last executing test programs:

10m36.103639539s ago: executing program 0 (id=232):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x18000000000002a0, 0x36, 0x0, &(0x7f0000000580)="d2205d96c717ab96f0ded75d86dd4d2b328ff4735900d4ab501aa2421ed8b56c4e7b9d5e830ac5c8f56b914421881e5fa59fe31f72f8", 0x0, 0xd5b7, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

10m36.023084737s ago: executing program 0 (id=236):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x5, 0x0, 0x7, 0x1, 0x1, 0xfffffffffffffff4, 0xfffffffffffffff0}, @func={0x85, 0x0, 0x1, 0x0, 0x1}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$igmp6(0xa, 0x3, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00')
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/198, 0xc6}], 0x1, 0x200009, 0x8)

10m36.022489827s ago: executing program 0 (id=239):
unshare(0x2a000600)
dup(0xffffffffffffffff)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x148, 0x0, 0xc})

10m35.974828202s ago: executing program 0 (id=241):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0/../file0\x00', 0x89901)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)

10m35.946243544s ago: executing program 0 (id=243):
r0 = creat(&(0x7f0000000040)='./bus\x00', 0xa8)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x20)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000001, 0x11, r0, 0xffffe000)

10m35.858102323s ago: executing program 0 (id=251):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
close(r0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
mlock(&(0x7f00002ad000/0x2000)=nil, 0x2000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
lseek(r1, 0x2000, 0x0)

10m35.803632358s ago: executing program 32 (id=251):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
close(r0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
mlock(&(0x7f00002ad000/0x2000)=nil, 0x2000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
lseek(r1, 0x2000, 0x0)

733.113547ms ago: executing program 1 (id=5098):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)

663.668534ms ago: executing program 1 (id=5100):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

658.815995ms ago: executing program 4 (id=5102):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x609e495c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000100001000c000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c0000800800034000000002"], 0xb0}}, 0x40)

649.546716ms ago: executing program 1 (id=5104):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe24}, {0x0, 0x4000}, {0x0}, {0x0}, {&(0x7f00000020c0), 0x500}], 0x5}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
inotify_rm_watch(0xffffffffffffffff, 0x0)

613.5047ms ago: executing program 4 (id=5107):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x18)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffff53a2513743897e44000d0001007564703aa3"], 0x54}}, 0x0)

605.72677ms ago: executing program 1 (id=5109):
socket$netlink(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000000400)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1000}}, {@nodiscard}, {@quota}]}, 0x1, 0x56f, &(0x7f00000004c0)="$eJzs3c9vHFcdAPDvjH82SesEeoAKSIBCQFHW8aaNql5aLiBUVUJUHBCH1Ngby2Q3G7LrUptIuH8DSCBxgj+BAxIHpJ44wIkjEgdAlANSgYgqRuph0MyO1669Jou93m12Px9pMj/ezHzf283Me367Oy+AiXUpIrYjYjYiXo+IhXJ7Uk7xcmfK93v44P7KzoP7K0lk2Wv/TIr0fFtxwHy5f0ScLc85HxFf/0rEt5PDcVubW7eX6/XavXJ9sd24u9ja3Lq63lheq63V7lSrN5ZuXHvh+vPVgZX1YuMX7355/ZVv/PpXn3zn99tf/H6erXNlWrccA9Yp+kw3Tm46Il45jWAjMFXOZ0ecD44njYiPRMRniut/IaaK/50AwDjLsoXIFvavAwDjLi36wJK0EhFpWjYCKp0+vKfjTFpvttpXbjU37qx2+srOx0x6a71eu3Zh7o/fLXaeSfL1pSKtSC/WqwfWr0fEhYj40dwTxXplpVlfHU2TBwAm3tn99X9EvDeXppVKX4f2+FQPAHhszI86AwDA0Kn/AWDyqP8BYPL0Uf+XH/Zvn3peAIDh6O/vf9/3A4Bxov8fACaP+h8AJsrXXn01n7Kd8vnXq29sbtxuvnF1tda6XWlsrFRWmvfuVtaazbXimT2NR52v3mzeXXouNt5cbNda7cXW5tbNRnPjTvtm8Vzvm7WZoZQKAPhfLlx8+w9JRGy/+EQxxb6xHNTVMN7SAe4FPF6mTnKwBgI81oz2BZOrryq8aCT89tTzAoxGzx/3zPdc/KCf/B9BfM8IPlQuf7z//n9jPMN4OdCz/342qowAQ3e8/v+XBp4PYPiO3f//58HmAxi+LEsOjvk/200CAMbSCb7Cl/1gUI0QYKQe9XDPgXz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGPmXER8J5K0UowFnub/ppVKxJMRcT5mklvr9dq1iHgqLkbEzFy+vrR78HujzTsAcFzp35Ny/K/LC8+eO5g6m/xnrphHxPd++tqP31xut+8t5dv/1d0+tzt8WHXvuBOMKwgA9O+v/exU1N/Vcr60t/3hg/sru9Mp5vGQd7/UHXx0ZefB/WLqpExHlmVZxHzRljjz7ySmy2PmI+KZiJgaQPzttyLiY73KnxR9I+fLkU/3x48y9pNDjZ9+IH5apHXm+cv30QHkBSbN2/n95+Ve118al4p57+t/vrhDnVxx/5uP2L337eyLP11GmuoRP7/mL/Ub47nffPXQxmyhk/ZWxDPTveIn3fjJEfGf7TP+nz7xqR++dERa9rOIy9E7/v5Yi+3G3cXW5tbV9cbyWm2tdqdavbF049oL15+vLhZ91Iu7PdWH/ePFK08dlbe8/GeOiN95588eKP9s99jP9Vn+n7//+rc+vbc6dzD+Fz7b+/1/uojY+/XP68TP9xl/+cwvjxy+O4+/ekT5H/X+X+kz/jt/21rtc1cAYAham1u3l+v12r0TLeR/hQ7iPIcW8iz2t/Nuc/FkQf8SxcLey5JEEsc+4UzvpLwx1tfhp/WqnvrCdLetONgzfzM/45CLkw68FMdZiPPlwsNhBR3dPQkYjr2LPiJ+N+rcAAAAAAAAAAAAAAAAvQzjN0yjLiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADj678BAAD//2PAxWs=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x142)
socket$nl_xfrm(0x10, 0x3, 0x6)
fsetxattr$system_posix_acl(r2, &(0x7f0000000340)='system.posix_acl_default\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000100050000000000040003000000000008000200", @ANYRES32=0x0, @ANYBLOB="100006005223000120"], 0x2c, 0x0)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))

589.955562ms ago: executing program 4 (id=5111):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000120702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffe6ffb702000db202fb600000000000b70300000000000085000000fdaaf5c4b75cd201ae681fc4319fdd3726bb8e4d058cd3", @ANYRESOCT], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0xf1c38fa000000000}, 0x18)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00008e6d0000e6fd87fd000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x20780, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r6}, 0x10)
ioprio_set$pid(0x3, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
r8 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r8)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r10 = socket(0x10, 0x3, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r12}, 0x10)
write(r10, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003c0000000000000008000f0001000000", 0x24)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}}]}, 0x78}}, 0x8814)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}]}}]}]}]}}]}, 0x6c}}, 0x0)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r13}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000280)={0x2, &(0x7f0000000140)=[{0x20, 0x3, 0x0, 0x3f}, {0x6}]})
write$UHID_CREATE2(r1, 0x0, 0x8)

539.660817ms ago: executing program 1 (id=5117):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)

476.132653ms ago: executing program 1 (id=5121):
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000000000100, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
ptrace(0x10, r1)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r1)

457.548965ms ago: executing program 4 (id=5125):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x18)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
r3 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, 0x0)

399.434251ms ago: executing program 4 (id=5132):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000007c0)={[0x9]}, 0x8)
faccessat2(r0, &(0x7f0000000000)='\x00', 0x0, 0x1100)

353.446095ms ago: executing program 4 (id=5135):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x77359400}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xa1}], 0x2, 0x0, 0x0)

253.992065ms ago: executing program 5 (id=5149):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4008840)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a030200020000000000000200000009000200"], 0x80}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0x110}}, 0x0)

253.554635ms ago: executing program 5 (id=5151):
r0 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ppoll(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, &(0x7f0000000100)={[0x100000001]}, 0x8)

207.920969ms ago: executing program 5 (id=5154):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x12000000, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000780)}, 0x20)

159.568664ms ago: executing program 5 (id=5159):
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x1, 0xd}, {0x7}, {0x10, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40085}, 0x40000)
recvmmsg(r6, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1b00, 0x10022, 0x0)

159.011124ms ago: executing program 3 (id=5161):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
close_range(r1, 0xffffffffffffffff, 0x0)

150.601285ms ago: executing program 3 (id=5164):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
statfs(0x0, 0x0)

117.314418ms ago: executing program 3 (id=5166):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r1}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lstat(&(0x7f0000000140)='./file0\x00', 0x0)

117.135208ms ago: executing program 2 (id=5167):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="020a00030700000026bd7000fbdbdf2505001a"], 0x38}}, 0x20000000)

116.724438ms ago: executing program 5 (id=5168):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x1ef, 0x3, 0x400, 0x8001, 0xf, "e63e9ec1482a4a22c0e07c9fc32e26c6d0a7d3", 0x9, 0x3})
write$UHID_INPUT(r0, &(0x7f0000001580)={0xfc, {"a2e3ad1bed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f3b356c030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb62913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab002f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

81.161682ms ago: executing program 3 (id=5169):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x18)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
r3 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, 0x0)

80.871142ms ago: executing program 2 (id=5170):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000400)=[{{&(0x7f0000000240)={0xa, 0x4e23, 0x800, @loopback}, 0x1c, 0x0}}], 0x1, 0x60040000)
recvmmsg(r2, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0xdb30}], 0x1, 0x40002042, 0x0)

80.379832ms ago: executing program 2 (id=5171):
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f00000000c0)=0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000000), &(0x7f0000000180)=r3}, 0x20)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r1}]}]}, 0x28}}, 0x0)

29.139267ms ago: executing program 2 (id=5172):
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r0, 0x0, 0x0)

28.797667ms ago: executing program 5 (id=5173):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7ff}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_io_uring_setup(0x23c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
io_uring_enter(r5, 0x7f5f, 0x4000000, 0x0, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r6, 0x5425, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})

28.656937ms ago: executing program 2 (id=5174):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000040c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000440)}], 0x1, 0x6, 0x3d)

