLqriQSrJ5jnN+o+Pd+d/OadCAedibNgFAIamOOwCAENTGnYBgKFLjmZPdAt6Dt75bTb/5ODLBAAADNb0x3rf/y+cuufe6auBC08jhtHl/j+Mrs79/35H8jpZgEul5AwARt6h+//pbs76M+//nylNH7xUAADAIE10pqRQzi7vTUShUC5H3Oi8FqCULK/WqjMR8XhE/H6y9Fg7P9vZMzk+ZhgAAAAAAAAAAAAAAAAAAAAAAAAA6CFNk0gBAACASy2i8Lfk191n+U9PPjtx/PrAleS/k5G9IvT1H7/6w7sLzebWbHv5vw6WN3+ULX9uGFcwAAAAYCQ80Av89/vp+/14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABikt++/sbg/nWfcf3wxIqby4hfjamd+NUoRce3fSRQP7ZdExNgA4o+3/3w0L37SLtZByLz44wOIv3fv1PgxlX0LefGvDyA+jLI328efl/PaXyGe7szz218x4kj+YfU+/sXB8W+sR/u/0WeMJ9/6RaVn/HsRTxbzjz/78ZMe8Z/pM/43v9Fq9VqX/iRiOvf3JzkSq9Jc36w0dlq3V9cXVqor1Y25udkX5l+cf35+prK8Wqtmf+OxnBjf+/gv3z2t/td6xJ86o/7P9ln//7119/6Hu8lSXvybz+TE/81Psy1Oxi9kv32fztLt9dP76b1u+rCnfv67p06r/1KP+uf//3cP6n+zz/rf+tp3/tznpgDAOWjstNYWarXq1qVNtHvpF6AYo5R4J70QxTg7sdtaW0h3B9UK0jRN223qfXxOEhfha+kkhn1kAgAABu29k/6H2v3qwAsEAAAAAAAAAAAAAAAAAAAAI+g8Hid2PObeQSoZxCO0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG4v8BAAD//6fG3GI=")
creat(&(0x7f0000000140)='./file0\x00', 0x14)
inotify_init1(0x0)

300.267416ms ago: executing program 1 (id=2759):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c0000001000370401000000ffdbdf2500000000", @ANYRES32=r1, @ANYBLOB="890c0400010000000500100005000000240012800b0001006772657461700000140002800800040003000000060003008000000045fb10f08a20e55dc31a"], 0x4c}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @multicast2}}}], 0x20}}], 0x1, 0x4040880)

282.749046ms ago: executing program 1 (id=2760):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000200000000000000001809"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
signalfd4(r0, &(0x7f0000000300)={[0x6]}, 0x8, 0x80000)

282.384856ms ago: executing program 2 (id=2761):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r2, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r2}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)

141.661968ms ago: executing program 2 (id=2762):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
sendmsg$tipc(r4, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)

141.320768ms ago: executing program 2 (id=2763):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b00)={0x40, 0x2, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_TUPLE={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x38}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0xc000)

140.831038ms ago: executing program 1 (id=2764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x200000}}}, 0x32)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

137.458368ms ago: executing program 2 (id=2765):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300000f0000000000000000000000010018000000000005000600000000000a00000000000000fc0200000700000000000000000000000000000000000000020001000000000000000218ff00000005000500000000000a"], 0x78}, 0x1, 0x7}, 0x0)
socket$inet6(0xa, 0x3, 0x87)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x2)
sendmsg$IPSET_CMD_ADD(r2, 0x0, 0x80)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)

102.192108ms ago: executing program 5 (id=2766):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000680)=@newtaction={0x44c, 0x31, 0x1, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x0, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa1, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0xb1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400044, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x8, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0xd, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x40, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1]}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44c}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100000005000000", 0x29}], 0x1)

45.615549ms ago: executing program 1 (id=2767):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@noblock_validity}, {@journal_path={'journal_path', 0x3d, './file0/../file0/../file0/../file0'}}, {@jqfmt_vfsold}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x448, &(0x7f00000006c0)="$eJzs28tvG8UfAPDv2nH6/iW/qjzaRhAoiIhH0qSl9MAFBBIHkJDgUI4hSatQt0FNkGgVQUCoHFEl7ogjEn8BJ7gg4IQER7ijShXKpYWT0dq7ie3aeTpxwZ+PtPXM7rgzX++OPbOTDaBnDaf/JBEHI+K3iBioZRsLDNde7iwvTv21vDiVRKXyxp9Jtdzt5cWpvGj+vgN5pi+i8EkSx1vUO3/12sXJcnnmSpYfW7j07tj81WvPzF6avDBzYebyxNmzp0+NP3dm4tmOxJnGdfvYB3NDR19568ZrU+duvP3j10kef1McHTK81sHHK5UOV9ddh+rSSV8XG8KmFGvdNErV/j8QxVg9eQPx8sddbRywoyqVSuX+9oeXKsB/WBLdbgHQHfkPfTr/zbc1BwxJR4cfXXfrhdoEKI37TrbVjvRFIStTaprfdtJwRJxb+vuLdIuduQ8BANDg23T883Sr8V8h6u8L/S9bQxmMiP9HxOGIOBMRRyLivohq2Qci4sFN1t+8SHL3+Kdwc0uBbVA6/ns+W9tqHP/lo78YLGa5Q9X4S8n52fLMyewzGYnSnjQ/vkYd3730y2ftjtWP/9ItrT8fC2btuNm3p/E905MLk9uJud6tjyKO9bWKP1lZCUiH/Ecj4tgW65h98quhdsfWj38NHVhnqnwZ8UTt/C9FU/y5ZO31ybG9UZ45OZZfFXf76efrr7erf1vxd0B6/ve3vP5X4h9M6tdr5zdfx/XfP207p9n09b+3dv33J282/D/vTy4sXBmP6E9erTW6fv9EU7mJ1fJp/CMnWvf/w7H6SRyPiKHsO+GhiHg4a/sjEfFoRJxoEVspe/3hxcfe2Xr8OyuNf3qd8/9rw/lfTfRH854s0R8Ne4oXv/+modLBzcSfnv/T1dRItmcj338t29Uisd3PDwAAAP4NChFxMJLC6Eq6UBgdrf0N/5HYXyjPzS88dX7uvcvTtWcEBqNUyO90DdTdDx3PpvV5fqIpfyq7b/x5cV81Pzo1V57udvDQ4w606f+pP4rdbh2w4zyvBb1L/4fepf9D79L/oXe16P/7utEOYPe1+v3/sAvtAHZfU/+37Ac9xPwfepf+D71L/4eeNL8v1n9IXmLDif64J5qxC4ko3BPNkNihRLe/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrjnwAAAP//Mijl7w==")
mount$bind(&(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x33ab408, 0x0)
r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, &(0x7f0000000500))
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180))
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
socketpair(0xf, 0x3, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, 0x0, 0x0)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$LOOP_CTL_GET_FREE(r7, 0x4c82)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r9, 0x560a, &(0x7f0000000300)={0x0, 0x0, 0x2c, 0x4, 0x104, 0x1})
ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, r8)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c20000000180c200000008004500001c006600000011907a0a010101e0000009000017c100089078cc4098404734b905403cbf07909fb1fa3091e787eb294f17b90271171992517768273be69b3c875d03c6d0bd2c370b7fcd809a24a586186b1514c63a65eaad0f36aeac7f90474d9700b9"], 0x0)

45.257419ms ago: executing program 2 (id=2768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x4e9, &(0x7f00000000c0)="$eJzs3d9rW9cdAPDvla3MTpzZ2faQBZaYsZGELZIdL4nZQ5LB2J4C27J3z7NlYyxbxpKT2IThsOcxGGMb28v61JdC/4BCyZ9QCoH2PZTSEtokfehDWxVJV4nrSnZCJCuxPx84vuf+0P1+j4SOdO691g3gwBqNiKsR0RcRZyNiOF2eSUtsNkptu0cPb8/UShLV6vVPkkjSZc19Jen0SPqwgYj4w28j/pwkjQVblNc3FqeLxcJqOp+vLK3ky+sb5xaWpucL84XliYnxi5OXJi9MjnWsrZd//eG//v76by6//fOb96c+PvOXWr5D6bqt7eikxnOSrT8XTf0RsdqNYD3Ql7Yn+ywbJ93PBwCAndW+438vIn4cEY//2+tsAAAAgG6oXhmKL5KIKgAAALBvZerXwCaZXHotwFBkMrlc4xreH8SVKJbKlZ/NldaWZxvXyo5ENjO3UCyMpdcKj0Q2qc2P1+tP589vm5+IiGMR8c/hwfp8bqZUnO31wQ8AAAA4IGrj/KFMo16bfDbcGP8DAAAA+8xIrxMAAAAAus74HwAAAPa/b4//RxuTpH/vkwEAAAA67XfXrtVKtXn/69kb62uLpRvnZgvlxdzS2kxuprS6kpsvlebrv9m3tNv+iqXSyi9iee1WvlIoV/Ll9Y2ppdLacmWqfl/vqcIz3ScaAAAA6Khjp+6+n0TE5i8H66XmULrOWB32t8zzbZ50Kw9g7/X1OgGgZ1zgCweXMT6w28B+YI/yAAAAuuf0D5+c/x+MLef/j953bAD2u+c8/w/sI87/w8G17fz//3uVB7D3jPGB3Y4DtD3//07ncwEAALpjqF6STC4dAwxFJpPLRRyt3xYgm8wtFAtjEfHdiHhvOPud2vx4r5MGAAAAAAAAAAAAAAAAAAAAAAAAgFdMtZpEFQAAANjXIjIfJRGRxEDE8E+Gth8fOJR8PlyfRsTN/13/963pSmV1vLb80yfLK/9Jl5/vxREMAAAAYLvmOL05jgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATnr08PZMs+xl3Ae/ioiRVvH7Y6A+HYhsRBx+nET/lsclEdHXgfibdyLieKv4SS2tGEmz2B4/ExGDPY5/pAPx4SC7W+t/rrZ6/2VitD5t/f7rT8uLejDarv/LPOn/+tr0f0d32fehdHri3pv5tvHvRJzob93/NOMnL9j//umPGxvt1lVfizjd8vMn+UasfGVpJV9e3zi3sDQ9X5gvLE9MjF+cvDR5YXIsP7dQLKR/W8b4x4/e+mqn9h9uE3+kXfuTRk7Vaut9nto2/+W9Ww+/32rDJOLB39J6i9f/eLv46XP/0/RzoLb+dLO+2ahvdfKNd0/u1P7ZNu3f7fU/026n25z9/V8/aNSyz/gIAKCbyusbi9PFYmH1Va/UGvMSpNHByujLkYbKwaz0umcCAAA67emX/l5nAgAAAAAAAAAAAAAAAAAAAAdX8///m7/l3I2fE9sab6BZSZI9bysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE6+DgAA///TSdFe")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

0s ago: executing program 2 (id=2769):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x9, 0x1, 0x80000001}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

kernel console output (not intermixed with test programs):

31495][   T30] audit: type=1326 audit(2000000023.120:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5754 comm="syz.5.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  347.158424][ T5759] loop6: detected capacity change from 0 to 256
[  347.164921][   T30] audit: type=1326 audit(2000000023.120:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5754 comm="syz.5.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  347.188452][   T30] audit: type=1326 audit(2000000023.120:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5754 comm="syz.5.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  347.213236][   T30] audit: type=1326 audit(2000000023.120:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5754 comm="syz.5.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  347.268188][ T5759] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  347.322379][ T5755] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  347.339302][ T5755] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  347.360862][ T5763] loop2: detected capacity change from 0 to 512
[  347.401887][ T5773] loop6: detected capacity change from 0 to 512
[  347.635671][ T5763] EXT4-fs (loop2): orphan cleanup on readonly fs
[  347.679075][ T5773] EXT4-fs error (device loop6): mb_free_blocks:1865: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  347.694294][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.700941][ T5773] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #16: comm syz.6.1654: corrupted inode contents
[  347.713210][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.719796][ T5773] EXT4-fs error (device loop6): ext4_dirty_inode:6070: inode #16: comm syz.6.1654: mark_inode_dirty error
[  347.733334][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.739939][ T5773] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #16: comm syz.6.1654: corrupted inode contents
[  347.752041][ T5763] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1652: bg 0: block 248: padding at end of block bitmap is not set
[  347.752198][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.772982][ T5773] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #16: comm syz.6.1654: mark_inode_dirty error
[  347.784609][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.791259][ T5773] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #16: comm syz.6.1654: corrupted inode contents
[  347.793919][ T5763] EXT4-fs error (device loop2): ext4_acquire_dquot:6195: comm syz.2.1652: Failed to acquire dquot type 1
[  347.805568][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.821161][ T5773] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #16: comm syz.6.1654: mark_inode_dirty error
[  347.823742][ T5763] EXT4-fs (loop2): 1 truncate cleaned up
[  347.839541][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.844675][ T5763] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,inode_readahead_blks=0x0000000000200000,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback.
[  347.846150][ T5773] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #16: comm syz.6.1654: corrupted inode contents
[  347.880478][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.887027][ T5773] EXT4-fs error (device loop6): ext4_truncate:4304: inode #16: comm syz.6.1654: mark_inode_dirty error
[  347.898821][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.905392][ T5773] EXT4-fs error (device loop6): ext4_evict_inode:294: comm syz.6.1654: couldn't truncate inode 16 (err -117)
[  347.917389][ T5773] EXT4-fs (loop6): Remounting filesystem read-only
[  347.924012][ T5773] EXT4-fs (loop6): 1 orphan inode deleted
[  347.929800][ T5773] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,grpquota,lazytime,stripe=0x0000000000008000,resgid=0x0000000000000000,sysvgroups,noauto_da_alloc,usrquota,. Quota mode: writeback.