28.497377ms ago: executing program 3 (id=5175):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="020000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008"], &(0x7f0000000600)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x18)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffff53a2513743897e44000d0001007564703aa3"], 0x54}}, 0x0)

28.265877ms ago: executing program 2 (id=5176):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7cb641, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x1, 0xd}, {0x7}, {0x10, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40085}, 0x40000)

0s ago: executing program 3 (id=5177):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd2a, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0x6, 0x100000a, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

kernel console output (not intermixed with test programs):

auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11139 comm="syz.2.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  559.169527][   T30] audit: type=1326 audit(1761258366.204:4410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11139 comm="syz.2.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  559.193318][   T30] audit: type=1326 audit(1761258366.224:4411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11139 comm="syz.2.3271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  559.243300][T11147] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  560.830856][T11164] overlayfs: missing 'workdir'
[  563.210342][T11219] loop5: detected capacity change from 0 to 128
[  563.219339][T11218] loop2: detected capacity change from 0 to 1024
[  563.290011][T11220] overlayfs: missing 'workdir'
[  564.094281][T11218] EXT4-fs (loop2): Ignoring removed orlov option
[  564.500185][T11218] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  564.828045][T11229] loop1: detected capacity change from 0 to 1024
[  564.884418][T11229] EXT4-fs (loop1): Ignoring removed orlov option
[  564.934899][T11229] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  565.262536][   T30] kauditd_printk_skb: 132 callbacks suppressed
[  565.262553][   T30] audit: type=1326 audit(1761258372.544:4544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.304728][T11249] 9pnet: Insufficient options for proto=fd
[  565.321984][   T30] audit: type=1326 audit(1761258372.574:4545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.346516][   T30] audit: type=1326 audit(1761258372.574:4546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.395148][T11254] loop1: detected capacity change from 0 to 512
[  565.399424][   T30] audit: type=1326 audit(1761258372.574:4547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.427559][T11252] 9pnet: Insufficient options for proto=fd
[  565.435051][   T30] audit: type=1326 audit(1761258372.574:4548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.483871][   T30] audit: type=1326 audit(1761258372.574:4549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.486081][T11254] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  565.507496][   T30] audit: type=1326 audit(1761258372.574:4550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.546743][   T30] audit: type=1326 audit(1761258372.574:4551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.574588][   T30] audit: type=1326 audit(1761258372.574:4552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.598361][   T30] audit: type=1326 audit(1761258372.574:4553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11245 comm="syz.2.3299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  565.626768][T11254] EXT4-fs (loop1): mount failed
[  570.014655][T11301] 9pnet: Insufficient options for proto=fd
[  570.053244][T11303] 9pnet: Insufficient options for proto=fd
[  570.212299][T11316] loop2: detected capacity change from 0 to 512
[  570.639535][T11316] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  570.655878][T11322] loop4: detected capacity change from 0 to 128
[  570.662942][T11316] EXT4-fs (loop2): mount failed
[  570.715489][T11325] loop1: detected capacity change from 0 to 1024
[  570.737545][T11325] EXT4-fs (loop1): Ignoring removed orlov option
[  570.750540][T11325] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  572.183030][T11351] incfs_lookup_dentry err:-14
[  572.187773][T11351] incfs: Can't find or create .index dir in ./file0
[  572.194832][T11351] incfs: mount failed -14
[  572.201065][T11351] 9pnet: bogus RREAD count (3 > 1)
[  573.306941][T11357] 9pnet: Insufficient options for proto=fd
[  573.315000][T11356] 9pnet: Insufficient options for proto=fd
[  573.346786][   T30] kauditd_printk_skb: 129 callbacks suppressed
[  573.346805][   T30] audit: type=1326 audit(1761258380.624:4683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.377355][   T30] audit: type=1326 audit(1761258380.624:4684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.404855][   T30] audit: type=1326 audit(1761258380.624:4685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.445093][   T30] audit: type=1326 audit(1761258380.624:4686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.486797][   T30] audit: type=1326 audit(1761258380.624:4687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.520054][T11363] 9pnet: Insufficient options for proto=fd
[  573.548998][   T30] audit: type=1326 audit(1761258380.624:4688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.576457][   T30] audit: type=1326 audit(1761258380.624:4689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.600952][   T30] audit: type=1326 audit(1761258380.624:4690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.602276][T11367] incfs_lookup_dentry err:-14
[  573.630068][   T30] audit: type=1326 audit(1761258380.624:4691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.655814][   T30] audit: type=1326 audit(1761258380.654:4692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11358 comm="syz.3.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6053231fc9 code=0x7ffc0000
[  573.680242][T11367] incfs: Can't find or create .index dir in ./file0
[  573.695942][T11367] incfs: mount failed -14
[  573.721908][T11375] loop5: detected capacity change from 0 to 512
[  573.856956][T11375] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  574.771123][T11385] overlayfs: missing 'workdir'
[  574.923853][T11375] EXT4-fs (loop5): mount failed
[  575.975598][T11421] 9pnet: Insufficient options for proto=fd
[  577.352777][T11424] overlayfs: missing 'workdir'
[  577.400226][T11442] loop2: detected capacity change from 0 to 512
[  577.458713][T11444] 9pnet: Insufficient options for proto=fd
[  577.589574][T11442] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  577.615844][T11442] EXT4-fs (loop2): mount failed
[  577.685903][T11460] loop5: detected capacity change from 0 to 1024
[  577.753071][T11460] EXT4-fs (loop5): Ignoring removed orlov option
[  577.762798][T11460] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  578.478513][T11467] overlayfs: missing 'workdir'
[  580.795746][T11473] 9pnet: Insufficient options for proto=fd
[  580.941991][T11485] loop1: detected capacity change from 0 to 1024
[  580.957832][T11487] loop2: detected capacity change from 0 to 1024
[  582.064806][T11485] EXT4-fs (loop1): Ignoring removed orlov option
[  582.087516][T11481] overlayfs: missing 'workdir'
[  582.101100][T11485] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  582.624356][T11487] EXT4-fs (loop2): Ignoring removed orlov option
[  582.821444][T11487] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  583.682658][T11518] loop5: detected capacity change from 0 to 512
[  583.725582][T11520] loop1: detected capacity change from 0 to 128
[  583.799915][T11518] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  583.815726][T11518] EXT4-fs (loop5): mount failed
[  585.656310][T11556] overlayfs: missing 'workdir'
[  586.732935][T11576] loop2: detected capacity change from 0 to 128
[  588.869912][T11614] overlayfs: missing 'workdir'
[  590.142603][T11616] overlayfs: missing 'workdir'
[  592.493874][T11633] loop2: detected capacity change from 0 to 1024
[  592.575131][T11633] EXT4-fs (loop2): Ignoring removed orlov option
[  592.600037][T11639] loop4: detected capacity change from 0 to 512
[  593.017600][T11633] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  593.042968][T11639] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  593.060580][T11639] EXT4-fs (loop4): mount failed
[  593.135174][T11648] x_tables: duplicate underflow at hook 4
[  595.983100][T11685] loop1: detected capacity change from 0 to 1024
[  596.061051][T11691] loop4: detected capacity change from 0 to 1024
[  596.786451][T11685] EXT4-fs (loop1): Ignoring removed orlov option
[  596.793005][T11691] EXT4-fs (loop4): Ignoring removed orlov option
[  597.950655][T11685] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  597.977745][   T30] kauditd_printk_skb: 73 callbacks suppressed
[  597.977761][   T30] audit: type=1326 audit(1761258405.254:4766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.020990][T11691] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  598.080137][   T30] audit: type=1326 audit(1761258405.294:4767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.103877][   T30] audit: type=1326 audit(1761258405.294:4768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.137082][   T30] audit: type=1326 audit(1761258405.294:4769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.171963][   T30] audit: type=1326 audit(1761258405.294:4770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.306302][   T30] audit: type=1326 audit(1761258405.294:4771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.339435][   T30] audit: type=1326 audit(1761258405.294:4772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  598.368903][   T30] audit: type=1326 audit(1761258405.294:4773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  600.283150][   T30] audit: type=1326 audit(1761258405.294:4774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  600.307103][   T30] audit: type=1326 audit(1761258405.294:4775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11704 comm="syz.2.3416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  601.668359][T11757] loop5: detected capacity change from 0 to 512
[  602.542714][T11757] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  603.503961][T11770] overlayfs: missing 'workdir'
[  603.504320][T11757] EXT4-fs (loop5): mount failed
[  603.924115][T11781] loop1: detected capacity change from 0 to 512
[  603.964395][T11781] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  603.979854][T11781] EXT4-fs (loop1): mount failed
[  606.079850][T11811] 9pnet: Insufficient options for proto=fd
[  606.089526][T11813] incfs_lookup_dentry err:-14
[  606.094793][T11813] incfs: Can't find or create .index dir in ./file0
[  606.101552][T11813] incfs: mount failed -14
[  606.118876][T11813] 9pnet: bogus RREAD count (3 > 1)
[  606.722562][T11833] x_tables: duplicate underflow at hook 4
[  606.826594][T11837] loop2: detected capacity change from 0 to 1024
[  606.893595][T11837] EXT4-fs (loop2): Ignoring removed orlov option
[  607.113782][T11837] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  608.661515][T11858] loop2: detected capacity change from 0 to 512
[  608.713410][T11867] loop1: detected capacity change from 0 to 512
[  608.746434][T11870] 9pnet: Insufficient options for proto=fd
[  608.808973][T11858] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  608.825195][T11867] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  608.846548][T11858] EXT4-fs (loop2): mount failed
[  608.852071][T11867] EXT4-fs (loop1): mount failed
[  608.912629][T11881] overlayfs: missing 'workdir'
[  611.016973][T11897] loop4: detected capacity change from 0 to 1024
[  611.044249][T11897] EXT4-fs (loop4): Ignoring removed orlov option
[  611.058082][T11897] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  611.090161][T11902] loop5: detected capacity change from 0 to 1024
[  611.101975][T11902] EXT4-fs (loop5): Ignoring removed orlov option
[  611.416313][T11902] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  611.988757][T11915] loop1: detected capacity change from 0 to 1024
[  612.052452][T11915] EXT4-fs (loop1): Ignoring removed orlov option
[  612.085694][T11890] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.086959][T11917] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  612.102007][T11890] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.105535][T11915] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  612.177829][T11917] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  612.226001][T11890] device bridge_slave_0 entered promiscuous mode
[  612.241788][T11890] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.251143][T11890] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.260724][T11890] device bridge_slave_1 entered promiscuous mode
[  612.631340][T11932] 9pnet: Insufficient options for proto=fd
[  612.702022][T11937] incfs_lookup_dentry err:-14