[  347.951142][ T5773] ext4 filesystem being mounted at /161/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.473633][ T5795] loop2: detected capacity change from 0 to 1024
[  348.498314][ T5797] loop5: detected capacity change from 0 to 256
[  348.513957][ T5797] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  348.525358][ T5797] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  348.539368][ T5797] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  348.564099][ T5795] EXT4-fs (loop2): Ignoring removed orlov option
[  348.590356][ T5795] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  348.666514][ T5801] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  348.681511][ T5795] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  348.722442][ T5806] loop3: detected capacity change from 0 to 128
[  348.754538][ T5811] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5811 comm=syz.6.1666
[  348.790510][ T5806] incfs: Can't find or create .index dir in ./file0
[  348.794435][ T5814] loop6: detected capacity change from 0 to 1024
[  348.797203][ T5806] incfs: mount failed -30
[  348.910006][ T5814] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000003,. Quota mode: none.
[  348.924178][ T5814] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.988096][  T477] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  349.823338][ T5831] usb usb8: usbfs: process 5831 (syz.6.1672) did not claim interface 0 before use
[  349.834275][ T5831] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1672'.
[  350.218946][ T5836] loop3: detected capacity change from 0 to 256
[  350.228905][ T5838] loop6: detected capacity change from 0 to 256
[  350.291646][ T5836] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  350.299772][ T5838] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  350.318277][ T5838] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  350.346374][ T5838] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  350.398090][  T477] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.419548][  T477] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.441727][  T477] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  350.459638][  T477] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.540716][  T477] usb 3-1: config 0 descriptor??
[  350.602327][ T5845] loop3: detected capacity change from 0 to 256
[  350.616852][ T5845] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  350.888627][ T5856] loop3: detected capacity change from 0 to 1024
[  350.948127][ T5856] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000003,. Quota mode: none.
[  350.962018][ T5856] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  351.049019][  T477] arvo 0003:1E7D:30D4.000F: unknown main item tag 0x0
[  351.061918][  T477] arvo 0003:1E7D:30D4.000F: item fetching failed at offset 5/7
[  351.073612][  T477] arvo 0003:1E7D:30D4.000F: parse failed
[  351.079531][  T477] arvo: probe of 0003:1E7D:30D4.000F failed with error -22
[  351.327701][ T5867] loop3: detected capacity change from 0 to 1024
[  351.521740][ T5867] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1683'.
[  351.702993][ T5867] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5867 comm=syz.3.1683
[  352.433052][ T5874] loop3: detected capacity change from 0 to 256
[  352.491556][  T752] usb 3-1: USB disconnect, device number 14
[  352.508604][ T5874] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  352.536793][ T5878] loop6: detected capacity change from 0 to 256
[  352.558055][ T5874] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  352.609582][ T5874] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  352.636687][ T5878] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  352.672433][   T30] kauditd_printk_skb: 60 callbacks suppressed
[  352.672450][   T30] audit: type=1400 audit(2000000028.750:3233): avc:  denied  { remove_name } for  pid=284 comm="syz-executor" name="file0" dev="loop3" ino=1048734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  352.735526][   T30] audit: type=1400 audit(2000000028.750:3234): avc:  denied  { unlink } for  pid=284 comm="syz-executor" name="file0" dev="loop3" ino=1048734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  352.774257][   T30] audit: type=1400 audit(2000000028.790:3235): avc:  denied  { rmdir } for  pid=284 comm="syz-executor" name="file0" dev="loop3" ino=1048732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  352.835549][   T30] audit: type=1400 audit(2000000028.910:3236): avc:  denied  { relabelfrom } for  pid=5869 comm="syz.1.1685" name="NETLINK" dev="sockfs" ino=33995 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  352.878518][   T30] audit: type=1400 audit(2000000028.960:3237): avc:  denied  { relabelto } for  pid=5869 comm="syz.1.1685" name="NETLINK" dev="sockfs" ino=33995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[  352.919006][   T30] audit: type=1400 audit(2000000029.000:3238): avc:  denied  { create } for  pid=5869 comm="syz.1.1685" dev="anon_inodefs" ino=34001 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  352.948676][   T30] audit: type=1400 audit(2000000029.000:3239): avc:  denied  { ioctl } for  pid=5869 comm="syz.1.1685" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=34001 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  352.991432][ T5880] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1692'.
[  353.055078][ T4600] tipc: Disabling bearer <udp:syz2>
[  353.061093][ T4600] tipc: Left network mode
[  353.401663][   T30] audit: type=1400 audit(2000000029.480:3240): avc:  denied  { mounton } for  pid=5898 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  353.517527][ T5898] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.525001][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.532991][ T5898] device bridge_slave_0 entered promiscuous mode
[  353.540421][ T5898] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.547605][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.555243][ T5898] device bridge_slave_1 entered promiscuous mode
[  353.949160][ T5909] loop6: detected capacity change from 0 to 256
[  353.949705][ T5907] loop5: detected capacity change from 0 to 256
[  353.969449][ T5907] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  353.980267][ T5907] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  353.992099][ T5907] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  354.025222][ T5909] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  354.047307][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  354.055306][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  354.080209][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  354.088781][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  354.097105][ T4498] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.104197][ T4498] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.113015][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  354.138681][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  354.147714][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  354.159354][   T30] audit: type=1326 audit(2000000030.240:3241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5912 comm="syz.5.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  354.162207][ T4498] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.189886][ T4498] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.197432][   T30] audit: type=1326 audit(2000000030.240:3242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5912 comm="syz.5.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  354.253642][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  354.262095][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  354.304861][ T5918] loop6: detected capacity change from 0 to 1024
[  354.314864][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  354.325599][ T5920] FAULT_INJECTION: forcing a failure.
[  354.325599][ T5920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.353428][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  354.359070][ T5924] loop2: detected capacity change from 0 to 1024
[  354.365993][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  354.367722][ T5920] CPU: 1 PID: 5920 Comm: syz.5.1706 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  354.386107][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  354.396175][ T5920] Call Trace:
[  354.399462][ T5920]  <TASK>
[  354.402391][ T5920]  __dump_stack+0x21/0x30
[  354.406724][ T5920]  dump_stack_lvl+0xee/0x150
[  354.411338][ T5920]  ? show_regs_print_info+0x20/0x20
[  354.416540][ T5920]  dump_stack+0x15/0x20
[  354.420702][ T5920]  should_fail+0x3c1/0x510
[  354.425121][ T5920]  should_fail_usercopy+0x1a/0x20
[  354.430172][ T5920]  _copy_from_iter+0x21a/0x1050
[  354.435135][ T5920]  ? __kasan_check_write+0x14/0x20
[  354.440265][ T5920]  ? skb_set_owner_w+0x24d/0x370
[  354.445224][ T5920]  ? copy_mc_pipe_to_iter+0x770/0x770
[  354.450699][ T5920]  ? __kernel_text_address+0xa0/0x100
[  354.456248][ T5920]  ? check_stack_object+0x81/0x140
[  354.461373][ T5920]  ? __kasan_check_read+0x11/0x20
[  354.466421][ T5920]  ? __check_object_size+0x2f4/0x3c0
[  354.471970][ T5920]  skb_copy_datagram_from_iter+0xfa/0x6b0
[  354.477698][ T5920]  ? skb_put+0x10e/0x1f0
[  354.481946][ T5920]  tun_get_user+0xc3c/0x33c0
[  354.486544][ T5920]  ? __kasan_init_slab_obj+0x10/0x40
[  354.491839][ T5920]  ? kmem_cache_free+0x100/0x320
[  354.496785][ T5920]  ? __x64_sys_openat+0x136/0x160
[  354.501816][ T5920]  ? x64_sys_call+0x219/0x9a0
[  354.506502][ T5920]  ? tun_do_read+0x1c40/0x1c40
[  354.511273][ T5920]  ? kstrtouint_from_user+0x1a0/0x200
[  354.516656][ T5920]  ? kstrtol_from_user+0x260/0x260
[  354.521767][ T5920]  ? dev_map_hash_lookup_elem+0xac/0x180
[  354.527403][ T5920]  ? avc_policy_seqno+0x1b/0x70
[  354.532262][ T5920]  ? selinux_file_permission+0x2aa/0x510
[  354.537903][ T5920]  tun_chr_write_iter+0x1eb/0x2e0
[  354.542939][ T5920]  vfs_write+0x802/0xf70
[  354.547183][ T5920]  ? file_end_write+0x1b0/0x1b0
[  354.552050][ T5920]  ? __fget_files+0x2c4/0x320
[  354.556732][ T5920]  ? __fdget_pos+0x1f7/0x380
[  354.561339][ T5920]  ? ksys_write+0x71/0x240
[  354.565775][ T5920]  ksys_write+0x140/0x240
[  354.570126][ T5920]  ? __ia32_sys_read+0x90/0x90
[  354.574899][ T5920]  ? debug_smp_processor_id+0x17/0x20
[  354.580275][ T5920]  __x64_sys_write+0x7b/0x90
[  354.584869][ T5920]  x64_sys_call+0x8ef/0x9a0
[  354.589385][ T5920]  do_syscall_64+0x4c/0xa0
[  354.593818][ T5920]  ? clear_bhb_loop+0x50/0xa0
[  354.598504][ T5920]  ? clear_bhb_loop+0x50/0xa0
[  354.603190][ T5920]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  354.609087][ T5920] RIP: 0033:0x7eff9f3fb3df
[  354.613505][ T5920] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  354.633139][ T5920] RSP: 002b:00007eff9da65000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  354.641570][ T5920] RAX: ffffffffffffffda RBX: 00007eff9f623fa0 RCX: 00007eff9f3fb3df
[  354.649627][ T5920] RDX: 000000000000fdef RSI: 0000200000001b80 RDI: 00000000000000c8
[  354.657604][ T5920] RBP: 00007eff9da65090 R08: 0000000000000000 R09: 0000000000000000
[  354.665750][ T5920] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000001
[  354.673721][ T5920] R13: 0000000000000000 R14: 00007eff9f623fa0 R15: 00007ffda48789c8
[  354.681704][ T5920]  </TASK>
[  354.689994][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  354.699220][ T5898] device veth0_vlan entered promiscuous mode
[  354.708670][ T5924] EXT4-fs (loop2): Ignoring removed orlov option
[  354.723025][ T5924] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  354.731073][ T4600] device bridge_slave_1 left promiscuous mode
[  354.737251][ T4600] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.745696][ T5918] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000003,. Quota mode: none.
[  354.746715][ T5931] loop5: detected capacity change from 0 to 1024
[  354.760529][ T5918] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  354.777098][ T4600] device bridge_slave_0 left promiscuous mode
[  354.783457][ T4600] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.792392][ T5924] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  354.801574][ T5931] EXT4-fs (loop5): Ignoring removed orlov option
[  354.821295][ T4600] device veth1_macvtap left promiscuous mode
[  354.827342][ T4600] device veth0_vlan left promiscuous mode
[  354.838096][ T5931] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  354.867064][ T5931] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  354.868430][ T5939] loop6: detected capacity change from 0 to 256
[  354.910981][ T5939] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  354.924581][ T5939] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  354.934676][ T5939] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  355.003687][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  355.012121][ T4535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  355.027445][ T5898] device veth1_macvtap entered promiscuous mode
[  355.031274][ T5941] loop6: detected capacity change from 0 to 256
[  355.041032][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  355.049367][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  355.057760][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  355.067895][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  355.076353][ T4498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  355.102823][ T5941] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  355.118135][  T335] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  355.129419][ T5943] loop7: detected capacity change from 0 to 512
[  355.160952][ T5943] EXT4-fs error (device loop7): mb_free_blocks:1865: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  355.176057][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.182700][ T5943] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1698: corrupted inode contents
[  355.195246][  T752] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  355.206008][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.212172][ T5947] loop6: detected capacity change from 0 to 256
[  355.212930][ T5943] EXT4-fs error (device loop7): ext4_dirty_inode:6070: inode #16: comm syz.7.1698: mark_inode_dirty error
[  355.230656][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.237220][ T5943] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1698: corrupted inode contents
[  355.249687][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.256248][ T5943] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #16: comm syz.7.1698: mark_inode_dirty error
[  355.267944][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.274597][ T5943] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1698: corrupted inode contents
[  355.286764][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.293363][ T5943] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #16: comm syz.7.1698: mark_inode_dirty error
[  355.308205][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.314791][ T5943] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1698: corrupted inode contents
[  355.327025][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.333667][ T5943] EXT4-fs error (device loop7): ext4_truncate:4304: inode #16: comm syz.7.1698: mark_inode_dirty error
[  355.345115][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.351736][ T5943] EXT4-fs error (device loop7): ext4_evict_inode:294: comm syz.7.1698: couldn't truncate inode 16 (err -117)
[  355.363628][ T5943] EXT4-fs (loop7): Remounting filesystem read-only
[  355.370236][ T5943] EXT4-fs (loop7): 1 orphan inode deleted
[  355.375988][ T5943] EXT4-fs (loop7): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,grpquota,lazytime,stripe=0x0000000000008000,resgid=0x0000000000000000,sysvgroups,noauto_da_alloc,usrquota,. Quota mode: writeback.
[  355.397360][ T5943] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  355.538353][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.564283][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.659285][  T335] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  355.686091][  T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.695424][  T752] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.713332][  T335] usb 3-1: config 0 descriptor??
[  355.786078][  T752] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.796367][  T752] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  355.805849][  T752] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.818230][  T752] usb 6-1: config 0 descriptor??
[  355.877451][ T5957] loop6: detected capacity change from 0 to 1024
[  355.929573][ T5957] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  356.386918][  T752] arvo 0003:1E7D:30D4.0010: unknown main item tag 0x0
[  356.400555][  T335] arvo 0003:1E7D:30D4.0011: unknown main item tag 0x0
[  356.452748][  T335] arvo 0003:1E7D:30D4.0011: item fetching failed at offset 5/7
[  356.468421][  T752] arvo 0003:1E7D:30D4.0010: item fetching failed at offset 5/7
[  356.495544][  T335] arvo 0003:1E7D:30D4.0011: parse failed
[  356.503225][  T752] arvo 0003:1E7D:30D4.0010: parse failed
[  356.509172][  T752] arvo: probe of 0003:1E7D:30D4.0010 failed with error -22
[  356.516544][  T335] arvo: probe of 0003:1E7D:30D4.0011 failed with error -22
[  356.731357][  T335] usb 3-1: USB disconnect, device number 15
[  356.748714][  T752] usb 6-1: USB disconnect, device number 19
[  356.947878][ T5968] x_tables: duplicate underflow at hook 3
[  356.960784][ T5974] loop7: detected capacity change from 0 to 256
[  356.972817][ T5974] FAT-fs (loop7): Unrecognized mount option "kmem_cache_free" or missing value
[  357.160463][ T5976] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1033 sclass=netlink_xfrm_socket pid=5976 comm=syz.7.1720
[  357.258376][ T5971] loop6: detected capacity change from 0 to 131072
[  357.271276][ T5971] F2FS-fs (loop6): Test dummy encryption mode enabled
[  357.288673][ T5971] F2FS-fs (loop6): invalid crc value
[  357.302099][ T5971] F2FS-fs (loop6): Found nat_bits in checkpoint
[  357.402353][ T5982] syz.5.1722[5982] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  357.403026][ T5982] syz.5.1722[5982] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  357.440134][ T5983] loop2: detected capacity change from 0 to 256
[  357.503384][ T5971] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  357.519363][ T5983] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  357.558343][ T5983] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  357.591344][ T5990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1725'.
[  357.599892][ T5983] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  357.946485][ T5994] Â: renamed from pim6reg1
[  357.994150][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  357.994166][   T30] audit: type=1326 audit(2000000034.070:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.031853][ T5982] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1722'.
[  358.103189][   T30] audit: type=1326 audit(2000000034.120:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.134740][   T30] audit: type=1326 audit(2000000034.120:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.160607][ T6003] syz.7.1728 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  358.207232][   T30] audit: type=1326 audit(2000000034.120:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.231083][   T30] audit: type=1326 audit(2000000034.120:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.256134][   T30] audit: type=1326 audit(2000000034.120:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.288142][   T30] audit: type=1326 audit(2000000034.120:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.406833][   T30] audit: type=1326 audit(2000000034.120:3271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.434138][   T30] audit: type=1326 audit(2000000034.170:3272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.460461][   T30] audit: type=1326 audit(2000000034.170:3273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5996 comm="syz.7.1728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  358.511430][ T6016] loop6: detected capacity change from 0 to 1024
[  358.579676][ T6016] EXT4-fs (loop6): Ignoring removed orlov option
[  358.586177][ T6016] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option
[  358.599288][ T6016] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  358.933907][  T393] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  359.308235][ T6029] loop7: detected capacity change from 0 to 256
[  359.328283][  T393] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.339817][ T6029] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  359.355037][  T393] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.400648][  T393] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  359.411907][  T393] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.426563][  T393] usb 7-1: config 0 descriptor??
[  359.899147][  T393] arvo 0003:1E7D:30D4.0012: unknown main item tag 0x0
[  359.906012][  T393] arvo 0003:1E7D:30D4.0012: item fetching failed at offset 5/7
[  359.914691][  T393] arvo 0003:1E7D:30D4.0012: parse failed
[  359.920633][  T393] arvo: probe of 0003:1E7D:30D4.0012 failed with error -22
[  360.200750][  T333] usb 7-1: USB disconnect, device number 8
[  360.850856][ T6070] netem: change failed
[  362.802058][ T6079] loop5: detected capacity change from 0 to 40427
[  362.832494][ T6092] loop7: detected capacity change from 0 to 1024
[  362.917776][ T6079] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  362.921490][ T6092] EXT4-fs (loop7): Ignoring removed orlov option
[  362.931364][ T6079] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  362.941741][ T6079] F2FS-fs (loop5): fault_injection options not supported
[  362.949242][ T6092] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  362.957227][ T6079] F2FS-fs (loop5): fault_type options not supported
[  363.102054][ T6079] F2FS-fs (loop5): invalid crc value
[  363.218572][ T6092] EXT4-fs (loop7): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  363.242216][ T6079] F2FS-fs (loop5): Found nat_bits in checkpoint
[  363.328474][ T6111] loop2: detected capacity change from 0 to 128
[  363.342284][ T6079] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  363.351002][ T6079] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  363.378848][ T6111] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  363.399311][ T6111] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  363.419822][ T6079] attempt to access beyond end of device
[  363.419822][ T6079] loop5: rw=2049, want=53256, limit=40427
[  363.457531][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1760'.
[  363.466983][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1760'.
[  363.484610][ T6111] EXT4-fs (loop2): ext4_remount: Checksum for group 0 failed (30846!=65535)
[  363.532480][ T1398] attempt to access beyond end of device
[  363.532480][ T1398] loop5: rw=2049, want=45112, limit=40427
[  363.568099][  T752] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  363.658263][   T30] kauditd_printk_skb: 107 callbacks suppressed
[  363.658279][   T30] audit: type=1326 audit(2000000039.720:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6115 comm="syz.2.1762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  363.693164][   T30] audit: type=1326 audit(2000000039.730:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6115 comm="syz.2.1762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  363.721503][   T30] audit: type=1326 audit(2000000039.730:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6115 comm="syz.2.1762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  363.792054][ T6124] loop5: detected capacity change from 0 to 256
[  363.825547][ T6124] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  364.088428][  T752] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.100505][  T752] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  364.111490][  T752] usb 8-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  364.121704][  T752] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.140184][  T752] usb 8-1: config 0 descriptor??
[  364.225506][   T30] audit: type=1400 audit(2000000040.300:3384): avc:  denied  { setopt } for  pid=6134 comm="syz.5.1767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  364.332207][   T30] audit: type=1400 audit(2000000040.410:3385): avc:  denied  { ioctl } for  pid=6134 comm="syz.5.1767" path="socket:[33742]" dev="sockfs" ino=33742 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  364.555543][ T6139] loop2: detected capacity change from 0 to 1024
[  364.565818][ T6139] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  364.580689][ T6139] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  364.592396][ T6139] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  364.602800][ T6139] JBD2: no valid journal superblock found
[  364.608777][ T6139] EXT4-fs (loop2): error loading journal
[  364.662237][  T752] arvo 0003:1E7D:30D4.0013: unknown main item tag 0x0
[  364.669258][  T752] arvo 0003:1E7D:30D4.0013: item fetching failed at offset 5/7
[  364.676991][  T752] arvo 0003:1E7D:30D4.0013: parse failed
[  364.682735][  T752] arvo: probe of 0003:1E7D:30D4.0013 failed with error -22
[  365.114818][   T30] audit: type=1400 audit(2000000041.190:3386): avc:  denied  { setopt } for  pid=6151 comm="syz.2.1772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  365.138581][  T393] usb 8-1: USB disconnect, device number 2
[  365.221718][ T6158] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1771'.
[  366.116577][ T6163] loop6: detected capacity change from 0 to 256
[  366.123782][ T6164] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6164 comm=syz.2.1774
[  366.159114][ T6163] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  366.194568][ T6163] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  366.302208][ T6163] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  366.899751][ T6172] loop5: detected capacity change from 0 to 512
[  366.950009][ T6172] EXT4-fs (loop5): Ignoring removed oldalloc option
[  367.196234][ T6172] EXT4-fs (loop5): orphan cleanup on readonly fs
[  367.206060][ T6172] Quota error (device loop5): find_tree_dqentry: Getting block too big (196613 >= 6)
[  367.215968][ T6172] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0
[  367.225554][ T6172] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.1778: Failed to acquire dquot type 1
[  367.240955][ T6172] EXT4-fs (loop5): 1 truncate cleaned up
[  367.247224][ T6172] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsdgroups,nodiscard,oldalloc,grpjquota=,nobarrier,noquota,abort,nodiscard,nodiscard,,errors=continue. Quota mode: writeback.
[  368.213256][   T30] audit: type=1400 audit(2000000044.290:3387): avc:  denied  { read write } for  pid=6187 comm="syz.5.1782" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  368.238729][   T30] audit: type=1400 audit(2000000044.290:3388): avc:  denied  { open } for  pid=6187 comm="syz.5.1782" path="/dev/vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  368.293196][ T6186] SELinux: failed to load policy
[  368.444673][ T6205] fuse: Unknown parameter 'fd70x0000000000000006'
[  368.518257][ T6210] loop2: detected capacity change from 0 to 256
[  368.682411][ T6216] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1790'.
[  368.712863][ T6215] loop7: detected capacity change from 0 to 512
[  368.777531][ T6216] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6216 comm=syz.1.1790
[  368.839045][ T6215] EXT4-fs (loop7): Quota format mount options ignored when QUOTA feature is enabled
[  368.848932][ T6215] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  368.922507][ T6210] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  369.082356][ T6210] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  369.393846][ T6210] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  369.549849][ T6215] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8002e019, mo2=0000]
[  369.604814][ T6215] EXT4-fs (loop7): 1 truncate cleaned up
[  369.610948][ T6215] EXT4-fs (loop7): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nombcache,acl,barrier=0x000000000000000c,auto_da_alloc=0x0000000000000002,nodiscard,jqfmt=vfsold,resgid=0x00000000000000002,errors=continue. Quota mode: writeback.
[  369.646902][ T6215] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  369.669514][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  369.675944][   T30] audit: type=1400 audit(2000000045.750:3445): avc:  denied  { unlink } for  pid=6204 comm="syz.7.1789" name="file1" dev="loop7" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  369.688118][ T6215] EXT4-fs warning (device loop7): __ext4_unlink:3335: inode #15: comm syz.7.1789: Deleting file 'file1' with no links
[  369.827208][ T6204] EXT4-fs error (device loop7): ext4_free_inode:355: comm syz.7.1789: bit already cleared for inode 15
[  370.067689][ T4600] Quota error (device loop7): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  370.082606][ T4600] EXT4-fs error (device loop7): ext4_release_dquot:6231: comm kworker/u4:121: Failed to release dquot type 1
[  370.113988][   T30] audit: type=1326 audit(2000000046.190:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.197189][   T30] audit: type=1326 audit(2000000046.190:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.254222][   T30] audit: type=1326 audit(2000000046.260:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.294677][   T30] audit: type=1326 audit(2000000046.260:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.318816][   T30] audit: type=1326 audit(2000000046.260:3450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.343736][   T30] audit: type=1326 audit(2000000046.260:3451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.367284][   T30] audit: type=1326 audit(2000000046.260:3452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.392023][   T30] audit: type=1326 audit(2000000046.260:3453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.1.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  370.400962][ T6233] loop5: detected capacity change from 0 to 40427
[  370.427190][ T6251] loop7: detected capacity change from 0 to 512
[  370.464461][ T6258] overlayfs: missing 'lowerdir'
[  370.478463][ T6233] F2FS-fs (loop5): invalid crc value
[  370.486560][ T6251] EXT4-fs error (device loop7): mb_free_blocks:1865: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  370.502263][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.508909][ T6251] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1803: corrupted inode contents
[  370.521697][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.528275][ T6251] EXT4-fs error (device loop7): ext4_dirty_inode:6070: inode #16: comm syz.7.1803: mark_inode_dirty error
[  370.539922][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.546490][ T6251] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1803: corrupted inode contents
[  370.558650][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.565181][ T6251] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #16: comm syz.7.1803: mark_inode_dirty error
[  370.576686][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.583317][ T6251] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1803: corrupted inode contents
[  370.595409][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.602003][ T6251] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #16: comm syz.7.1803: mark_inode_dirty error
[  370.613812][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.620417][ T6251] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.1803: corrupted inode contents
[  370.632583][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.639151][ T6251] EXT4-fs error (device loop7): ext4_truncate:4304: inode #16: comm syz.7.1803: mark_inode_dirty error
[  370.656067][ T6254] loop6: detected capacity change from 0 to 40427
[  370.663216][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.663896][ T6233] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  370.669794][ T6251] EXT4-fs error (device loop7): ext4_evict_inode:294: comm syz.7.1803: couldn't truncate inode 16 (err -117)
[  370.704850][ T6254] F2FS-fs (loop6): fault_injection options not supported
[  370.718742][ T6254] F2FS-fs (loop6): invalid crc value
[  370.725013][ T6251] EXT4-fs (loop7): Remounting filesystem read-only
[  370.731675][ T6251] EXT4-fs (loop7): 1 orphan inode deleted
[  370.737429][ T6251] EXT4-fs (loop7): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,grpquota,lazytime,stripe=0x0000000000008000,resgid=0x0000000000000000,sysvgroups,noauto_da_alloc,usrquota,. Quota mode: writeback.