[  612.707008][T11937] incfs: Can't find or create .index dir in ./file0
[  612.714035][T11937] incfs: mount failed -14
[  612.761453][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  612.777420][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  612.836524][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  612.845266][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  612.854099][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.861179][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  612.869208][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  612.893155][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  612.915040][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.922125][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  612.929750][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  612.942437][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  613.855234][T11956] overlayfs: missing 'workdir'
[  614.092281][T11958] 9pnet: Insufficient options for proto=fd
[  614.140578][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  614.166699][T11963] 9pnet: Insufficient options for proto=fd
[  614.169826][T11961] loop4: detected capacity change from 0 to 512
[  614.179174][T11965] loop2: detected capacity change from 0 to 512
[  614.179202][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  614.195635][T11890] device veth0_vlan entered promiscuous mode
[  614.213536][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  614.221726][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  614.232600][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  614.240290][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  614.263451][T11961] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  614.278283][T11965] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  614.296914][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  614.306084][T11965] EXT4-fs (loop2): mount failed
[  614.306501][T11961] EXT4-fs (loop4): mount failed
[  614.318773][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  614.440762][T11890] device veth1_macvtap entered promiscuous mode
[  614.452079][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  614.460457][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  614.469568][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  614.750755][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  614.759362][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  614.977365][ T2959] device bridge_slave_1 left promiscuous mode
[  615.159422][ T2959] bridge0: port 2(bridge_slave_1) entered disabled state
[  615.171203][T11984] loop3: detected capacity change from 0 to 1024
[  615.203418][ T2959] device bridge_slave_0 left promiscuous mode
[  615.209625][ T2959] bridge0: port 1(bridge_slave_0) entered disabled state
[  615.213186][T11986] loop2: detected capacity change from 0 to 512
[  615.227184][ T2959] device veth1_macvtap left promiscuous mode
[  615.241983][T11984] EXT4-fs (loop3): Ignoring removed orlov option
[  615.275533][T11984] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  615.386151][T11994] loop4: detected capacity change from 0 to 1024
[  615.393757][T11986] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  615.437951][T11986] EXT4-fs (loop2): mount failed
[  615.468974][T11994] EXT4-fs (loop4): Ignoring removed orlov option
[  615.514728][T11994] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  615.589622][T11996] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  615.599123][T11996] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  615.862490][T12006] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  615.916283][T12006] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  616.006452][T12009] loop4: detected capacity change from 0 to 1024
[  616.063087][T12009] EXT4-fs (loop4): Ignoring removed orlov option
[  616.083763][T12016] loop2: detected capacity change from 0 to 512
[  616.096382][T12009] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  616.165455][T12022] overlayfs: missing 'workdir'
[  616.231488][T12016] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  616.817113][T12016] EXT4-fs (loop2): mount failed
[  616.916556][T12034] 9pnet: Insufficient options for proto=fd
[  619.091737][T12061] loop2: detected capacity change from 0 to 512
[  619.145339][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  619.145354][   T30] audit: type=1326 audit(1761258426.424:4779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.194553][   T30] audit: type=1326 audit(1761258426.464:4780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.197238][T12061] EXT4-fs warning (device loop2): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  619.218502][   T30] audit: type=1326 audit(1761258426.464:4781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.259357][   T30] audit: type=1326 audit(1761258426.464:4782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.284000][   T30] audit: type=1326 audit(1761258426.464:4783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.314765][   T30] audit: type=1326 audit(1761258426.464:4784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.345028][   T30] audit: type=1326 audit(1761258426.464:4785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.368885][   T30] audit: type=1326 audit(1761258426.464:4786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.374921][T12061] EXT4-fs (loop2): mount failed
[  619.393147][   T30] audit: type=1326 audit(1761258426.464:4787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  619.422048][   T30] audit: type=1326 audit(1761258426.474:4788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12068 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  620.912552][T12091] overlayfs: missing 'workdir'
[  621.266170][T12094] loop4: detected capacity change from 0 to 512
[  621.350635][T12094] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  621.386269][T12094] EXT4-fs (loop4): mount failed
[  621.420816][T12101] loop5: detected capacity change from 0 to 128
[  621.538055][T12103] loop3: detected capacity change from 0 to 1024
[  621.661944][T12103] EXT4-fs (loop3): Ignoring removed orlov option
[  621.671023][T12103] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  622.866938][T12103] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  622.900866][T12103] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  622.917899][T12132] loop2: detected capacity change from 0 to 1024
[  622.919896][T12118] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  622.937024][T12132] EXT4-fs (loop2): Ignoring removed orlov option
[  622.947613][T12132] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  623.558928][T12150] loop5: detected capacity change from 0 to 512
[  623.585512][T12143] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  623.595296][T12143] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  623.643305][T12150] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  623.664478][T12150] EXT4-fs (loop5): mount failed
[  623.897534][T12165] loop1: detected capacity change from 0 to 512
[  623.970370][T12165] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  624.025789][T12165] EXT4-fs (loop1): mount failed
[  624.259481][T12178] loop2: detected capacity change from 0 to 1024
[  624.271450][T12178] EXT4-fs (loop2): Ignoring removed orlov option
[  624.285664][T12178] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  624.530832][T12187] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  624.544477][T12187] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  627.014692][T12201] overlayfs: missing 'workdir'
[  627.032962][T12206] loop4: detected capacity change from 0 to 512
[  627.100750][T12206] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  627.127723][T12206] EXT4-fs (loop4): mount failed
[  627.219973][T12220] loop3: detected capacity change from 0 to 512
[  627.405822][T12220] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  629.306921][T12220] EXT4-fs (loop3): mount failed
[  630.878034][T12268] 9pnet: Insufficient options for proto=fd
[  632.397061][T12287] loop3: detected capacity change from 0 to 1024
[  632.442172][T12287] EXT4-fs (loop3): Ignoring removed orlov option
[  632.456594][T12289] loop4: detected capacity change from 0 to 512
[  632.521854][T12287] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  632.558480][T12289] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  632.581120][T12289] EXT4-fs (loop4): mount failed
[  632.763166][T12307] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  632.772185][T12307] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  634.402546][T12327] overlayfs: missing 'workdir'
[  635.134595][   T30] kauditd_printk_skb: 124 callbacks suppressed
[  635.134612][   T30] audit: type=1326 audit(1761258442.414:4913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.195494][   T30] audit: type=1326 audit(1761258442.444:4914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.219103][   T30] audit: type=1326 audit(1761258442.444:4915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.242571][   T30] audit: type=1326 audit(1761258442.444:4916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.266725][   T30] audit: type=1326 audit(1761258442.444:4917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.330066][T12333] loop1: detected capacity change from 0 to 1024
[  635.354165][T12335] loop5: detected capacity change from 0 to 1024
[  635.378569][   T30] audit: type=1326 audit(1761258442.444:4918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.402641][   T30] audit: type=1326 audit(1761258442.444:4919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.455228][T12335] EXT4-fs (loop5): Ignoring removed orlov option
[  635.517453][T12335] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  635.667337][T12333] EXT4-fs (loop1): Ignoring removed orlov option
[  635.716191][   T30] audit: type=1326 audit(1761258442.444:4920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.739790][   T30] audit: type=1326 audit(1761258442.444:4921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  635.745670][T12333] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  635.763362][   T30] audit: type=1326 audit(1761258442.444:4922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12328 comm="syz.4.3572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  636.016076][T12356] loop3: detected capacity change from 0 to 1024
[  636.073165][T12356] EXT4-fs (loop3): Ignoring removed orlov option
[  636.136594][T12356] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  636.567538][T12361] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  636.581439][T12361] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  636.629803][T12370] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  636.639531][T12370] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  636.664386][T12374] loop5: detected capacity change from 0 to 512
[  636.794112][T12374] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  636.833143][T12374] EXT4-fs (loop5): mount failed
[  637.679638][T12398] x_tables: duplicate underflow at hook 4
[  638.889283][T12407] overlayfs: missing 'workdir'
[  638.930411][T12403] overlayfs: missing 'workdir'
[  639.487757][T12417] loop1: detected capacity change from 0 to 512
[  639.732579][T12417] EXT4-fs warning (device loop1): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  639.780936][T12417] EXT4-fs (loop1): mount failed
[  640.790398][T12442] loop4: detected capacity change from 0 to 1024
[  640.822554][T12442] EXT4-fs (loop4): Ignoring removed orlov option
[  641.187205][T12442] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  641.445714][T12465] loop5: detected capacity change from 0 to 512
[  641.478925][T12471] loop2: detected capacity change from 0 to 1024
[  642.463394][T12472] overlayfs: missing 'workdir'
[  642.500936][T12465] EXT4-fs warning (device loop5): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  642.632999][T12465] EXT4-fs (loop5): mount failed
[  642.702958][T12471] EXT4-fs (loop2): Ignoring removed orlov option
[  642.744383][T12471] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  642.803119][   T30] kauditd_printk_skb: 129 callbacks suppressed
[  642.803136][   T30] audit: type=1326 audit(1761258450.084:5052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  642.853539][   T30] audit: type=1326 audit(1761258450.134:5053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  642.947664][   T30] audit: type=1326 audit(1761258450.134:5054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  642.978125][   T30] audit: type=1326 audit(1761258450.134:5055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.002102][   T30] audit: type=1326 audit(1761258450.134:5056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.026704][   T30] audit: type=1326 audit(1761258450.134:5057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.054711][T12497] loop3: detected capacity change from 0 to 512