[  370.758992][ T6251] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  370.767557][ T6254] F2FS-fs (loop6): Found nat_bits in checkpoint
[  370.832943][ T6233] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  370.841296][ T6254] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  374.248538][ T6280] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6280 comm=syz.2.1810
[  375.174266][ T6304] loop5: detected capacity change from 0 to 1024
[  375.264807][ T6304] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1808'.
[  375.304080][ T6304] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6304 comm=syz.5.1808
[  377.728042][    C0] ip6_tunnel: ip6gre7 xmit: Local address not yet configured!
[  377.747812][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  377.747829][   T30] audit: type=1326 audit(2000000053.820:3513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.7.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  377.867491][ T6336] loop7: detected capacity change from 0 to 128
[  377.879529][   T30] audit: type=1326 audit(2000000053.870:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.7.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  377.903307][   T30] audit: type=1326 audit(2000000053.870:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6322 comm="syz.7.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd579dcc929 code=0x7ffc0000
[  377.936217][ T6336] incfs: Can't find or create .index dir in ./file0
[  377.951422][ T6336] incfs: mount failed -30
[  378.341908][ T6344] loop5: detected capacity change from 0 to 128
[  380.557389][ T6358] loop5: detected capacity change from 0 to 256
[  380.732753][   T30] audit: type=1326 audit(2000000056.810:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6371 comm="syz.6.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  380.833351][ T6373] syz.1.1836[6373] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  380.833434][ T6373] syz.1.1836[6373] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  380.885252][ T6369] loop7: detected capacity change from 0 to 1024
[  380.897567][   T30] audit: type=1326 audit(2000000056.850:3517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6371 comm="syz.6.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  380.933666][   T30] audit: type=1326 audit(2000000056.850:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6371 comm="syz.6.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  380.960761][ T6369] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1834'.
[  380.978181][ T6369] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6369 comm=syz.7.1834
[  381.088062][ T6380] loop6: detected capacity change from 0 to 512
[  381.151829][ T6380] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  381.159577][ T6380] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  381.837661][ T6380] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[  381.846484][ T6380] System zones: 1-12
[  381.999580][ T6380] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2228: inode #15: comm syz.6.1839: corrupted in-inode xattr
[  382.012970][ T6380] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.1839: couldn't read orphan inode 15 (err -117)
[  382.027028][ T6380] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,debug,,errors=continue. Quota mode: none.
[  382.170869][ T6380] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2228: inode #15: comm syz.6.1839: corrupted in-inode xattr
[  384.318085][ T6397] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6397 comm=syz.2.1840
[  385.179182][ T6402] loop6: detected capacity change from 0 to 256
[  385.223342][ T6401] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1846'.
[  385.225341][ T6410] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  385.233568][ T6402] tmpfs: Unknown parameter 'nolazytimeÿÿ'
[  385.329218][ T6414] loop5: detected capacity change from 0 to 512
[  385.523059][ T6414] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  385.530712][ T6414] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  385.606009][ T6414] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[  385.614494][ T6414] System zones: 1-12
[  385.656937][ T6414] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2228: inode #15: comm syz.5.1847: corrupted in-inode xattr
[  385.671040][ T6414] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.1847: couldn't read orphan inode 15 (err -117)
[  385.685340][ T6414] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,debug,,errors=continue. Quota mode: none.
[  385.745218][ T6414] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2228: inode #15: comm syz.5.1847: corrupted in-inode xattr
[  386.212399][   T30] audit: type=1326 audit(2000000062.290:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.348528][   T30] audit: type=1326 audit(2000000062.320:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.386331][ T6435] loop7: detected capacity change from 0 to 512
[  386.417012][   T30] audit: type=1326 audit(2000000062.320:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.442193][   T30] audit: type=1326 audit(2000000062.320:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.466503][   T30] audit: type=1326 audit(2000000062.320:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.490495][   T30] audit: type=1326 audit(2000000062.320:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6421 comm="syz.6.1852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  386.514193][   T30] audit: type=1400 audit(2000000062.460:3525): avc:  granted  { setsecparam } for  pid=6434 comm="syz.7.1858" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  386.557043][ T6440] loop5: detected capacity change from 0 to 512
[  386.558054][   T30] audit: type=1326 audit(2000000062.610:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6429 comm="syz.2.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  386.628283][ T6431] netlink: 'syz.6.1855': attribute type 13 has an invalid length.
[  386.637834][   T30] audit: type=1326 audit(2000000062.610:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6429 comm="syz.2.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  386.701790][ T6440] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  386.710367][   T30] audit: type=1326 audit(2000000062.610:3528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6429 comm="syz.2.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f14007de929 code=0x7ffc0000
[  386.718038][ T6440] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  386.742647][ T6440] EXT4-fs (loop5): 1 truncate cleaned up
[  386.748401][ T6440] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,grpjquota="errors=continue,noload,nombcache,usrjquota="nodelalloc,errors=remount-ro,barrier,. Quota mode: writeback.
[  386.771249][ T6452] loop2: detected capacity change from 0 to 8192
[  386.776975][ T6440] EXT4-fs error (device loop5): ext4_map_blocks:630: inode #2: block 4: comm syz.5.1859: lblock 0 mapped to illegal pblock 4 (length 1)
[  386.813393][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.820744][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.828552][ T6440] EXT4-fs (loop5): Remounting filesystem read-only
[  386.954955][ T6465] syz.1.1870[6465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  386.955039][ T6465] syz.1.1870[6465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  387.010126][ T6470] loop5: detected capacity change from 0 to 512
[  387.082687][ T6470] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  387.105206][ T6470] EXT4-fs (loop5): orphan cleanup on readonly fs
[  387.139545][ T6470] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.1873: corrupted inode contents
[  387.163726][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.170550][ T6470] EXT4-fs error (device loop5): ext4_dirty_inode:6070: inode #16: comm syz.5.1873: mark_inode_dirty error
[  387.183301][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.190353][ T6470] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.1873: corrupted inode contents
[  387.210112][ T6484] bridge: RTM_NEWNEIGH with invalid ether address
[  387.212548][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.228049][ T6470] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #16: comm syz.5.1873: mark_inode_dirty error
[  387.280205][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.306652][ T6470] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.1873: corrupted inode contents
[  387.338061][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.347176][ T6470] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  387.378285][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.391435][ T6470] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.1873: corrupted inode contents
[  387.435136][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.450862][ T6470] EXT4-fs error (device loop5): ext4_truncate:4304: inode #16: comm syz.5.1873: mark_inode_dirty error
[  387.490275][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.497052][ T6470] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  387.515065][ T6470] EXT4-fs (loop5): Remounting filesystem read-only
[  387.533740][ T6470] EXT4-fs (loop5): 1 truncate cleaned up
[  387.541674][ T6470] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,discard,. Quota mode: writeback.
[  388.446810][ T6566] xt_bpf: check failed: parse error
[  388.601461][ T6572] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1918'.
[  388.689979][ T6578] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1922'.
[  388.734602][ T6583] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1923'.
[  388.918174][ T6603] loop2: detected capacity change from 0 to 1024
[  388.995661][ T6603] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  389.042933][ T6603] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3876: comm syz.2.1933: Allocating blocks 449-513 which overlap fs metadata
[  389.081357][ T6602] EXT4-fs (loop2): pa ffff888111d54348: logic 48, phys. 177, len 21
[  389.089462][ T6602] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 4
[  389.096535][ T6621] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1942'.
[  389.285241][ T6650] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1954'.
[  389.322129][ T6647] SELinux: ebitmap: truncated map
[  389.328536][ T6655] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1956'.
[  389.342672][ T6647] SELinux: failed to load policy
[  389.413906][ T6666] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  389.421194][ T6666] IPv6: NLM_F_CREATE should be set when creating new route
[  389.682573][ T6704] loop7: detected capacity change from 0 to 1024
[  389.729817][ T6704] EXT4-fs (loop7): Ignoring removed orlov option
[  389.736249][ T6704] EXT4-fs (loop7): blocks per group (0) and clusters per group (32) inconsistent
[  390.187409][ T6733] netlink: 188 bytes leftover after parsing attributes in process `syz.6.1992'.
[  390.388294][ T6740] netlink: 'syz.5.1994': attribute type 13 has an invalid length.
[  390.697215][ T6740] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.701973][ T6757] loop6: detected capacity change from 0 to 512
[  390.704466][ T6740] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.741924][ T6757] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  390.770440][ T6757] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  390.792313][ T6757] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0002]
[  390.806992][ T6757] EXT4-fs (loop6): orphan cleanup on readonly fs
[  390.814752][ T6757] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.2002: invalid indirect mapped block 2185560079 (level 1)
[  390.829917][ T6757] EXT4-fs (loop6): Remounting filesystem read-only
[  390.836486][ T6757] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.2002: bg 0: block 361: padding at end of block bitmap is not set
[  390.853808][ T6757] EXT4-fs (loop6): Remounting filesystem read-only
[  390.862517][ T6757] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  390.875591][ T6757] EXT4-fs (loop6): Remounting filesystem read-only
[  390.882905][ T6757] EXT4-fs (loop6): 1 truncate cleaned up
[  390.888696][ T6757] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_nolock,noblock_validity,usrquota,errors=remount-ro,abort. Quota mode: writeback.
[  391.051944][ T6770] loop5: detected capacity change from 0 to 512
[  391.132327][ T6770] EXT4-fs (loop5): orphan cleanup on readonly fs
[  391.139646][ T6770] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.2008: bad orphan inode 13
[  391.150525][ T6770] ext4_test_bit(bit=12, block=18) = 1
[  391.155931][ T6770] is_bad_inode(inode)=0
[  391.160863][ T6770] NEXT_ORPHAN(inode)=2130706432
[  391.166121][ T6770] max_ino=32
[  391.169436][ T6770] i_nlink=1
[  391.172639][ T6770] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  391.430396][ T6801] loop7: detected capacity change from 0 to 256
[  391.498052][   T30] kauditd_printk_skb: 579 callbacks suppressed
[  391.498072][   T30] audit: type=1400 audit(2000000067.570:4108): avc:  denied  { mount } for  pid=6799 comm="syz.7.2021" name="/" dev="loop7" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  391.599926][ T6808] loop5: detected capacity change from 0 to 2048
[  391.652327][   T30] audit: type=1400 audit(2000000067.700:4109): avc:  denied  { mount } for  pid=6810 comm="syz.6.2025" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  391.763248][   T30] audit: type=1400 audit(2000000067.770:4110): avc:  denied  { unmount } for  pid=3005 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  391.786345][   T30] audit: type=1400 audit(2000000067.840:4111): avc:  denied  { unmount } for  pid=5898 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  391.829861][ T6808] EXT4-fs (loop5): mounted filesystem without journal. Opts: barrier=0x0000000000000000,resuid=0x0000000000000000,noblock_validity,errors=remount-ro,. Quota mode: none.
[  391.907805][   T30] audit: type=1400 audit(2000000067.980:4112): avc:  denied  { create } for  pid=6821 comm="syz.6.2029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  391.957681][ T6824] loop2: detected capacity change from 0 to 8192
[  391.964385][   T30] audit: type=1326 audit(2000000068.030:4113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6826 comm="syz.1.2031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  391.988689][   T30] audit: type=1326 audit(2000000068.030:4114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6826 comm="syz.1.2031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  391.989027][ T6808] EXT4-fs error (device loop5): ext4_find_extent:929: inode #2: comm syz.5.2023: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  392.012238][   T30] audit: type=1326 audit(2000000068.030:4115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6826 comm="syz.1.2031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  392.030311][ T6830] 9pnet: Insufficient options for proto=fd
[  392.052854][   T30] audit: type=1400 audit(2000000068.030:4116): avc:  denied  { connect } for  pid=6821 comm="syz.6.2029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  392.081653][   T30] audit: type=1400 audit(2000000068.160:4117): avc:  denied  { write } for  pid=6825 comm="syz.7.2032" name="001" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  392.108305][ T6808] EXT4-fs (loop5): Remounting filesystem read-only
[  392.183382][ T6835] loop2: detected capacity change from 0 to 2048
[  392.196900][ T6843] xt_hashlimit: size too large, truncated to 1048576
[  392.226002][ T6849] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2041'.
[  392.240596][ T6849] loop7: detected capacity change from 0 to 512
[  392.260003][ T6835]  loop2: p4 < >
[  392.269833][ T6835] syz.2.2034[6835] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  392.269914][ T6835] syz.2.2034[6835] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  392.291340][ T6835] device bridge0 entered promiscuous mode
[  392.328449][ T6835] device macsec1 entered promiscuous mode
[  392.335415][ T6849] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  392.357566][ T6835] bridge0: port 3(macsec1) entered blocking state
[  392.371786][ T6835] bridge0: port 3(macsec1) entered disabled state
[  392.380655][ T6849] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  392.398932][ T6835] device bridge0 left promiscuous mode
[  392.413362][ T6849] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2041'.
[  392.479735][ T6863] loop5: detected capacity change from 0 to 512
[  392.562345][ T6863] EXT4-fs (loop5): Ignoring removed nobh option
[  392.596545][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #3: comm syz.5.2045: corrupted inode contents
[  392.660917][ T6863] EXT4-fs error (device loop5): ext4_dirty_inode:6070: inode #3: comm syz.5.2045: mark_inode_dirty error
[  392.721985][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #3: comm syz.5.2045: corrupted inode contents
[  392.734091][ T6863] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.2045: mark_inode_dirty error
[  392.745857][ T6863] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.2045: Failed to acquire dquot type 0
[  392.758741][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.2045: corrupted inode contents
[  392.778257][ T6863] EXT4-fs error (device loop5): ext4_dirty_inode:6070: inode #16: comm syz.5.2045: mark_inode_dirty error
[  392.798242][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.2045: corrupted inode contents
[  392.851949][ T6863] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #16: comm syz.5.2045: mark_inode_dirty error
[  392.867470][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.2045: corrupted inode contents
[  392.881810][ T6863] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  392.894335][ T6863] EXT4-fs error (device loop5): ext4_do_update_inode:5234: inode #16: comm syz.5.2045: corrupted inode contents
[  392.906685][ T6863] EXT4-fs error (device loop5): ext4_truncate:4304: inode #16: comm syz.5.2045: mark_inode_dirty error
[  392.918840][ T6863] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  392.928365][ T6863] EXT4-fs (loop5): 1 truncate cleaned up
[  392.934090][ T6863] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_dev=0x000000000002d353,nobh,,errors=continue. Quota mode: writeback.
[  392.951900][ T6863] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  393.155906][ T6912] netlink: 'syz.1.2066': attribute type 13 has an invalid length.
[  394.007132][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2070'.
[  394.207562][ T6937] loop6: detected capacity change from 0 to 512
[  394.215539][ T6937] EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled
[  394.238315][ T6939] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2072'.
[  394.265588][ T6937] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,stripe=0x0000000000000002,jqfmt=vfsold,,errors=continue. Quota mode: writeback.
[  394.309467][ T6948] loop7: detected capacity change from 0 to 512
[  394.314447][ T6937] ext4 filesystem being mounted at /266/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  394.328658][ T6937] EXT4-fs warning (device loop6): verify_group_input:147: Cannot add at group 25 (only 1 groups)
[  394.379034][ T6948] EXT4-fs (loop7): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback.
[  394.414469][ T6948] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  394.594090][ T6998] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2102'.
[  394.647179][ T7000] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  394.664504][ T7003] loop7: detected capacity change from 0 to 2048
[  394.685757][ T7004] loop2: detected capacity change from 0 to 128
[  394.697308][ T7000] tipc: Disabling bearer <eth:syzkaller0>
[  394.743398][ T7003] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  394.927772][ T7011] loop5: detected capacity change from 0 to 128
[  395.121781][ T7015] loop5: detected capacity change from 0 to 128
[  395.163607][ T7015] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrquota,acl,,errors=continue. Quota mode: writeback.
[  395.178393][ T7015] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  395.430919][ T7020] netlink: 'syz.2.2109': attribute type 13 has an invalid length.
[  395.511080][ T7020] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.518316][ T7020] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.746668][ T7030] 9pnet: Could not find request transport: r
[  396.075305][ T7042] loop2: detected capacity change from 0 to 128
[  396.102807][ T7044] SELinux:  Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped).
[  396.182673][ T7042] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  396.214893][ T7042] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  396.298869][ T7057] netlink: 96 bytes leftover after parsing attributes in process `syz.7.2127'.
[  396.372665][ T7061] loop7: detected capacity change from 0 to 512
[  396.400928][ T7061] EXT4-fs (loop7): Quota format mount options ignored when QUOTA feature is enabled
[  396.412300][ T7061] EXT4-fs (loop7): Ignoring removed nobh option
[  396.505903][ T7061] EXT4-fs (loop7): mounted filesystem without journal. Opts: sysvgroups,jqfmt=vfsv1,nojournal_checksum,nobarrier,nobh,nobarrier,,errors=continue. Quota mode: writeback.
[  396.541095][ T7061] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  396.596554][ T7078] loop2: detected capacity change from 0 to 1024
[  396.636881][   T30] kauditd_printk_skb: 115 callbacks suppressed
[  396.636898][   T30] audit: type=1400 audit(2000000072.710:4231): avc:  denied  { mounton } for  pid=7083 comm="syz.5.2138" path="/proc/990/cgroup" dev="proc" ino=37252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  396.708414][ T7078] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  396.726071][ T7092] loop7: detected capacity change from 0 to 128
[  396.739637][ T7078] ext4 filesystem being mounted at /386/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  396.762538][ T7078] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  396.797292][ T7092] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100)
[  396.816456][ T7078] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 28
[  396.828039][ T7092] FAT-fs (loop7): Filesystem has been set read-only
[  396.829106][ T7078] EXT4-fs (loop2): This should not happen!! Data will be lost
[  396.829106][ T7078] 
[  396.835462][ T7092] attempt to access beyond end of device
[  396.835462][ T7092] loop7: rw=524288, want=2073, limit=128
[  396.845618][ T7078] EXT4-fs (loop2): Total free blocks count 0
[  396.863792][ T7078] EXT4-fs (loop2): Free/Dirty block details
[  396.871461][ T7078] EXT4-fs (loop2): free_blocks=4293918720
[  396.877347][ T7078] EXT4-fs (loop2): dirty_blocks=64
[  396.882638][ T7078] EXT4-fs (loop2): Block reservation details
[  396.889087][ T7078] EXT4-fs (loop2): i_reserved_data_blocks=4
[  396.895956][ T7092] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100)
[  396.904063][ T7092] FAT-fs (loop7): error, invalid access to FAT (entry 0x00000100)
[  396.912255][ T7092] attempt to access beyond end of device
[  396.912255][ T7092] loop7: rw=0, want=2073, limit=128
[  396.923660][ T7092] attempt to access beyond end of device
[  396.923660][ T7092] loop7: rw=0, want=2073, limit=128
[  396.934615][ T7092] attempt to access beyond end of device
[  396.934615][ T7092] loop7: rw=0, want=2073, limit=128
[  396.946131][ T7092] attempt to access beyond end of device
[  396.946131][ T7092] loop7: rw=0, want=2073, limit=128
[  396.957320][ T7092] attempt to access beyond end of device
[  396.957320][ T7092] loop7: rw=0, want=2073, limit=128
[  396.968440][ T7092] attempt to access beyond end of device
[  396.968440][ T7092] loop7: rw=0, want=2073, limit=128
[  396.981659][   T30] audit: type=1326 audit(2000000073.060:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7098 comm="syz.5.2144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  396.982457][ T7092] attempt to access beyond end of device
[  396.982457][ T7092] loop7: rw=0, want=2073, limit=128
[  397.016459][ T7099] netlink: 'syz.5.2144': attribute type 13 has an invalid length.
[  397.072355][   T30] audit: type=1326 audit(2000000073.100:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7098 comm="syz.5.2144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  397.088426][ T7092] attempt to access beyond end of device
[  397.088426][ T7092] loop7: rw=0, want=2073, limit=128
[  397.110707][ T7106] netlink: 4 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  397.126746][   T30] audit: type=1326 audit(2000000073.100:4234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7098 comm="syz.5.2144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  397.127150][ T7108] 9pnet: Insufficient options for proto=fd
[  397.157106][ T7106] netlink: 12 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  397.176179][ T7092] attempt to access beyond end of device
[  397.176179][ T7092] loop7: rw=0, want=2073, limit=128
[  397.186521][ T7111] serio: Serial port ptm0
[  397.201408][   T30] audit: type=1326 audit(2000000073.100:4235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7098 comm="syz.5.2144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  397.301122][   T30] audit: type=1326 audit(2000000073.110:4236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7098 comm="syz.5.2144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  397.412124][   T30] audit: type=1400 audit(2000000073.110:4237): avc:  denied  { create } for  pid=7100 comm="syz.1.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  397.436560][   T26] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  397.451464][   T26] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  397.503786][   T30] audit: type=1400 audit(2000000073.110:4238): avc:  denied  { bind } for  pid=7100 comm="syz.1.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  397.566052][   T30] audit: type=1400 audit(2000000073.510:4239): avc:  denied  { read write } for  pid=7122 comm="syz.2.2155" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  397.606927][   T30] audit: type=1400 audit(2000000073.510:4240): avc:  denied  { open } for  pid=7122 comm="syz.2.2155" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  397.636779][ T7137] xt_hashlimit: max too large, truncated to 1048576
[  397.644574][ T7132] netlink: 'syz.6.2158': attribute type 13 has an invalid length.
[  397.684185][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x1
[  397.692524][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.700423][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.714786][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.722692][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.732052][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.732121][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2166'.
[  397.739935][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x4
[  397.757538][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.765747][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.779155][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.787115][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x2
[  397.801466][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.814629][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.828031][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x4
[  397.841354][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.850772][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.867287][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x2
[  397.878838][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.886916][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.895705][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.903856][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.912317][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.920474][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.928425][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.936249][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.944031][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.951861][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.959632][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.967410][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.975194][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.983300][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.991094][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  397.998877][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  398.006636][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  398.014409][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  398.022200][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x0
[  398.030016][   T26] hid-generic 0000:007F:FFFFFFFE.0015: unknown main item tag 0x1
[  398.240810][   T26] hid-generic 0000:007F:FFFFFFFE.0015: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  398.665851][ T2101] udevd[2101]: 'fido_id' [7202] terminated by signal 33 (Unknown signal 33)
[  398.680059][ T7211] netlink: 'syz.6.2195': attribute type 13 has an invalid length.
[  398.844774][ T7229] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2202'.
[  398.882001][ T7229] loop5: detected capacity change from 0 to 1024
[  398.934028][ T7229] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  398.958021][ T7229] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  398.996195][ T7229] JBD2: no valid journal superblock found
[  399.031785][ T7229] EXT4-fs (loop5): error loading journal
[  399.044600][ T7250] loop6: detected capacity change from 0 to 512
[  399.204848][ T7250] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.2209: bg 0: block 393: padding at end of block bitmap is not set
[  399.219841][ T7250] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  399.230296][ T7250] EXT4-fs (loop6): 2 truncates cleaned up
[  399.236123][ T7250] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  399.337774][ T7275] loop2: detected capacity change from 0 to 8192
[  399.356034][ T7289] 9pnet: Could not find request transport: rdma
[  399.421190][ T7294] syz.2.2225[7294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  399.421263][ T7294] syz.2.2225[7294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  399.433545][ T7297] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2226'.
[  399.519424][ T7303] loop2: detected capacity change from 0 to 1024
[  399.533630][ T7305] loop6: detected capacity change from 0 to 512
[  399.546162][ T7303] EXT4-fs (loop2): Ignoring removed bh option
[  399.560850][ T7315] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7315 comm=syz.5.2234
[  399.567107][ T7314] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2233'.
[  399.574105][ T7315] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=7315 comm=syz.5.2234
[  399.583519][ T7303] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback.
[  399.620907][ T7305] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  399.628237][ T7305] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  399.640935][ T7305] EXT4-fs (loop6): 1 truncate cleaned up
[  399.650657][ T7303] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #14: comm syz.2.2230: attempt to clear invalid blocks 1886221359 len 1
[  399.679073][ T7305] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,discard,grpquota,,errors=continue. Quota mode: writeback.
[  400.041446][ T7374] SELinux: failed to load policy
[  400.055199][ T7385] device bridge3 entered promiscuous mode
[  400.095822][ T7387] loop2: detected capacity change from 0 to 512
[  400.156769][ T7395] loop7: detected capacity change from 0 to 2048
[  400.192405][ T7387] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  400.211016][  T101] Alternate GPT is invalid, using primary GPT.
[  400.217318][  T101]  loop7: p2 p3 p7
[  400.221617][ T7387] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[  400.231216][ T7387] System zones: 1-12
[  400.242910][ T7395] Alternate GPT is invalid, using primary GPT.
[  400.252589][ T7387] EXT4-fs (loop2): 1 truncate cleaned up
[  400.259572][ T7395]  loop7: p2 p3 p7
[  400.265608][ T7387] EXT4-fs (loop2): mounted filesystem without journal. Opts: nolazytime,init_itable=0x000000007fffffff,debug,lazytime,nombcache,noload,,errors=continue. Quota mode: none.
[  400.311118][ T7402] syz.1.2271[7402] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.311201][ T7402] syz.1.2271[7402] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.336919][  T101] Alternate GPT is invalid, using primary GPT.
[  400.368351][  T101]  loop7: p2 p3 p7
[  400.426722][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  400.438930][  T303] udevd[303]: inotify_add_watch(7, /dev/loop7p7, 10) failed: No such file or directory
[  400.452243][  T407] udevd[407]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  400.471639][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  400.471649][  T407] udevd[407]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  400.473239][  T303] udevd[303]: inotify_add_watch(7, /dev/loop7p7, 10) failed: No such file or directory
[  400.513528][  T407] udevd[407]: inotify_add_watch(7, /dev/loop7p3, 10) failed: No such file or directory
[  400.519490][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop7p2, 10) failed: No such file or directory
[  400.529396][  T303] udevd[303]: inotify_add_watch(7, /dev/loop7p7, 10) failed: No such file or directory
[  400.588699][ T7415] loop2: detected capacity change from 0 to 512
[  400.641190][ T7429] device vlan0 entered promiscuous mode
[  400.653481][ T7415] EXT4-fs (loop2): 1 orphan inode deleted
[  400.659485][ T7415] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  400.661187][ T7429] device veth0 entered promiscuous mode
[  400.676556][ T7415] ext4 filesystem being mounted at /401/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  400.710719][ T7415] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  400.843867][ T7446] loop5: detected capacity change from 0 to 1024
[  400.882413][ T7446] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  400.897706][ T7454] loop7: detected capacity change from 0 to 128
[  400.907586][ T7446] ext4 filesystem being mounted at /380/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  400.978219][ T7454] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  401.043265][ T7454] ext4 filesystem being mounted at /113/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  401.198179][ T7477] loop7: detected capacity change from 0 to 512
[  401.231854][ T7482] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2307'.