[  643.070108][   T30] audit: type=1326 audit(1761258450.134:5058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.094477][   T30] audit: type=1326 audit(1761258450.134:5059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.127292][   T30] audit: type=1326 audit(1761258450.134:5060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.151552][   T30] audit: type=1326 audit(1761258450.164:5061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12486 comm="syz.3.3615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fa66d1a6fc9 code=0x7ffc0000
[  643.287834][T12497] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  643.306817][T12510] overlayfs: missing 'workdir'
[  643.312307][T12497] EXT4-fs (loop3): mount failed
[  646.145331][T12545] loop2: detected capacity change from 0 to 1024
[  647.566254][T12545] EXT4-fs (loop2): Ignoring removed orlov option
[  647.613049][T12545] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  647.713897][T12557] overlayfs: missing 'workdir'
[  650.552710][T12561] overlayfs: missing 'workdir'
[  652.543205][T12595] loop4: detected capacity change from 0 to 512
[  652.586619][T12600] loop3: detected capacity change from 0 to 1024
[  652.597185][T12595] EXT4-fs warning (device loop4): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  652.618220][T12595] EXT4-fs (loop4): mount failed
[  652.640015][T12605] loop2: detected capacity change from 0 to 1024
[  652.647068][T12600] EXT4-fs (loop3): Ignoring removed orlov option
[  652.663025][T12600] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  652.807639][T12605] EXT4-fs (loop2): Ignoring removed orlov option
[  652.811792][T12610] loop1: detected capacity change from 0 to 1024
[  652.848482][T12610] EXT4-fs (loop1): Ignoring removed orlov option
[  653.073081][T12605] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  653.124358][T12610] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  653.544595][T12633] loop3: detected capacity change from 0 to 512
[  653.731749][T12633] EXT4-fs warning (device loop3): ext4_enable_quotas:6452: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  653.747363][T12633] EXT4-fs (loop3): mount failed
[  654.370255][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  654.370272][   T30] audit: type=1400 audit(1761258461.644:5120): avc:  denied  { append } for  pid=12656 comm="syz.4.3654" name="001" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  654.375248][T12657] usb usb1: usbfs: process 12657 (syz.4.3654) did not claim interface 0 before use
[  654.806585][T12661] loop5: detected capacity change from 0 to 1024
[  654.872869][   T30] audit: type=1400 audit(1761258462.154:5121): avc:  denied  { create } for  pid=12667 comm="syz.4.3659" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  654.876199][T12668] loop4: detected capacity change from 0 to 512
[  654.931118][   T30] audit: type=1400 audit(1761258462.204:5122): avc:  denied  { write } for  pid=12672 comm="syz.2.3662" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  654.966195][T12661] EXT4-fs (loop5): Ignoring removed orlov option
[  654.985560][T12668] EXT4-fs (loop4): Ignoring removed nobh option
[  655.001922][T12668] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  655.012396][   T30] audit: type=1400 audit(1761258462.234:5123): avc:  denied  { open } for  pid=12672 comm="syz.2.3662" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  655.039779][T12661] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  655.091578][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #3: comm syz.4.3659: corrupted inode contents
[  655.111403][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.118568][T12668] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #3: comm syz.4.3659: mark_inode_dirty error
[  655.130044][   T30] audit: type=1400 audit(1761258462.264:5124): avc:  denied  { mounton } for  pid=12667 comm="syz.4.3659" path="/121/file0" dev="tmpfs" ino=713 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  655.130113][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.153353][   T30] audit: type=1400 audit(1761258462.384:5125): avc:  denied  { ioctl } for  pid=12672 comm="syz.2.3662" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x941e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  655.190645][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #3: comm syz.4.3659: corrupted inode contents
[  655.226679][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.233969][T12668] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz.4.3659: mark_inode_dirty error
[  655.252462][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.269519][T12668] Quota error (device loop4): write_blk: dquota write failed
[  655.279439][T12668] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  655.289617][   T30] audit: type=1400 audit(1761258462.564:5126): avc:  denied  { write } for  pid=12690 comm="syz.5.3668" name="usbmon1" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  655.313886][T12668] EXT4-fs error (device loop4): ext4_acquire_dquot:6200: comm syz.4.3659: Failed to acquire dquot type 0
[  655.329052][T12693] mmap: syz.2.3670 (12693) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  655.341395][   T30] audit: type=1400 audit(1761258462.564:5127): avc:  denied  { ioctl } for  pid=12690 comm="syz.5.3668" path="/dev/usbmon1" dev="devtmpfs" ino=156 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  655.367584][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.382151][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3659: corrupted inode contents
[  655.396181][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.408467][T12668] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #16: comm syz.4.3659: mark_inode_dirty error
[  655.420087][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.444445][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3659: corrupted inode contents
[  655.502998][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.509665][T12668] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.3659: mark_inode_dirty error
[  655.542734][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.549348][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3659: corrupted inode contents
[  655.584856][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.591419][T12668] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[  655.601989][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.608979][T12668] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3659: corrupted inode contents
[  655.629849][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.637476][T12668] EXT4-fs error (device loop4): ext4_truncate:4310: inode #16: comm syz.4.3659: mark_inode_dirty error
[  655.649419][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.656407][T12668] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[  655.666866][T12668] EXT4-fs (loop4): Remounting filesystem read-only
[  655.677240][T12668] EXT4-fs (loop4): 1 truncate cleaned up
[  655.683486][T12668] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nobh,. Quota mode: writeback.
[  655.715766][T12668] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  655.877490][T12726] loop4: detected capacity change from 0 to 512
[  655.945397][T12726] EXT4-fs (loop4): orphan cleanup on readonly fs
[  655.952763][T12726] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.3686: bad orphan inode 13
[  655.980017][T12726] ext4_test_bit(bit=12, block=18) = 1
[  655.986420][T12726] is_bad_inode(inode)=0
[  655.991102][T12726] NEXT_ORPHAN(inode)=2130706432
[  655.996438][T12726] max_ino=32
[  655.999673][T12726] i_nlink=1
[  656.003415][T12726] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  656.049294][T12749] device syzkaller0 entered promiscuous mode
[  656.194167][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x1
[  656.206678][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.223571][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.241223][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.268846][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.286541][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.299591][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.304416][T12785] loop2: detected capacity change from 0 to 512
[  656.314106][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.321645][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.329188][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.336969][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.344511][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.351979][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.359480][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.364530][T12785] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback.
[  656.366928][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x2
[  656.382000][T12785] ext4 filesystem being mounted at /131/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  656.388928][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.407071][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.414543][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.421996][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.429496][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.436943][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.444466][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.451889][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.459345][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.466771][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.474304][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.481706][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.489132][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.496650][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.504072][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.511488][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.518922][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.526342][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.533756][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.541264][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.548698][  T573] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  656.557113][  T573] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  656.643430][T12799] loop5: detected capacity change from 0 to 2048
[  656.649559][T12801] loop2: detected capacity change from 0 to 512
[  656.695953][T12801] ------------[ cut here ]------------
[  656.701481][T12801] EA inode 11 i_nlink=2
[  656.701613][T12801] WARNING: CPU: 0 PID: 12801 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x4ad/0x510
[  656.732414][T12801] Modules linked in:
[  656.736394][T12801] CPU: 1 PID: 12801 Comm: syz.2.3713 Not tainted syzkaller #0
[  656.747725][T12804] fido_id[12804]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  656.764289][T12801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  656.775383][T12801] RIP: 0010:ext4_xattr_inode_update_ref+0x4ad/0x510
[  656.782039][T12801] Code: 8d 7d 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 44 9d be ff 49 8b 37 48 c7 c7 40 2c 4f 85 89 da e8 c3 3a b7 02 <0f> 0b 4c 8b 6c 24 10 4c 8b 7c 24 08 4c 8d 64 24 60 e9 b4 fe ff ff
[  656.805822][T12799] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  656.838716][T12801] RSP: 0018:ffffc90000efeee0 EFLAGS: 00010246
[  656.857127][T12801] RAX: 8c9779246afff000 RBX: 0000000000000002 RCX: 0000000000080000
[  656.878060][T12801] RDX: ffffc900010d9000 RSI: 0000000000006f26 RDI: 0000000000006f27
[  656.886376][T12801] RBP: ffffc90000efefd0 R08: dffffc0000000000 R09: ffffed103ee04e93
[  656.894962][T12801] R10: ffffed103ee04e93 R11: 1ffff1103ee04e92 R12: ffffc90000efef40
[  656.903465][T12801] R13: ffff88813084cd50 R14: dffffc0000000000 R15: ffff88813084cd90
[  656.911510][T12801] FS:  00007f600514e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  656.922322][T12801] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  656.929132][T12801] CR2: 0000200000e7d000 CR3: 00000001178fa000 CR4: 00000000003506a0
[  656.937455][T12801] Call Trace:
[  656.940856][T12801]  <TASK>
[  656.944107][T12801]  ? ext4_xattr_block_csum+0x530/0x530
[  656.949899][T12801]  ? __kasan_check_write+0x14/0x20
[  656.955413][T12801]  ? ext4_xattr_inode_iget+0x266/0x350
[  656.960999][T12801]  ext4_xattr_set_entry+0xee1/0x37d0
[  656.966901][T12801]  ? mb_cache_entry_create+0x6bf/0x8a0
[  656.972901][T12801]  ? ext4_xattr_ibody_set+0x360/0x360
[  656.978321][T12801]  ? ext4_xattr_block_set+0x1d82/0x2cb0
[  656.984189][T12801]  ? __kasan_check_write+0x14/0x20
[  656.989340][T12801]  ? __ext4_xattr_check_block+0x7ea/0x8e0
[  656.995366][T12801]  ? ext4_xattr_block_find+0x4f0/0x4f0
[  657.000863][T12801]  ext4_xattr_ibody_set+0x122/0x360
[  657.006967][T12801]  ext4_expand_extra_isize_ea+0x1169/0x1a10
[  657.030822][T12801]  __ext4_expand_extra_isize+0x2fe/0x3e0
[  657.047516][T12801]  __ext4_mark_inode_dirty+0x3d4/0x610
[  657.056812][T12801]  ext4_evict_inode+0xc01/0x1450