[  401.301982][ T7477] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  401.329071][ T7477] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  401.337113][ T7498] xt_CT: You must specify a L4 protocol and not use inversions on it
[  401.397023][ T7506] tipc: Started in network mode
[  401.402813][ T7506] tipc: Node identity e2cd6598ef83, cluster identity 4711
[  401.410702][ T7506] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  401.418175][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2301'.
[  401.432185][ T7511] loop6: detected capacity change from 0 to 256
[  401.439243][ T7505] tipc: Disabling bearer <eth:syzkaller0>
[  401.521787][ T7522] netlink: 'syz.2.2324': attribute type 13 has an invalid length.
[  401.666175][   T30] kauditd_printk_skb: 370 callbacks suppressed
[  401.666192][   T30] audit: type=1326 audit(2000000077.740:4611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.714015][ T7556] x_tables: duplicate underflow at hook 2
[  401.722071][ T7552] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  401.740270][   T30] audit: type=1326 audit(2000000077.780:4612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740306][   T30] audit: type=1326 audit(2000000077.780:4613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740334][   T30] audit: type=1326 audit(2000000077.780:4614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740362][   T30] audit: type=1326 audit(2000000077.780:4615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740391][   T30] audit: type=1326 audit(2000000077.780:4616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740418][   T30] audit: type=1326 audit(2000000077.780:4617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740448][   T30] audit: type=1326 audit(2000000077.780:4618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740476][   T30] audit: type=1326 audit(2000000077.780:4619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.740501][   T30] audit: type=1326 audit(2000000077.780:4620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7549 comm="syz.1.2338" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98a446929 code=0x7ffc0000
[  401.770393][ T7551] tipc: Disabling bearer <eth:syzkaller0>
[  401.799891][ T7568] loop7: detected capacity change from 0 to 512
[  401.826983][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2339'.
[  401.889538][ T7568] EXT4-fs (loop7): too many log groups per flexible block group
[  401.889633][ T7568] EXT4-fs (loop7): failed to initialize mballoc (-12)
[  401.889684][ T7568] EXT4-fs (loop7): mount failed
[  401.917120][ T7577] loop2: detected capacity change from 0 to 512
[  401.963193][ T7585] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2349'.
[  401.967921][ T7577] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  401.968125][ T7577] ext4 filesystem being mounted at /416/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  401.971101][ T7577] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.2350: corrupted inode contents
[  401.971315][ T7577] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.2350: mark_inode_dirty error
[  401.971528][ T7577] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.2350: corrupted inode contents
[  401.971677][ T7577] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.2350: mark_inode_dirty error
[  402.215589][ T7602] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=7602 comm=syz.5.2357
[  402.335717][  T862] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0
[  402.350823][  T862] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  402.407592][ T7621] loop2: detected capacity change from 0 to 512
[  402.433571][ T7625] loop5: detected capacity change from 0 to 256
[  402.463672][ T7625] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  402.473002][ T7621] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  402.483268][ T7625] FAT-fs (loop5): Filesystem has been set read-only
[  402.529970][ T7621] EXT4-fs (loop2): 1 truncate cleaned up
[  402.539033][ T7621] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,quota,. Quota mode: writeback.
[  402.651024][ T7635] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.661985][ T7635] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.671038][ T7635] device bridge_slave_0 entered promiscuous mode
[  402.680456][ T7635] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.687619][ T7635] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.698069][ T7635] device bridge_slave_1 entered promiscuous mode
[  402.710928][ T7649] loop2: detected capacity change from 0 to 1024
[  402.732705][ T7649] EXT4-fs (loop2): Ignoring removed nobh option
[  402.749048][ T7649] EXT4-fs (loop2): Ignoring removed nobh option
[  402.755514][ T7649] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  402.772458][ T7649] EXT4-fs error (device loop2): ext4_get_journal_inode:5151: comm syz.2.2375: inode #4294967295: comm syz.2.2375: iget: illegal inode #
[  402.786806][ T7649] EXT4-fs (loop2): no journal found
[  402.792370][ T7649] EXT4-fs (loop2): can't get journal size
[  402.798958][ T7649] EXT4-fs (loop2): failed to initialize system zone (-22)
[  402.806307][ T7649] EXT4-fs (loop2): mount failed
[  402.843529][ T7635] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.850885][ T7635] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.858238][ T7635] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.865316][ T7635] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.888222][ T4540] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.900575][ T4540] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.939325][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  402.949325][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  402.966755][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  402.976780][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  402.985221][ T4540] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.992323][ T4540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.000076][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  403.009341][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  403.023085][ T4540] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.030374][ T4540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.044671][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  403.057398][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  403.067699][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  403.082917][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  403.104891][ T7673] loop7: detected capacity change from 0 to 1024
[  403.111105][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  403.119964][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  403.139888][ T7635] device veth0_vlan entered promiscuous mode
[  403.146440][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  403.155216][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  403.173401][ T7635] device veth1_macvtap entered promiscuous mode
[  403.196017][ T7673] EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  403.214700][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  403.231255][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  403.242103][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  403.251216][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  403.259737][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  403.275994][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  403.284975][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  403.303006][ T7681] tipc: Started in network mode
[  403.309589][ T7681] tipc: Node identity 5a1fe416fe94, cluster identity 4711
[  403.316805][ T7681] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  403.326921][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  403.336743][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  403.361195][ T7680] tipc: Disabling bearer <eth:syzkaller0>
[  403.449025][ T7692] 9pnet: Could not find request transport: rdma
[  403.474143][ T7701] loop5: detected capacity change from 0 to 128
[  403.546196][ T7710] loop6: detected capacity change from 0 to 2048
[  403.557479][ T7701] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  403.565640][ T7701] FAT-fs (loop5): Filesystem has been set read-only
[  403.574725][ T7701] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  403.583557][ T7712] loop1: detected capacity change from 0 to 2048
[  403.587922][ T7701] handle_bad_sector: 4749 callbacks suppressed
[  403.588102][ T7701] attempt to access beyond end of device
[  403.588102][ T7701] loop5: rw=2049, want=2073, limit=128
[  403.631488][ T7712]  loop1: p1 < > p3
[  403.642430][ T7712] loop1: p3 size 134217728 extends beyond EOD, truncated
[  403.661713][ T7710] EXT4-fs (loop6): corrupt root inode, run e2fsck
[  403.670523][ T7710] EXT4-fs (loop6): mount failed
[  403.680233][  T101]  loop1: p1 < > p3
[  403.687578][  T101] loop1: p3 size 134217728 extends beyond EOD, truncated
[  403.849942][  T407] udevd[407]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  403.857832][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  403.902199][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  403.915359][  T407] udevd[407]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  403.947836][ T7734] loop1: detected capacity change from 0 to 1024
[  403.958483][ T7734] EXT4-fs (loop1): Ignoring removed nobh option
[  403.967612][ T7738] loop5: detected capacity change from 0 to 256
[  403.977472][ T7734] EXT4-fs (loop1): Ignoring removed nobh option
[  403.977522][ T7734] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  403.977605][ T7734] EXT4-fs error (device loop1): ext4_get_journal_inode:5151: comm syz.1.2414: inode #4294967295: comm syz.1.2414: iget: illegal inode #
[  403.977751][ T7734] EXT4-fs (loop1): no journal found
[  403.977765][ T7734] EXT4-fs (loop1): can't get journal size
[  403.982039][ T7734] EXT4-fs (loop1): failed to initialize system zone (-22)
[  404.027540][ T7734] EXT4-fs (loop1): mount failed
[  404.185019][ T7751] syz.2.2419[7751] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.185104][ T7751] syz.2.2419[7751] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.205834][ T7750] loop6: detected capacity change from 0 to 2048
[  404.349805][ T7750] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  404.394762][ T7750] Invalid ELF header magic: != ELF
[  404.517774][ T7773] syz.7.2429[7773] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.517852][ T7773] syz.7.2429[7773] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.534689][ T7773] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2429'.
[  404.562347][ T7773] device veth0 entered promiscuous mode
[  404.569084][ T7773] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2429'.
[  404.601746][ T7780] netlink: 112 bytes leftover after parsing attributes in process `syz.6.2432'.
[  404.642618][ T7782] netlink: 'syz.7.2433': attribute type 13 has an invalid length.
[  404.698461][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.705849][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.765003][ T7796] loop5: detected capacity change from 0 to 512
[  404.798091][ T7796] EXT4-fs (loop5): Ignoring removed nobh option
[  404.819918][ T7796] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.2439: invalid indirect mapped block 256 (level 2)
[  404.835583][ T7796] EXT4-fs (loop5): 2 truncates cleaned up
[  404.841701][ T7796] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  404.872453][ T7796] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.2439: bg 0: block 5: invalid block bitmap
[  404.983265][ T7806] netlink: 112 bytes leftover after parsing attributes in process `syz.5.2442'.
[  405.139419][ T7817] netlink: 296 bytes leftover after parsing attributes in process `syz.2.2447'.
[  405.245065][ T7822] loop2: detected capacity change from 0 to 512
[  405.272870][ T7822] EXT4-fs (loop2): Ignoring removed nobh option
[  405.570448][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #3: comm syz.2.2449: corrupted inode contents
[  405.612277][ T7822] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #3: comm syz.2.2449: mark_inode_dirty error
[  405.625939][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #3: comm syz.2.2449: corrupted inode contents
[  405.638462][ T7822] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #3: comm syz.2.2449: mark_inode_dirty error
[  405.650624][ T7822] EXT4-fs error (device loop2): ext4_acquire_dquot:6195: comm syz.2.2449: Failed to acquire dquot type 0
[  405.668089][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #16: comm syz.2.2449: corrupted inode contents
[  405.680498][ T7822] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #16: comm syz.2.2449: mark_inode_dirty error
[  405.692192][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #16: comm syz.2.2449: corrupted inode contents
[  405.709670][ T7822] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #16: comm syz.2.2449: mark_inode_dirty error
[  405.721661][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #16: comm syz.2.2449: corrupted inode contents
[  405.729625][ T7833] loop6: detected capacity change from 0 to 512
[  405.734514][ T7822] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[  405.749147][ T7822] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #16: comm syz.2.2449: corrupted inode contents
[  405.761338][ T7822] EXT4-fs error (device loop2): ext4_truncate:4304: inode #16: comm syz.2.2449: mark_inode_dirty error
[  405.773420][ T7822] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[  405.782954][ T7822] EXT4-fs (loop2): 1 truncate cleaned up
[  405.788971][ T7822] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_dev=0x000000000002d353,nobh,,errors=continue. Quota mode: writeback.
[  405.813555][ T7833] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: comm syz.6.2453: inode #1: comm syz.6.2453: iget: illegal inode #
[  405.826517][ T7822] ext4 filesystem being mounted at /434/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  405.841491][ T7833] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.2453: error while reading EA inode 1 err=-117
[  405.858291][ T7833] EXT4-fs error (device loop6): ext4_xattr_inode_iget:404: comm syz.6.2453: inode #1: comm syz.6.2453: iget: illegal inode #
[  405.864146][ T7822] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2449'.
[  405.886278][ T7833] EXT4-fs error (device loop6): ext4_xattr_inode_iget:409: comm syz.6.2453: error while reading EA inode 1 err=-117
[  405.900087][ T7837] netlink: 100 bytes leftover after parsing attributes in process `syz.7.2454'.
[  405.909498][ T7833] EXT4-fs (loop6): 1 orphan inode deleted
[  405.936364][ T7833] EXT4-fs (loop6): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dd0,,errors=continue. Quota mode: writeback.
[  406.990718][ T7879] syz.7.2473[7879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.990807][ T7879] syz.7.2473[7879] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.166853][   T30] kauditd_printk_skb: 144 callbacks suppressed
[  407.166889][   T30] audit: type=1326 audit(2000000083.240:4763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.202620][  T575] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0
[  407.219490][ T7898] netlink: 'syz.5.2480': attribute type 13 has an invalid length.
[  407.250509][  T575] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  407.267906][   T30] audit: type=1326 audit(2000000083.240:4764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.319533][ T7906] 9pnet: p9_fd_create_tcp (7906): problem connecting socket to 127.0.0.1
[  407.327041][ T7905] fido_id[7905]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  407.358068][   T30] audit: type=1326 audit(2000000083.300:4765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.393067][   T30] audit: type=1326 audit(2000000083.300:4766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.463485][ T7913] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  407.473286][   T30] audit: type=1326 audit(2000000083.300:4767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.550282][   T30] audit: type=1326 audit(2000000083.300:4768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.672943][   T30] audit: type=1326 audit(2000000083.380:4769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.744221][   T30] audit: type=1326 audit(2000000083.380:4770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7896 comm="syz.5.2480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  407.771969][   T30] audit: type=1400 audit(2000000083.400:4771): avc:  denied  { mounton } for  pid=7903 comm="syz.1.2483" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  407.796907][   T30] audit: type=1400 audit(2000000083.590:4772): avc:  denied  { bind } for  pid=7914 comm="syz.5.2487" lport=127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  408.004947][ T7938] tipc: Started in network mode
[  408.011549][ T7938] tipc: Node identity ba3a66414f12, cluster identity 4711
[  408.019536][ T7938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  408.019955][ T7942] usb usb9: usbfs: process 7942 (syz.6.2500) did not claim interface 0 before use
[  408.048183][ T7937] tipc: Resetting bearer <eth:syzkaller0>
[  408.062102][ T7944] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2502'.