[  657.063856][T12801]  ? _raw_spin_unlock+0x4d/0x70
[  657.068848][T12801]  ? ext4_inode_is_fast_symlink+0x3a0/0x3a0
[  657.076347][T12801]  ? unlock_new_inode+0x97/0xc0
[  657.097158][T12822] loop1: detected capacity change from 0 to 2048
[  657.099263][T12801]  ? ext4_inode_is_fast_symlink+0x3a0/0x3a0
[  657.110847][T12801]  evict+0x485/0x870
[  657.116263][T12801]  ? proc_nr_inodes+0x310/0x310
[  657.123180][T12801]  ? _raw_spin_lock+0x8e/0xe0
[  657.128140][T12801]  ? _raw_spin_trylock_bh+0x130/0x130
[  657.134358][T12801]  ? __kasan_check_write+0x14/0x20
[  657.139527][T12801]  iput+0x635/0x7c0
[  657.144036][T12801]  ext4_process_orphan+0x2b1/0x320
[  657.149852][T12801]  ext4_orphan_cleanup+0x9d1/0x10c0
[  657.158053][T12801]  ? ext4_orphan_del+0xb90/0xb90
[  657.167588][T12801]  ? ext4_register_sysfs+0x285/0x2c0
[  657.170760][T12834] syz.5.3733[12834] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  657.175596][T12801]  ? errseq_check_and_advance+0x66/0x130
[  657.192792][T12834] syz.5.3733[12834] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  657.198397][T12801]  ext4_fill_super+0x8974/0x9090
[  657.219657][T12801]  ? ext4_mount+0x40/0x40
[  657.233943][T12801]  ? set_blocksize+0x1fc/0x380
[  657.239233][T12801]  ? sb_set_blocksize+0xaa/0xf0
[  657.240380][T12836] loop4: detected capacity change from 0 to 2048
[  657.251723][T12801]  ? ext4_mount+0x40/0x40
[  657.256686][T12822] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  657.263409][T12801]  mount_bdev+0x2ae/0x3e0
[  657.272004][T12801]  ? ext4_mount+0x40/0x40
[  657.272487][T12822] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  657.287076][T12801]  ext4_mount+0x34/0x40
[  657.296053][T12801]  legacy_get_tree+0xed/0x190
[  657.300950][T12801]  ? ext4_errno_to_code+0x160/0x160
[  657.306576][T12801]  vfs_get_tree+0x89/0x260
[  657.311108][T12801]  do_new_mount+0x25a/0xa20
[  657.315750][T12801]  path_mount+0x675/0x1020
[  657.320395][T12801]  ? user_path_at_empty+0x161/0x1c0
[  657.325841][T12801]  __se_sys_mount+0x318/0x380
[  657.330562][T12801]  ? __x64_sys_mount+0xd0/0xd0
[  657.336197][T12801]  __x64_sys_mount+0xbf/0xd0
[  657.340792][  T494]  loop4: unable to read partition table
[  657.340837][T12801]  x64_sys_call+0x6bf/0x9a0
[  657.347213][  T494] loop4: partition table beyond EOD, truncated
[  657.351247][T12801]  do_syscall_64+0x4c/0xa0
[  657.361944][T12801]  ? clear_bhb_loop+0x50/0xa0
[  657.389735][T12801]  ? clear_bhb_loop+0x50/0xa0
[  657.405518][T12801]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  657.414407][T12801] RIP: 0033:0x7f60066e776a
[  657.420661][T12801] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.442018][T12801] RSP: 002b:00007f600514de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  657.445071][T12836]  loop4: unable to read partition table
[  657.450637][T12801] RAX: ffffffffffffffda RBX: 00007f600514def0 RCX: 00007f60066e776a
[  657.464407][T12836] loop4: partition table beyond EOD, truncated
[  657.474280][T12801] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f600514deb0
[  657.482411][T12801] RBP: 0000200000000180 R08: 00007f600514def0 R09: 0000000000800700
[  657.489734][T12836] loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
[  657.502049][T12801] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[  657.520325][T12801] R13: 00007f600514deb0 R14: 000000000000046f R15: 000000000000002c
[  657.540296][T12801]  </TASK>
[  657.543691][T12801] ---[ end trace bdc8ccbf5b29fdaa ]---
[  657.547013][  T101]  loop4: unable to read partition table
[  657.549702][T12801] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #18: comm syz.2.3713: iget: bad extra_isize 90 (inode size 256)
[  657.555537][  T101] loop4: partition table beyond EOD, truncated
[  657.584043][T12801] EXT4-fs (loop2): Remounting filesystem read-only
[  657.590815][T12801] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.3713: error while reading EA inode 18 err=-117
[  657.603451][T12801] EXT4-fs (loop2): Remounting filesystem read-only
[  657.610066][T12801] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #18: comm syz.2.3713: iget: bad extra_isize 90 (inode size 256)
[  657.629044][T12859] loop5: detected capacity change from 0 to 1024
[  657.632555][T12801] EXT4-fs (loop2): Remounting filesystem read-only
[  657.648339][T12801] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.3713: error while reading EA inode 18 err=-117
[  657.667614][T12801] EXT4-fs (loop2): Remounting filesystem read-only
[  657.674957][T12801] EXT4-fs (loop2): 1 orphan inode deleted
[  657.687122][T12801] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.
[  657.755114][T12859] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  658.068076][T12887] loop5: detected capacity change from 0 to 512
[  658.107646][T12892] netlink: 'syz.4.3756': attribute type 6 has an invalid length.
[  658.123512][T12887] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  658.148822][T12887] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  658.188803][T12887] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  658.206102][T12887] System zones: 0-2, 18-18, 34-35
[  658.212903][T12887] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  658.235104][T12900] loop4: detected capacity change from 0 to 512
[  658.279116][T12887] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  658.306535][T12900] EXT4-fs (loop4): error: journal path ./bus is not a block device
[  658.323552][T12887] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  658.356669][T12887] EXT4-fs (loop5): re-mounted. Opts: . Quota mode: none.
[  658.394244][T12887] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.3754: bg 0: block 353: padding at end of block bitmap is not set
[  658.488379][T12912] loop4: detected capacity change from 0 to 512
[  658.536004][T12912] EXT4-fs (loop4): Unsupported blocksize for fs-verity
[  658.650517][T12922] raw_sendmsg: syz.5.3769 forgot to set AF_INET. Fix it!
[  658.678298][T12929] loop4: detected capacity change from 0 to 512
[  658.706862][T12933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3775'.
[  658.721446][T12929] EXT4-fs (loop4): Ignoring removed bh option
[  658.761266][T12929] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  658.790459][T12929] ext4 filesystem being mounted at /146/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  658.967230][T12955] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3785'.
[  659.766210][T12970] device syzkaller0 entered promiscuous mode
[  659.896216][T12978] loop5: detected capacity change from 0 to 512
[  659.963433][T12978] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  659.972256][T12983] loop2: detected capacity change from 0 to 512
[  659.981814][T12978] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback.
[  660.006483][T12983] EXT4-fs (loop2): Ignoring removed bh option
[  660.012904][T12983] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  660.024359][T12983] EXT4-fs (loop2): 1 truncate cleaned up
[  660.030137][T12983] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  660.078143][   T30] kauditd_printk_skb: 185 callbacks suppressed
[  660.078162][   T30] audit: type=1400 audit(1761258467.354:5313): avc:  denied  { append } for  pid=12982 comm="syz.2.3794" path="/151/file0/file0/cpuacct.usage_sys" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  660.125256][T12990] loop4: detected capacity change from 0 to 128
[  660.149208][T12990] EXT4-fs (loop4): Ignoring removed nobh option
[  660.169496][T12990] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,abort,,errors=continue. Quota mode: none.
[  660.177493][T12995] loop2: detected capacity change from 0 to 512
[  660.190241][T12990] ext4 filesystem being mounted at /149/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  660.195031][   T30] audit: type=1400 audit(1761258467.474:5314): avc:  denied  { create } for  pid=12996 comm="syz.5.3800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  660.220550][   T30] audit: type=1400 audit(1761258467.474:5315): avc:  denied  { ioctl } for  pid=12988 comm="syz.4.3797" path="/149/mnt/cpu.stat" dev="loop4" ino=12 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  660.258020][T12995] EXT4-fs (loop2): 1 truncate cleaned up
[  660.265544][T12995] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none.
[  660.336298][   T30] audit: type=1400 audit(1761258467.614:5316): avc:  denied  { relabelfrom } for  pid=13008 comm="syz.2.3805" name="NETLINK" dev="sockfs" ino=91954 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  660.364240][T13009] loop4: detected capacity change from 0 to 512
[  660.369351][   T30] audit: type=1400 audit(1761258467.614:5317): avc:  denied  { relabelto } for  pid=13008 comm="syz.2.3805" name="NETLINK" dev="sockfs" ino=91954 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_tcpdiag_socket permissive=1
[  660.416313][T13009] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  660.426921][T13015] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3808'.
[  660.427972][   T30] audit: type=1400 audit(1761258467.694:5318): avc:  denied  { bind } for  pid=13013 comm="syz.2.3808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  660.437354][T13009] EXT4-fs (loop4): orphan cleanup on readonly fs
[  660.462876][   T30] audit: type=1400 audit(1761258467.694:5319): avc:  denied  { setopt } for  pid=13013 comm="syz.2.3808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  660.485665][T13009] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3804: corrupted inode contents
[  660.497925][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.514297][T13009] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #16: comm syz.4.3804: mark_inode_dirty error
[  660.526389][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.533231][T13009] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3804: corrupted inode contents
[  660.550691][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.557813][T13009] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.3804: mark_inode_dirty error
[  660.575819][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.583031][T13009] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3804: corrupted inode contents
[  660.598912][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.605902][T13009] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[  660.621244][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.628197][T13009] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #16: comm syz.4.3804: corrupted inode contents
[  660.640359][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.647150][T13028] xt_hashlimit: max too large, truncated to 1048576
[  660.654337][T13009] EXT4-fs error (device loop4): ext4_truncate:4310: inode #16: comm syz.4.3804: mark_inode_dirty error
[  660.682335][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.694840][T13009] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[  660.715895][T13009] EXT4-fs (loop4): Remounting filesystem read-only
[  660.722817][   T30] audit: type=1400 audit(1761258467.994:5320): avc:  denied  { listen } for  pid=13035 comm="syz.1.3817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  660.748727][T13009] EXT4-fs (loop4): 1 truncate cleaned up
[  660.754754][   T30] audit: type=1400 audit(1761258467.994:5321): avc:  denied  { accept } for  pid=13035 comm="syz.1.3817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  660.783691][T13009] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,discard,. Quota mode: writeback.
[  660.832449][T13046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3822'.
[  660.900876][T13048] device syzkaller0 entered promiscuous mode
[  660.939847][   T30] audit: type=1326 audit(1761258468.214:5322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13054 comm="syz.4.3826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  661.013868][T13061] loop9: detected capacity change from 0 to 7
[  661.415535][T13080] loop4: detected capacity change from 0 to 2048
[  661.445764][T13080] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  661.505629][T13084] loop4: detected capacity change from 0 to 512
[  661.585866][T13084] EXT4-fs (loop4): Ignoring removed bh option
[  661.607106][T13084] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  661.621098][T13084] ext4 filesystem being mounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  661.678061][T13092] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3841'.
[  661.687724][T13092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3841'.
[  661.792262][T13104] syz.5.3847[13104] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  661.792368][T13104] syz.5.3847[13104] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  661.941087][T13123] device syzkaller0 entered promiscuous mode
[  661.960476][T13128] syz.2.3858[13128] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  661.960561][T13128] syz.2.3858[13128] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  662.006326][T13133] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14385 sclass=netlink_route_socket pid=13133 comm=syz.2.3861