[  408.082727][ T7946] loop1: detected capacity change from 0 to 1024
[  408.134343][ T7937] tipc: Disabling bearer <eth:syzkaller0>
[  408.143350][ T7948] loop5: detected capacity change from 0 to 512
[  408.154775][ T7951] netem: change failed
[  408.162701][ T7946] EXT4-fs (loop1): Ignoring removed bh option
[  408.180901][ T7955] netlink: 'syz.2.2505': attribute type 8 has an invalid length.
[  408.192791][ T7948] EXT4-fs (loop5): Ignoring removed orlov option
[  408.205507][ T7948] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  408.237901][ T7946] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,nodiscard,data_err=ignore,grpquota,abort,user_xattr,bh,errors=remount-ro,. Quota mode: writeback.
[  408.269967][ T7948] EXT4-fs (loop5): 1 orphan inode deleted
[  408.289600][ T7948] EXT4-fs (loop5): 1 truncate cleaned up
[  408.308036][ T7948] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable=0x0000000000000957,noinit_itable,debug_want_extra_isize=0x000000000000002a,stripe=0x0000000000000008,orlov,grpid,,errors=continue. Quota mode: none.
[  408.374739][ T6918] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  408.400267][ T6918] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  408.499746][ T7981] fido_id[7981]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  408.565719][ T7995] loop7: detected capacity change from 0 to 512
[  408.565928][ T7989] tipc: Started in network mode
[  408.578641][ T7989] tipc: Node identity a6c09c7f13bf, cluster identity 4711
[  408.586241][ T7989] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  408.595550][ T7988] tipc: Resetting bearer <eth:syzkaller0>
[  408.623172][ T7988] tipc: Disabling bearer <eth:syzkaller0>
[  408.678571][ T7995] EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
[  408.698039][ T7995] EXT4-fs (loop7): Ignoring removed mblk_io_submit option
[  408.722250][ T7995] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2
[  408.733679][ T7995] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -2
[  408.751545][ T7995] EXT4-fs (loop7): 1 truncate cleaned up
[  408.760255][ T7995] EXT4-fs (loop7): mounted filesystem without journal. Opts: nomblk_io_submit,usrjquota="errors=continue,noload,mblk_io_submit,grpjquota="errors=continue,errors=remount-ro,jqfmt=vfsv1,. Quota mode: writeback.
[  408.816211][ T7995] EXT4-fs (loop7): re-mounted. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpquota,noquota,quota,noload,noload,. Quota mode: writeback.
[  408.880280][ T8028] serio: Serial port ptm0
[  409.291292][ T8071] loop6: detected capacity change from 0 to 512
[  409.328925][ T8071] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  409.379861][ T8071] EXT4-fs (loop6): 1 truncate cleaned up
[  409.385575][ T8071] EXT4-fs (loop6): mounted filesystem without journal. Opts: noauto_da_alloc,errors=remount-ro,. Quota mode: none.
[  409.429457][ T8076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2558'.
[  409.466330][ T8074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2557'.
[  409.500722][ T8074] 9pnet: Insufficient options for proto=fd
[  409.812025][  T862] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  409.846318][  T862] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  409.924867][ T8087] loop5: detected capacity change from 0 to 2048
[  409.974763][ T8092] fido_id[8092]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  410.000998][  T407]  loop5: p2 p3 < > p4 < p5 >
[  410.009851][  T407] loop5: partition table partially beyond EOD, truncated
[  410.026022][  T407] loop5: p2 start 16908804 is beyond EOD, truncated
[  410.037756][  T407] loop5: p3 start 4284289 is beyond EOD, truncated
[  410.045959][  T407] loop5: p5 start 16908804 is beyond EOD, truncated
[  410.054382][ T8087]  loop5: p2 p3 < > p4 < p5 >
[  410.059790][ T8087] loop5: partition table partially beyond EOD, truncated
[  410.069341][ T8087] loop5: p2 start 16908804 is beyond EOD, truncated
[  410.076196][ T8087] loop5: p3 start 4284289 is beyond EOD, truncated
[  410.108938][ T8087] loop5: p5 start 16908804 is beyond EOD, truncated
[  410.270773][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  410.339797][ T2101] udevd[2101]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  410.429084][ T8121] xt_hashlimit: max too large, truncated to 1048576
[  410.609729][ T8138] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2587'.
[  410.700943][ T8149] netlink: 'syz.6.2593': attribute type 13 has an invalid length.
[  410.956405][ T8176] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2604'.
[  411.059650][ T8178] xt_hashlimit: size too large, truncated to 1048576
[  411.115827][ T8184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2605'.
[  411.198501][ T8180] 9pnet: Could not find request transport: t
[  411.356796][ T8190] netlink: 'syz.1.2609': attribute type 13 has an invalid length.
[  411.506602][ T8192] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  411.534969][ T8192] 9pnet: Insufficient options for proto=fd
[  411.654283][ T8190] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.661604][ T8190] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.920825][ T8200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  411.951104][ T8199] tipc: Resetting bearer <eth:syzkaller0>
[  412.008520][ T8199] tipc: Disabling bearer <eth:syzkaller0>
[  412.070316][ T8207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2618'.
[  412.209208][ T8222] loop5: detected capacity change from 0 to 512
[  412.225687][   T30] kauditd_printk_skb: 138 callbacks suppressed
[  412.225723][   T30] audit: type=1326 audit(2000000000.009:4911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.257508][   T30] audit: type=1326 audit(2000000000.040:4912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.281779][ T8226] netlink: 'syz.6.2626': attribute type 13 has an invalid length.
[  412.295646][   T30] audit: type=1326 audit(2000000000.070:4913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.323432][ T8229] loop6: detected capacity change from 0 to 256
[  412.330217][   T30] audit: type=1326 audit(2000000000.070:4914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.354184][   T30] audit: type=1326 audit(2000000000.070:4915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.380665][   T30] audit: type=1326 audit(2000000000.080:4916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8225 comm="syz.6.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32167ab929 code=0x7ffc0000
[  412.405795][ T8222] loop5: detected capacity change from 0 to 2048
[  412.523496][ T8222] EXT4-fs (loop5): mounted filesystem without journal. Opts: delalloc,errors=remount-ro,. Quota mode: none.
[  412.552808][ T6918] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[  412.555994][ T8237] loop7: detected capacity change from 0 to 512
[  412.563990][   T30] audit: type=1400 audit(2000000000.350:4917): avc:  denied  { ioctl } for  pid=8220 comm="syz.5.2624" path="/455/file2/blkio.bfq.idle_time" dev="loop5" ino=18 ioctlcmd=0x587d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  412.594564][ T6918] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  412.638269][ T8237] EXT4-fs (loop7): mounted filesystem without journal. Opts: grpquota,lazytime,,errors=continue. Quota mode: writeback.
[  412.663375][ T8237] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  412.686351][ T8241] fido_id[8241]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  412.726820][ T8245] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  412.730300][ T8248] syz.6.2633[8248] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  412.733929][ T8248] syz.6.2633[8248] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  412.745468][ T8244] tipc: Resetting bearer <eth:syzkaller0>
[  412.770356][ T8244] tipc: Disabling bearer <eth:syzkaller0>
[  412.833566][   T30] audit: type=1326 audit(2000000000.620:4918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8258 comm="syz.5.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  412.857255][   T30] audit: type=1326 audit(2000000000.620:4919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8258 comm="syz.5.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  412.881616][   T30] audit: type=1326 audit(2000000000.620:4920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8258 comm="syz.5.2637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff9f3fc929 code=0x7ffc0000
[  413.063520][ T8276] netlink: 'syz.2.2646': attribute type 13 has an invalid length.
[  413.125979][ T8285] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2650'.
[  413.525077][ T8296] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2654'.
[  413.686921][ T8312] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2662'.
[  413.728734][ T8314] netlink: 'syz.6.2663': attribute type 7 has an invalid length.
[  413.736587][ T8314] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2663'.
[  413.782713][ T8321] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2666'.
[  413.881427][ T8332] loop6: detected capacity change from 0 to 8192
[  413.987544][ T8341] loop5: detected capacity change from 0 to 512
[  414.001612][ T8341] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  414.009275][ T8341] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  414.023237][ T8344] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2678'.
[  414.036607][ T8341] EXT4-fs (loop5): 1 truncate cleaned up
[  414.062569][ T8341] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,resuid=0x000000000000ee01,resgid=0x0000000000000000,nomblk_io_submit,nombcache,resgid=0x000000000000ee00,,errors=continue. Quota mode: none.
[  414.347646][ T8375] loop5: detected capacity change from 0 to 1024
[  414.590551][ T8375] EXT4-fs (loop5): Ignoring removed bh option
[  414.673716][ T8375] EXT4-fs (loop5): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback.
[  414.762715][ T8375] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #14: comm syz.5.2691: attempt to clear invalid blocks 1886221359 len 1
[  415.417485][ T8430] loop7: detected capacity change from 0 to 8192
[  415.646107][ T8445] loop7: detected capacity change from 0 to 1024
[  415.656933][ T8447] loop6: detected capacity change from 0 to 512
[  415.688890][ T8445] EXT4-fs (loop7): Mount option "dax=inode" incompatible with ext2
[  415.703209][ T8447] EXT4-fs (loop6): Ignoring removed mblk_io_submit option
[  415.728112][ T8447] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  415.754717][ T8447] EXT4-fs (loop6): 1 truncate cleaned up
[  415.774562][ T8447] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpjquota=,mblk_io_submit,debug_want_extra_isize=0x0000000000000068,lazytime,discard,grpquota,,errors=continue. Quota mode: writeback.
[  416.029369][ T8482] netlink: 'syz.6.2727': attribute type 13 has an invalid length.
[  416.383928][ T8531] loop5: detected capacity change from 0 to 128
[  416.498762][ T8531] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  416.523046][ T8531] ext4 filesystem being mounted at /474/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  416.689140][ T8549] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  416.698766][ T8548] tipc: Resetting bearer <eth:syzkaller0>
[  416.715359][ T8548] tipc: Disabling bearer <eth:syzkaller0>
[  416.776994][ T8565] SELinux: security_context_str_to_sid(Eá…) failed for (dev ?, type ?) errno=-22
[  416.784347][ T8566] serio: Serial port ptm0
[  416.787091][ T8565] SELinux: security_context_str_to_sid(Eá…) failed for (dev proc, type proc) errno=-22
[  417.202835][ T8585] loop7: detected capacity change from 0 to 512
[  417.264926][   T30] kauditd_printk_skb: 251 callbacks suppressed
[  417.264947][   T30] audit: type=1326 audit(2000000005.030:5172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.295382][ T8585] EXT4-fs (loop7): Ignoring removed nobh option
[  417.304791][   T30] audit: type=1326 audit(2000000005.030:5173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.328882][   T30] audit: type=1326 audit(2000000005.090:5174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.352862][   T30] audit: type=1326 audit(2000000005.090:5175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.378337][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #3: comm syz.7.2757: corrupted inode contents
[  417.391510][ T8585] EXT4-fs error (device loop7): ext4_dirty_inode:6070: inode #3: comm syz.7.2757: mark_inode_dirty error
[  417.403713][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #3: comm syz.7.2757: corrupted inode contents
[  417.415927][   T30] audit: type=1326 audit(2000000005.090:5176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.440571][   T30] audit: type=1326 audit(2000000005.090:5177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.464004][ T8585] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #3: comm syz.7.2757: mark_inode_dirty error
[  417.475906][   T30] audit: type=1326 audit(2000000005.090:5178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.475993][ T8585] Quota error (device loop7): write_blk: dquota write failed
[  417.499650][   T30] audit: type=1326 audit(2000000005.090:5179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8576 comm="syz.1.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed3d77929 code=0x7ffc0000
[  417.507752][ T8585] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  417.541244][ T8585] EXT4-fs error (device loop7): ext4_acquire_dquot:6195: comm syz.7.2757: Failed to acquire dquot type 0
[  417.553493][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.2757: corrupted inode contents
[  417.571677][ T8585] EXT4-fs error (device loop7): ext4_dirty_inode:6070: inode #16: comm syz.7.2757: mark_inode_dirty error
[  417.590638][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.2757: corrupted inode contents
[  417.603200][ T8585] EXT4-fs error (device loop7): __ext4_ext_dirty:183: inode #16: comm syz.7.2757: mark_inode_dirty error
[  417.618455][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.2757: corrupted inode contents
[  417.632689][ T8585] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem
[  417.653328][ T8607] netlink: 'syz.5.2766': attribute type 6 has an invalid length.