[  662.138748][T13155] loop4: detected capacity change from 0 to 512
[  662.164008][T13155] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  662.175246][T13155] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  662.198286][T13155] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.3872: corrupted inode contents
[  662.210492][T13155] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.3872: mark_inode_dirty error
[  662.222199][T13155] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.3872: corrupted inode contents
[  662.234310][T13155] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.3872: mark_inode_dirty error
[  662.270121][T13164] loop1: detected capacity change from 0 to 2048
[  662.306823][T13164] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable=0x0000000000000001,errors=remount-ro,resgid=0x0000000000000000,barrier,bsdgroups,inode_readahead_blks=0x0000000000002000,. Quota mode: none.
[  662.328074][T13164] ext4 filesystem being mounted at /206/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  662.442903][T13177] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.3875: bg 0: block 345: padding at end of block bitmap is not set
[  662.463935][T13177] EXT4-fs (loop1): Remounting filesystem read-only
[  662.854541][T13213] loop1: detected capacity change from 0 to 512
[  662.996964][T13224] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3902'.
[  663.147020][T13248] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3913'.
[  663.233221][T13254] loop1: detected capacity change from 0 to 2048
[  663.284639][T13254]  loop1: p1 p2 p3
[  663.344670][  T573] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  663.350426][T13267] loop5: detected capacity change from 0 to 512
[  663.362777][  T573] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  663.433369][T13267] EXT4-fs (loop5): Ignoring removed nobh option
[  663.450598][T12809] udevd[12809]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  663.453074][  T494] udevd[494]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  663.469025][T13267] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.3922: iget: bad i_size value: 38620345925642
[  663.489291][T13267] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.3922: couldn't read orphan inode 15 (err -117)
[  663.515360][T13267] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobh,grpquota,data_err=ignore,,errors=continue. Quota mode: writeback.
[  663.521311][T13274] fido_id[13274]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  663.541833][  T352] udevd[352]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  663.553611][  T495] udevd[495]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  663.581421][  T494] udevd[494]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  663.619108][T13267] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.3922: bg 0: block 5: invalid block bitmap
[  663.666558][T13285] loop2: detected capacity change from 0 to 1024
[  663.763353][T13285] EXT4-fs (loop2): Ignoring removed orlov option
[  663.777257][T13285] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  663.825781][T13298] loop5: detected capacity change from 0 to 4096
[  663.836631][T13285] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a814c018, mo2=0002]
[  663.852621][T13285] System zones: 0-1, 3-12
[  663.863002][T13285] EXT4-fs (loop2): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,mblk_io_submit,debug,,errors=continue. Quota mode: writeback.
[  663.889904][T13298] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback.
[  663.942401][T13312] loop4: detected capacity change from 0 to 4096
[  663.996010][T13312] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback.
[  664.060200][T13322] SELinux: failed to load policy
[  664.085740][T13328] loop1: detected capacity change from 0 to 1024
[  664.136805][T13336] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13336 comm=syz.2.3951
[  664.155420][T13328] EXT4-fs (loop1): Ignoring removed nobh option
[  664.163161][T13334] loop5: detected capacity change from 0 to 2048
[  664.183684][T13328] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.3947: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  664.274027][T13334] EXT4-fs (loop5): Ignoring removed bh option
[  664.299650][T13328] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.3947: couldn't read orphan inode 11 (err -117)
[  664.333719][T13334] EXT4-fs (loop5): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none.
[  664.366547][T13328] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  664.418076][T13334] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  664.433161][T13334] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  664.445639][T13334] EXT4-fs (loop5): This should not happen!! Data will be lost
[  664.445639][T13334] 
[  664.452543][  T292] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  664.455485][T13334] EXT4-fs (loop5): Total free blocks count 0
[  664.464686][T13328] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.3947: Invalid block bitmap block 0 in block_group 0
[  664.469053][T13334] EXT4-fs (loop5): Free/Dirty block details
[  664.488417][T13334] EXT4-fs (loop5): free_blocks=2415919104
[  664.494420][T13334] EXT4-fs (loop5): dirty_blocks=32
[  664.494488][  T292] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  664.499662][T13334] EXT4-fs (loop5): Block reservation details
[  664.515406][T13334] EXT4-fs (loop5): i_reserved_data_blocks=2
[  664.521926][T13328] EXT4-fs error (device loop1): ext4_acquire_dquot:6200: comm syz.1.3947: Failed to acquire dquot type 0
[  664.626054][T13354] device syzkaller0 entered promiscuous mode
[  664.816697][T13378] netlink: 1984 bytes leftover after parsing attributes in process `syz.5.3968'.
[  664.819965][T13377] loop1: detected capacity change from 0 to 1024
[  664.842864][T13378] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3968'.
[  664.931547][T13377] EXT4-fs (loop1): Ignoring removed orlov option
[  664.955638][T13377] EXT4-fs (loop1): Unrecognized mount option "m" or missing value
[  665.020578][T13388] device syzkaller0 entered promiscuous mode
[  665.043221][T13391] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3975'.
[  665.062788][T13391] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3975'.
[  665.169397][   T30] kauditd_printk_skb: 182 callbacks suppressed
[  665.169417][   T30] audit: type=1326 audit(1761258472.444:5503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.206383][   T30] audit: type=1326 audit(1761258472.474:5504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.243454][   T30] audit: type=1326 audit(1761258472.474:5505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.279686][T13411] device syzkaller0 entered promiscuous mode
[  665.286285][   T30] audit: type=1326 audit(1761258472.474:5506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.311814][   T30] audit: type=1326 audit(1761258472.474:5507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.337679][   T30] audit: type=1326 audit(1761258472.474:5508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.367626][   T30] audit: type=1326 audit(665.187:5509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.402125][   T30] audit: type=1326 audit(665.187:5510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13408 comm="syz.4.3984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11932eefc9 code=0x7ffc0000
[  665.431564][   T30] audit: type=1400 audit(665.187:5511): avc:  denied  { ioctl } for  pid=13412 comm="syz.3.3986" path="socket:[93708]" dev="sockfs" ino=93708 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  665.461903][   T30] audit: type=1400 audit(665.187:5512): avc:  denied  { bind } for  pid=13412 comm="syz.3.3986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  665.491852][T13432] loop3: detected capacity change from 0 to 256
[  665.639674][T13451] loop2: detected capacity change from 0 to 512
[  665.675065][T13451] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  665.714799][T13461] loop3: detected capacity change from 0 to 1024
[  665.757825][T13451] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.775594][T13451] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #2: comm syz.2.4001: mark_inode_dirty error
[  665.792876][T13451] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.815352][T13467] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.819979][T13466] SELinux: failed to load policy
[  665.833348][T13467] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #2: comm syz.2.4001: mark_inode_dirty error
[  665.853545][T13467] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.882396][T13467] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.4001: mark_inode_dirty error
[  665.883051][T13461] EXT4-fs (loop3): Unrecognized mount option "obj_type=!(%+\" or missing value
[  665.908615][T13467] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.922138][T13467] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #2: comm syz.2.4001: mark_inode_dirty error
[  665.937759][T13451] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4001: corrupted inode contents
[  665.963659][T13473] loop3: detected capacity change from 0 to 512
[  665.983459][T13473] EXT4-fs (loop3): Ignoring removed oldalloc option
[  666.006918][T13473] EXT4-fs (loop3): 1 truncate cleaned up
[  666.012834][T13473] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,bsdgroups,nouid32,errors=remount-ro,jqfmt=vfsv1,oldalloc,stripe=0x0000000000000005,. Quota mode: writeback.
[  666.152211][T13494] loop1: detected capacity change from 0 to 256
[  666.237594][T13502] loop1: detected capacity change from 0 to 1024
[  666.266522][T13502] EXT4-fs (loop1): Unrecognized mount option "obj_type=!(%+\" or missing value
[  666.364502][T13518] loop4: detected capacity change from 0 to 512
[  666.435621][T13518] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  666.459037][T13518] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.4029: corrupted inode contents
[  666.485606][T13518] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.4029: mark_inode_dirty error
[  666.497388][T13538] syz.1.4039[13538] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  666.497468][T13538] syz.1.4039[13538] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  666.509372][T13518] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.4029: corrupted inode contents
[  666.521578][T13540] EXT4-fs (loop4): shut down requested (2)
[  666.533032][T13518] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.4029: mark_inode_dirty error
[  666.685007][  T573] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  666.710539][  T573] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  666.777946][T13565] loop4: detected capacity change from 0 to 512
[  666.779489][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  666.822819][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  666.831134][T13565] EXT4-fs (loop4): Ignoring removed bh option
[  666.841410][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  666.849941][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  666.858801][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  666.887641][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  666.891249][T13565] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  666.908718][T13574] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4053'.
[  666.930376][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  666.938733][  T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  667.127478][T13591] 9pnet: Insufficient options for proto=fd
[  667.271660][T13597] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4061'.
[  667.807638][T13606] loop5: detected capacity change from 0 to 1024
[  667.866727][T13606] EXT4-fs (loop5): Ignoring removed nobh option
[  667.900913][T13606] EXT4-fs (loop5): Ignoring removed nobh option
[  667.906682][T13612] loop3: detected capacity change from 0 to 512
[  667.922481][T13606] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  667.935529][T13606] EXT4-fs error (device loop5): ext4_get_journal_inode:5151: comm syz.5.4065: inode #4294967295: comm syz.5.4065: iget: illegal inode #
[  667.958143][T13606] EXT4-fs (loop5): no journal found
[  667.967289][T13612] EXT4-fs (loop3): Ignoring removed bh option
[  667.973947][T13606] EXT4-fs (loop5): can't get journal size
[  668.013321][T13606] EXT4-fs (loop5): failed to initialize system zone (-22)
[  668.023148][T13606] EXT4-fs (loop5): mount failed
[  668.041194][T13612] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  668.100747][T13627] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  668.239720][T13647] netlink: 660 bytes leftover after parsing attributes in process `syz.3.4081'.
[  668.432060][T13660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4088'.
[  668.510441][T13671] loop2: detected capacity change from 0 to 512
[  668.570830][T13675] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4096'.
[  668.583307][T13671] EXT4-fs (loop2): too many log groups per flexible block group
[  668.591357][T13671] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  668.598530][T13671] EXT4-fs (loop2): mount failed
[  668.623539][T13677] tipc: Started in network mode
[  668.628468][T13677] tipc: Node identity ac14140f, cluster identity 4711
[  668.642637][T13677] tipc: New replicast peer: 255.255.255.83
[  668.648835][T13677] tipc: Enabled bearer <udp:£>, priority 10
[  668.740409][T13689] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4101'.
[  668.939711][T13705] loop4: detected capacity change from 0 to 1024
[  669.013623][T13705] EXT4-fs (loop4): Ignoring removed orlov option
[  669.030105][T13705] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  669.143604][T13715] netlink: 'syz.4.4109': attribute type 3 has an invalid length.
[  669.346897][T13734] loop5: detected capacity change from 0 to 8192
[  669.476599][T13750] SELinux:  Context system_u:object is not valid (left unmapped).
[  669.763284][  T375] tipc: Node number set to 2886997007
[  669.950537][T13811] __nla_validate_parse: 1 callbacks suppressed
[  669.950560][T13811] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4157'.
[  669.977967][T13815] loop3: detected capacity change from 0 to 512
[  670.009614][T13815] EXT4-fs (loop3): Ignoring removed bh option
[  670.039485][T13815] EXT4-fs (loop3): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback.
[  670.091745][T13813] loop2: detected capacity change from 0 to 512
[  670.184906][T13828] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=13828 comm=syz.1.4163
[  670.207674][T13813] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.4156: bad orphan inode 11862016
[  670.224266][T13813] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  670.329754][   T30] kauditd_printk_skb: 576 callbacks suppressed
[  670.329772][   T30] audit: type=1326 audit(670.307:6089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.373118][T13839] syz.2.4166[13839] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  670.373232][T13839] syz.2.4166[13839] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  670.374723][   T30] audit: type=1326 audit(670.307:6090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.423470][   T30] audit: type=1326 audit(670.307:6091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.446965][   T30] audit: type=1326 audit(670.307:6092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.470473][   T30] audit: type=1326 audit(670.337:6093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.497114][   T30] audit: type=1326 audit(670.347:6094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.525694][   T30] audit: type=1326 audit(670.347:6095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.554788][   T30] audit: type=1326 audit(670.347:6096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.577870][   T30] audit: type=1326 audit(670.347:6097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.617492][   T30] audit: type=1326 audit(670.347:6098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13838 comm="syz.2.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  670.931247][T13857] loop5: detected capacity change from 0 to 128
[  671.013029][T13861] loop2: detected capacity change from 0 to 512
[  671.062196][T13857] attempt to access beyond end of device
[  671.062196][T13857] loop5: rw=0, want=2079, limit=128
[  671.076544][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.086893][T13857] attempt to access beyond end of device
[  671.086893][T13857] loop5: rw=0, want=2079, limit=128
[  671.123822][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.125797][T13861] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  671.148370][T13857] attempt to access beyond end of device
[  671.148370][T13857] loop5: rw=0, want=2079, limit=128
[  671.201990][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.221311][T13861] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4176: corrupted inode contents
[  671.269240][T13867] loop1: detected capacity change from 0 to 512
[  671.282571][T13861] EXT4-fs error (device loop2): ext4_dirty_inode:6077: inode #2: comm syz.2.4176: mark_inode_dirty error
[  671.305571][T13857] attempt to access beyond end of device
[  671.305571][T13857] loop5: rw=0, want=2079, limit=128
[  671.317365][T13861] EXT4-fs error (device loop2): ext4_do_update_inode:5241: inode #2: comm syz.2.4176: corrupted inode contents
[  671.329473][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.347960][T13857] attempt to access beyond end of device
[  671.347960][T13857] loop5: rw=0, want=2079, limit=128
[  671.366871][T13861] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.4176: mark_inode_dirty error
[  671.379835][    T6] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  671.392222][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.401199][T13857] attempt to access beyond end of device
[  671.401199][T13857] loop5: rw=0, want=2079, limit=128
[  671.401735][    T6] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  671.412566][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.430843][T13857] attempt to access beyond end of device
[  671.430843][T13857] loop5: rw=0, want=2079, limit=128
[  671.434608][T13867] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  671.441727][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.492498][T13857] attempt to access beyond end of device
[  671.492498][T13857] loop5: rw=0, want=2079, limit=128
[  671.494857][T13867] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4178: corrupted inode contents
[  671.503926][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.535471][T13857] attempt to access beyond end of device
[  671.535471][T13857] loop5: rw=0, want=2079, limit=128
[  671.562889][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.586251][T13857] attempt to access beyond end of device
[  671.586251][T13857] loop5: rw=0, want=2079, limit=128
[  671.597202][T13867] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4178: mark_inode_dirty error
[  671.609033][T13857] Buffer I/O error on dev loop5, logical block 2078, async page read
[  671.617556][T13867] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4178: corrupted inode contents
[  671.630787][T13881] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4178: corrupted inode contents
[  671.645077][T13881] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4178: mark_inode_dirty error
[  671.662594][T13881] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4178: corrupted inode contents
[  671.682527][T13881] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.4178: mark_inode_dirty error
[  671.697968][T13881] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4178: corrupted inode contents
[  671.722514][T13881] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4178: mark_inode_dirty error
[  671.753534][T13887] loop3: detected capacity change from 0 to 128
[  671.830838][T13887] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  671.935366][T13899] tipc: Started in network mode
[  671.957999][T13899] tipc: Node identity ac14140f, cluster identity 4711
[  671.965755][T13899] tipc: New replicast peer: 255.255.255.83
[  671.971912][T13899] tipc: Enabled bearer <udp:£>, priority 10
[  671.979565][T13905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4195'.
[  672.073382][  T396] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  672.084283][T13918] loop5: detected capacity change from 0 to 512
[  672.091642][  T396] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  672.107704][T13922] loop1: detected capacity change from 0 to 128
[  672.148587][T13922] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  672.191847][T13918] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  672.325048][T13931] loop4: detected capacity change from 0 to 512
[  672.350069][T13924] loop3: detected capacity change from 0 to 32768
[  672.367545][T13935] loop2: detected capacity change from 0 to 128
[  672.377955][T13937] loop1: detected capacity change from 0 to 512
[  672.413064][T13931] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  672.455132][T13937] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  672.492092][T13931] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.4205: corrupted inode contents
[  672.505760][T13931] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.4205: mark_inode_dirty error
[  672.506246][T13937] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4207: corrupted inode contents
[  672.533103][T13937] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4207: mark_inode_dirty error
[  672.546991][T13931] EXT4-fs error (device loop4): ext4_do_update_inode:5241: inode #2: comm syz.4.4205: corrupted inode contents
[  672.552319][T13937] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4207: corrupted inode contents
[  672.571702][T13937] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.4207: mark_inode_dirty error
[  672.611495][T13950] tipc: Started in network mode
[  672.617024][T13950] tipc: Node identity ac14140f, cluster identity 4711
[  672.624035][T13950] tipc: New replicast peer: 255.255.255.83
[  672.630003][T13950] tipc: Enabled bearer <udp:£>, priority 10
[  673.082341][T10143] tipc: Node number set to 2886997007
[  673.111132][   T39] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  673.125028][   T39] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  673.269188][T13975] loop1: detected capacity change from 0 to 512
[  673.294310][T13975] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  673.317055][T13975] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4221: corrupted inode contents
[  673.329615][T13975] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4221: mark_inode_dirty error
[  673.341575][T13975] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4221: corrupted inode contents
[  673.438494][T13981] loop2: detected capacity change from 0 to 512
[  673.446457][T13983] loop3: detected capacity change from 0 to 1024
[  673.475661][T13989] loop1: detected capacity change from 0 to 1024
[  673.497957][T13983] EXT4-fs (loop3): Ignoring removed nobh option
[  673.521561][T13981] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,grpjquota=,nombcache,,errors=continue. Quota mode: writeback.
[  673.523789][T13983] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.4225: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  673.556345][T13983] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.4225: couldn't read orphan inode 11 (err -117)
[  673.572395][T13989] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  673.583491][T13983] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  673.612077][T13989] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  673.632859][T13989] JBD2: no valid journal superblock found
[  673.643258][T13998] loop4: detected capacity change from 0 to 512
[  673.660889][T13989] EXT4-fs (loop1): error loading journal
[  673.672847][T13983] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.4225: Invalid block bitmap block 0 in block_group 0
[  673.688526][T13983] EXT4-fs error (device loop3): ext4_acquire_dquot:6200: comm syz.3.4225: Failed to acquire dquot type 0
[  673.752439][  T375] tipc: Node number set to 2886997007
[  673.765269][T14008] tipc: Enabling of bearer <udp:£> rejected, already enabled
[  673.776332][T13998] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  673.833969][T13998] tmpfs: Unsupported parameter 'mpol'
[  673.896988][T14023] loop1: detected capacity change from 0 to 512
[  673.954966][T14023] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  673.996636][T14023] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4241: corrupted inode contents
[  674.018141][T14023] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4241: mark_inode_dirty error
[  674.036195][T14023] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4241: corrupted inode contents
[  674.037447][T14036] loop4: detected capacity change from 0 to 8192
[  674.063691][T14037] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4241: corrupted inode contents
[  674.076383][T14037] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4241: mark_inode_dirty error
[  674.080360][T14039] tipc: Enabling of bearer <udp:£> rejected, already enabled
[  674.088598][T14037] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4241: corrupted inode contents
[  674.115630][T14037] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.4241: mark_inode_dirty error
[  674.127990][T14037] EXT4-fs error (device loop1): ext4_do_update_inode:5241: inode #2: comm syz.1.4241: corrupted inode contents
[  674.140235][T14037] EXT4-fs error (device loop1): ext4_dirty_inode:6077: inode #2: comm syz.1.4241: mark_inode_dirty error
[  674.360643][T14059] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14059 comm=syz.4.4258
[  674.379179][T14064] loop3: detected capacity change from 0 to 1024