[  417.658078][ T8585] EXT4-fs error (device loop7): ext4_do_update_inode:5234: inode #16: comm syz.7.2757: corrupted inode contents
[  417.749188][ T8613] ==================================================================
[  417.757408][ T8613] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240
[  417.765599][ T8613] Read of size 8 at addr ffff888118b772c0 by task syz.2.2769/8613
[  417.773431][ T8613] 
[  417.775776][ T8613] CPU: 0 PID: 8613 Comm: syz.2.2769 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  417.775846][ T8585] EXT4-fs error (device loop7): ext4_truncate:4304: inode #16: comm syz.7.2757: mark_inode_dirty error
[  417.787069][ T8613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  417.787085][ T8613] Call Trace:
[  417.787092][ T8613]  <TASK>
[  417.787101][ T8613]  __dump_stack+0x21/0x30
[  417.818749][ T8613]  dump_stack_lvl+0xee/0x150
[  417.823372][ T8613]  ? show_regs_print_info+0x20/0x20
[  417.827262][ T8585] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem
[  417.828619][ T8613]  ? load_image+0x3a0/0x3a0
[  417.828655][ T8613]  print_address_description+0x7f/0x2c0
[  417.847645][ T8613]  ? tc_setup_flow_action+0x870/0x3240
[  417.853263][ T8613]  kasan_report+0xf1/0x140
[  417.857715][ T8613]  ? tc_setup_flow_action+0x870/0x3240
[  417.863217][ T8613]  __asan_report_load8_noabort+0x14/0x20
[  417.868884][ T8613]  tc_setup_flow_action+0x870/0x3240
[  417.874195][ T8613]  mall_replace_hw_filter+0x293/0x820
[  417.878413][ T8585] EXT4-fs (loop7): 1 truncate cleaned up
[  417.879583][ T8613]  ? pcpu_block_update_hint_alloc+0x8c1/0xc50
[  417.885225][ T8585] EXT4-fs (loop7): mounted filesystem without journal. Opts: journal_dev=0x000000000002d353,nobh,,errors=continue. Quota mode: writeback.
[  417.891285][ T8613]  ? mall_set_parms+0x520/0x520
[  417.891311][ T8613]  ? tcf_exts_destroy+0xb0/0xb0
[  417.891341][ T8613]  ? mall_set_parms+0x1e8/0x520
[  417.919954][ T8613]  mall_change+0x526/0x740
[  417.924412][ T8613]  ? __kasan_check_write+0x14/0x20
[  417.929548][ T8613]  ? mall_get+0xa0/0xa0
[  417.933738][ T8613]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[  417.939751][ T8613]  tc_new_tfilter+0x12a2/0x1870
[  417.944627][ T8613]  ? tcf_gate_entry_destructor+0x20/0x20
[  417.950278][ T8613]  ? security_capable+0x87/0xb0
[  417.955142][ T8613]  ? ns_capable+0x8c/0xf0
[  417.959483][ T8613]  ? netlink_net_capable+0x125/0x160
[  417.964803][ T8613]  ? tcf_gate_entry_destructor+0x20/0x20
[  417.970551][ T8613]  rtnetlink_rcv_msg+0x81b/0xb90
[  417.975504][ T8613]  ? rtnetlink_bind+0x80/0x80
[  417.980193][ T8613]  ? memcpy+0x56/0x70
[  417.984186][ T8613]  ? avc_has_perm_noaudit+0x2f4/0x460
[  417.989574][ T8613]  ? arch_stack_walk+0xee/0x140
[  417.994434][ T8613]  ? avc_denied+0x1b0/0x1b0
[  417.998947][ T8613]  ? stack_trace_save+0x98/0xe0
[  418.003804][ T8613]  ? avc_has_perm+0x158/0x240
[  418.008487][ T8613]  ? avc_has_perm_noaudit+0x460/0x460
[  418.013860][ T8613]  ? x64_sys_call+0x4b/0x9a0
[  418.018452][ T8613]  ? selinux_nlmsg_lookup+0x416/0x4c0
[  418.023969][ T8613]  netlink_rcv_skb+0x1e0/0x430
[  418.028745][ T8613]  ? rtnetlink_bind+0x80/0x80
[  418.033424][ T8613]  ? netlink_ack+0xb60/0xb60
[  418.038169][ T8613]  ? __netlink_lookup+0x387/0x3b0
[  418.043212][ T8613]  rtnetlink_rcv+0x1c/0x20
[  418.047642][ T8613]  netlink_unicast+0x87c/0xa40
[  418.052432][ T8613]  netlink_sendmsg+0x86a/0xb70
[  418.057221][ T8613]  ? netlink_getsockopt+0x530/0x530
[  418.062438][ T8613]  ? security_socket_sendmsg+0x82/0xa0
[  418.068001][ T8613]  ? netlink_getsockopt+0x530/0x530
[  418.073227][ T8613]  ____sys_sendmsg+0x5a2/0x8c0
[  418.078007][ T8613]  ? __sys_sendmsg_sock+0x40/0x40
[  418.083039][ T8613]  ? import_iovec+0x7c/0xb0
[  418.087551][ T8613]  ___sys_sendmsg+0x1f0/0x260
[  418.092236][ T8613]  ? __sys_sendmsg+0x250/0x250
[  418.097006][ T8613]  ? bpf_raw_tracepoint_open+0x18e/0x960
[  418.102818][ T8613]  ? __fdget+0x1a1/0x230
[  418.107078][ T8613]  __x64_sys_sendmsg+0x1e2/0x2a0
[  418.112114][ T8613]  ? ___sys_sendmsg+0x260/0x260
[  418.116982][ T8613]  ? __kasan_check_write+0x14/0x20
[  418.122114][ T8613]  ? switch_fpu_return+0x15d/0x2c0
[  418.127240][ T8613]  x64_sys_call+0x4b/0x9a0
[  418.131660][ T8613]  do_syscall_64+0x4c/0xa0
[  418.136080][ T8613]  ? clear_bhb_loop+0x50/0xa0
[  418.140760][ T8613]  ? clear_bhb_loop+0x50/0xa0
[  418.145450][ T8613]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  418.151351][ T8613] RIP: 0033:0x7f14007de929
[  418.155776][ T8613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.175509][ T8613] RSP: 002b:00007f13fee47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  418.183941][ T8613] RAX: ffffffffffffffda RBX: 00007f1400a05fa0 RCX: 00007f14007de929
[  418.191916][ T8613] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  418.200021][ T8613] RBP: 00007f1400860b39 R08: 0000000000000000 R09: 0000000000000000
[  418.207996][ T8613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  418.215999][ T8613] R13: 0000000000000000 R14: 00007f1400a05fa0 R15: 00007ffcdc90e368
[  418.223988][ T8613]  </TASK>
[  418.227009][ T8613] 
[  418.229505][ T8613] Allocated by task 8613:
[  418.233848][ T8613]  __kasan_kmalloc+0xda/0x110
[  418.238549][ T8613]  __kmalloc+0x13d/0x2c0
[  418.242801][ T8613]  tcf_idr_create+0x5f/0x790
[  418.247395][ T8613]  tcf_idr_create_from_flags+0x61/0x70
[  418.252856][ T8613]  tcf_gact_init+0x346/0x580
[  418.257445][ T8613]  tcf_action_init_1+0x3f7/0x6a0
[  418.262389][ T8613]  tcf_action_init+0x1e9/0x710
[  418.267160][ T8613]  tcf_exts_validate+0x217/0x520
[  418.272101][ T8613]  mall_set_parms+0x48/0x520
[  418.276703][ T8613]  mall_change+0x45a/0x740
[  418.281136][ T8613]  tc_new_tfilter+0x12a2/0x1870
[  418.285997][ T8613]  rtnetlink_rcv_msg+0x81b/0xb90
[  418.290943][ T8613]  netlink_rcv_skb+0x1e0/0x430
[  418.295859][ T8613]  rtnetlink_rcv+0x1c/0x20
[  418.300314][ T8613]  netlink_unicast+0x87c/0xa40
[  418.305096][ T8613]  netlink_sendmsg+0x86a/0xb70
[  418.309867][ T8613]  ____sys_sendmsg+0x5a2/0x8c0
[  418.314636][ T8613]  ___sys_sendmsg+0x1f0/0x260
[  418.319314][ T8613]  __x64_sys_sendmsg+0x1e2/0x2a0
[  418.324254][ T8613]  x64_sys_call+0x4b/0x9a0
[  418.328717][ T8613]  do_syscall_64+0x4c/0xa0
[  418.333146][ T8613]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  418.339053][ T8613] 
[  418.341383][ T8613] Last potentially related work creation:
[  418.347096][ T8613]  kasan_save_stack+0x3a/0x60
[  418.351783][ T8613]  __kasan_record_aux_stack+0xd2/0x100
[  418.357268][ T8613]  kasan_record_aux_stack_noalloc+0xb/0x10
[  418.363203][ T8613]  kvfree_call_rcu+0xae/0x7e0
[  418.367900][ T8613]  ip_ma_put+0xf7/0x140
[  418.372064][ T8613]  __ip_mc_dec_group+0x44e/0x520
[  418.377007][ T8613]  ip_mc_down+0x1b0/0x240
[  418.381340][ T8613]  inetdev_event+0x2c7/0x10a0
[  418.386025][ T8613]  raw_notifier_call_chain+0x90/0x100
[  418.391399][ T8613]  __dev_notify_flags+0x28f/0x500
[  418.396432][ T8613]  dev_change_flags+0xe8/0x1a0
[  418.401202][ T8613]  do_setlink+0xbed/0x3990
[  418.405623][ T8613]  rtnl_newlink+0xd6b/0x17b0
[  418.410212][ T8613]  rtnetlink_rcv_msg+0x9e4/0xb90
[  418.415151][ T8613]  netlink_rcv_skb+0x1e0/0x430
[  418.419924][ T8613]  rtnetlink_rcv+0x1c/0x20
[  418.424344][ T8613]  netlink_unicast+0x87c/0xa40
[  418.429113][ T8613]  netlink_sendmsg+0x86a/0xb70
[  418.433885][ T8613]  ____sys_sendmsg+0x5a2/0x8c0
[  418.438650][ T8613]  ___sys_sendmsg+0x1f0/0x260
[  418.443333][ T8613]  __x64_sys_sendmsg+0x1e2/0x2a0
[  418.448272][ T8613]  x64_sys_call+0x4b/0x9a0
[  418.452698][ T8613]  do_syscall_64+0x4c/0xa0
[  418.457118][ T8613]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  418.463013][ T8613] 
[  418.465338][ T8613] The buggy address belongs to the object at ffff888118b77200
[  418.465338][ T8613]  which belongs to the cache kmalloc-192 of size 192
[  418.479393][ T8613] The buggy address is located 0 bytes to the right of
[  418.479393][ T8613]  192-byte region [ffff888118b77200, ffff888118b772c0)
[  418.493019][ T8613] The buggy address belongs to the page:
[  418.499093][ T8613] page:ffffea000462ddc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888118b77900 pfn:0x118b77
[  418.510637][ T8613] flags: 0x4000000000000200(slab|zone=1)
[  418.516300][ T8613] raw: 4000000000000200 ffffea0004947900 0000000400000004 ffff888100042c00
[  418.524889][ T8613] raw: ffff888118b77900 000000008010000f 00000001ffffffff 0000000000000000
[  418.533470][ T8613] page dumped because: kasan: bad access detected
[  418.539884][ T8613] page_owner tracks the page as allocated
[  418.545595][ T8613] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 1398, ts 104626144929, free_ts 104564038698
[  418.561744][ T8613]  post_alloc_hook+0x192/0x1b0
[  418.566518][ T8613]  prep_new_page+0x1c/0x110
[  418.571032][ T8613]  get_page_from_freelist+0x2cc5/0x2d50
[  418.576584][ T8613]  __alloc_pages+0x18f/0x440
[  418.581173][ T8613]  new_slab+0xa1/0x4d0
[  418.585250][ T8613]  ___slab_alloc+0x381/0x810
[  418.589869][ T8613]  __slab_alloc+0x49/0x90
[  418.594205][ T8613]  __kmalloc_track_caller+0x169/0x2c0
[  418.599583][ T8613]  kmemdup+0x26/0x60
[  418.603483][ T8613]  neigh_parms_alloc+0x8d/0x4f0
[  418.608341][ T8613]  ipv6_add_dev+0x32a/0x1150
[  418.612933][ T8613]  inet6_rtm_newaddr+0x474/0x970
[  418.617877][ T8613]  rtnetlink_rcv_msg+0x9e4/0xb90
[  418.622904][ T8613]  netlink_rcv_skb+0x1e0/0x430
[  418.627673][ T8613]  rtnetlink_rcv+0x1c/0x20
[  418.632094][ T8613]  netlink_unicast+0x87c/0xa40
[  418.636862][ T8613] page last free stack trace:
[  418.641533][ T8613]  free_unref_page_prepare+0x542/0x550
[  418.647002][ T8613]  free_unref_page+0xa2/0x550
[  418.651680][ T8613]  __free_pages+0x6c/0x100
[  418.656104][ T8613]  ringbuf_map_free+0xb6/0x110
[  418.660871][ T8613]  bpf_map_free_deferred+0x10e/0x1e0
[  418.666157][ T8613]  process_one_work+0x6be/0xba0
[  418.671013][ T8613]  worker_thread+0xa59/0x1200
[  418.675695][ T8613]  kthread+0x411/0x500
[  418.679769][ T8613]  ret_from_fork+0x1f/0x30
[  418.684191][ T8613] 
[  418.686517][ T8613] Memory state around the buggy address:
[  418.692150][ T8613]  ffff888118b77180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  418.700218][ T8613]  ffff888118b77200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  418.708287][ T8613] >ffff888118b77280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  418.716346][ T8613]                                            ^
[  418.722496][ T8613]  ffff888118b77300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  418.730558][ T8613]  ffff888118b77380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  418.738615][ T8613] ==================================================================
[  418.746700][ T8613] Disabling lock debugging due to kernel taint
[  418.817678][ T8585] ext4 filesystem being mounted at /198/file0 supports timestamps until 2038-01-19 (0x7fffffff)