[  674.442431][T14064] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  674.453684][T14064] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  674.464284][T14064] JBD2: no valid journal superblock found
[  674.470139][T14064] EXT4-fs (loop3): error loading journal
[  674.596363][T14078] 9pnet: Could not find request transport: f
[  674.663476][T14086] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4268'.
[  674.691036][T14092] loop1: detected capacity change from 0 to 2048
[  674.699371][T14094] tipc: Enabling of bearer <udp:£> rejected, already enabled
[  674.751019][T14106] SELinux:  Context system_u:object_r:hald_sonypic_exec_t:s0 is not valid (left unmapped).
[  674.795219][T14092] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[  675.018999][T14092] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  675.049615][T14092] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  675.062541][T14092] EXT4-fs (loop1): This should not happen!! Data will be lost
[  675.062541][T14092] 
[  675.074693][T14092] EXT4-fs (loop1): Total free blocks count 0
[  675.080921][T14092] EXT4-fs (loop1): Free/Dirty block details
[  675.105552][T14092] EXT4-fs (loop1): free_blocks=2415919104
[  675.119773][T14092] EXT4-fs (loop1): dirty_blocks=8192
[  675.136004][T14092] EXT4-fs (loop1): Block reservation details
[  675.142217][T14092] EXT4-fs (loop1): i_reserved_data_blocks=512
[  675.246143][    T8] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[  675.265652][    T8] EXT4-fs (loop1): This should not happen!! Data will be lost
[  675.265652][    T8] 
[  675.403836][T14156] loop3: detected capacity change from 0 to 512
[  675.477718][T14156] EXT4-fs (loop3): orphan cleanup on readonly fs
[  675.478390][T14156] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.4300: error while reading EA inode 32 err=-116
[  675.478605][T14156] EXT4-fs (loop3): Remounting filesystem read-only
[  675.478642][T14156] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  675.478740][T14156] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.4300: error while reading EA inode 32 err=-116
[  675.478944][T14156] EXT4-fs (loop3): Remounting filesystem read-only
[  675.479147][T14156] EXT4-fs (loop3): 1 orphan inode deleted
[  675.479168][T14156] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,discard,debug_want_extra_isize=0x000000000000005e,noauto_da_alloc,bsdgroups,jqfmt=vfsv1,abort,data_err=ignore,. Quota mode: none.
[  675.743653][    T6] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  675.744181][    T6] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  675.832588][   T30] kauditd_printk_skb: 479 callbacks suppressed
[  675.832606][   T30] audit: type=1326 audit(675.817:6576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ccd1a4fc9 code=0x7ffc0000
[  675.832804][   T30] audit: type=1326 audit(675.817:6577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5ccd1a4fc9 code=0x7ffc0000
[  675.832921][   T30] audit: type=1326 audit(675.817:6578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5ccd1a5003 code=0x7ffc0000
[  675.843936][   T30] audit: type=1326 audit(675.827:6579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5ccd1a3a7f code=0x7ffc0000
[  675.845004][   T30] audit: type=1326 audit(675.827:6580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f5ccd1a5057 code=0x7ffc0000
[  675.845443][   T30] audit: type=1326 audit(675.827:6581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5ccd1a3810 code=0x7ffc0000
[  675.845593][   T30] audit: type=1326 audit(675.827:6582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5ccd1a4bcb code=0x7ffc0000
[  675.845723][T14184] loop5: detected capacity change from 0 to 512
[  675.853717][   T30] audit: type=1326 audit(675.837:6583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5ccd1a3c2a code=0x7ffc0000
[  675.853794][   T30] audit: type=1326 audit(675.837:6584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5ccd1a3c2a code=0x7ffc0000
[  675.866793][   T30] audit: type=1326 audit(675.847:6585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14183 comm="syz.5.4311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f5ccd1a3717 code=0x7ffc0000
[  675.960434][T14190] device syzkaller0 entered promiscuous mode
[  676.158761][T14184] EXT4-fs (loop5): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  676.238775][T14202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4317'.
[  676.422818][T14224] loop5: detected capacity change from 0 to 512
[  676.509727][T14224] EXT4-fs (loop5): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  676.789399][T14273] loop4: detected capacity change from 0 to 512
[  676.831946][T14273] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #18: comm syz.4.4348: iget: bad extra_isize 90 (inode size 256)
[  676.854289][T14273] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4348: error while reading EA inode 18 err=-117
[  676.868337][T14273] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #18: comm syz.4.4348: iget: bad extra_isize 90 (inode size 256)
[  676.882420][T14273] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.4348: error while reading EA inode 18 err=-117
[  676.908005][T14273] EXT4-fs (loop4): 1 orphan inode deleted
[  676.914216][T14273] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,,errors=continue. Quota mode: none.
[  676.950373][T14288] loop5: detected capacity change from 0 to 512
[  676.975796][T14288] EXT4-fs (loop5): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  677.003960][T14288] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.4354: corrupted inode contents
[  677.021882][T14288] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #2: comm syz.5.4354: mark_inode_dirty error
[  677.042864][T14288] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.4354: corrupted inode contents
[  677.060565][T14300] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.4354: corrupted inode contents
[  677.079858][T14300] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #2: comm syz.5.4354: mark_inode_dirty error
[  677.093597][T14300] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.4354: corrupted inode contents
[  677.119877][T14300] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #2: comm syz.5.4354: mark_inode_dirty error
[  677.136213][T14300] EXT4-fs error (device loop5): ext4_do_update_inode:5241: inode #2: comm syz.5.4354: corrupted inode contents
[  677.155412][T14300] EXT4-fs error (device loop5): ext4_dirty_inode:6077: inode #2: comm syz.5.4354: mark_inode_dirty error
[  677.279020][T14320] device syzkaller0 entered promiscuous mode
[  678.244479][T14359] device pim6reg1 entered promiscuous mode
[  678.487026][T14381] IPv6: NLM_F_CREATE should be specified when creating new route
[  678.594927][T14389] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14389 comm=syz.2.4398
[  678.658850][T14403] IPv6: NLM_F_CREATE should be specified when creating new route
[  678.846795][T14443] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4425'.
[  678.914959][T14460] sch_tbf: peakrate 9 is lower than or equals to rate 6829859379779001161 !
[  678.944522][T14465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4435'.
[  678.978952][T14472] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[  679.247985][T14530] device syzkaller0 entered promiscuous mode
[  679.326686][T14551] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14551 comm=syz.3.4478
[  679.674068][T14607] device syzkaller0 entered promiscuous mode
[  679.874562][T14631] device syzkaller0 entered promiscuous mode
[  680.113316][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[  680.142223][T14654] device syzkaller0 entered promiscuous mode
[  680.372191][T14687] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14687 comm=syz.3.4542
[  680.379106][T14685] device syzkaller0 entered promiscuous mode
[  680.509344][T14703] bridge_slave_0: default FDB implementation only supports local addresses
[  680.667068][T14726] device bridge1 entered promiscuous mode
[  680.846054][   T30] kauditd_printk_skb: 1579 callbacks suppressed
[  680.846073][   T30] audit: type=1400 audit(680.827:8165): avc:  denied  { create } for  pid=14753 comm="syz.3.4573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=0
[  680.874657][   T30] audit: type=1326 audit(680.847:8166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f60066dce67 code=0x7ffc0000
[  680.904062][   T30] audit: type=1326 audit(680.847:8167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6006682099 code=0x7ffc0000
[  680.927098][   T30] audit: type=1326 audit(680.847:8168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  680.950731][   T30] audit: type=1400 audit(680.857:8169): avc:  denied  { read write } for  pid=11890 comm="syz-executor" name="loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  680.974737][   T30] audit: type=1326 audit(680.877:8170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f60066dce67 code=0x7ffc0000
[  680.998087][   T30] audit: type=1326 audit(680.877:8171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6006682099 code=0x7ffc0000
[  681.022545][   T30] audit: type=1326 audit(680.877:8172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f60066dce67 code=0x7ffc0000
[  681.045886][   T30] audit: type=1326 audit(680.877:8173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6006682099 code=0x7ffc0000
[  681.072538][   T30] audit: type=1326 audit(680.877:8174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.2.4529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f60066e5fc9 code=0x7ffc0000
[  681.110789][T14770] IPv6: NLM_F_CREATE should be specified when creating new route
[  681.349583][T14786] device syzkaller0 entered promiscuous mode
[  681.408310][T14788] device syzkaller0 entered promiscuous mode
[  681.551958][T14813] device syzkaller0 entered promiscuous mode
[  681.675604][T14823] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4605'.
[  681.755932][T14836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4610'.
[  682.025187][T14883] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4634'.
[  682.034589][T14883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4634'.
[  682.067832][T14889] device syzkaller0 entered promiscuous mode
[  682.172385][ T3802] Bluetooth: hci0: command 0x1003 tx timeout
[  682.179394][T14777] Bluetooth: hci0: sending frame failed (-49)
[  682.184572][T14905] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14905 comm=syz.1.4645
[  682.204564][T14909] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4647'.
[  682.214345][T14909] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4647'.
[  682.323761][T14921] device syzkaller0 entered promiscuous mode
[  684.252351][ T3802] Bluetooth: hci0: command 0x1001 tx timeout
[  684.258795][T14777] Bluetooth: hci0: sending frame failed (-49)
[  684.996687][T15087] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15087 comm=syz.1.4730
[  685.151251][T15116] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  685.311068][T15140] device syzkaller0 entered promiscuous mode
[  685.553590][T15172] device syzkaller0 entered promiscuous mode
[  685.756195][T15195] device syzkaller0 entered promiscuous mode
[  685.844803][T15209] x_tables: duplicate underflow at hook 1
[  685.858025][   T30] kauditd_printk_skb: 1958 callbacks suppressed
[  685.858042][   T30] audit: type=1400 audit(685.837:10133): avc:  denied  { read write } for  pid=9816 comm="syz-executor" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  685.889448][   T30] audit: type=1400 audit(685.847:10134): avc:  denied  { prog_load } for  pid=15212 comm="syz.5.4790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  685.910306][   T30] audit: type=1400 audit(685.847:10135): avc:  denied  { create } for  pid=15212 comm="syz.5.4790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  685.930854][   T30] audit: type=1400 audit(685.857:10136): avc:  denied  { read write } for  pid=9816 comm="syz-executor" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  685.955129][   T30] audit: type=1400 audit(685.857:10137): avc:  denied  { read write } for  pid=11890 comm="syz-executor" name="loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  685.980924][   T30] audit: type=1400 audit(685.867:10138): avc:  denied  { create } for  pid=15214 comm="syz.5.4791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  686.001285][   T30] audit: type=1400 audit(685.867:10139): avc:  denied  { create } for  pid=15215 comm="syz.3.4792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  686.023972][   T30] audit: type=1400 audit(685.867:10140): avc:  denied  { create } for  pid=15215 comm="syz.3.4792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  686.027283][T15228] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15228 comm=syz.5.4797
[  686.044606][   T30] audit: type=1400 audit(685.877:10141): avc:  denied  { read write } for  pid=11890 comm="syz-executor" name="loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  686.080878][   T30] audit: type=1400 audit(685.887:10142): avc:  denied  { create } for  pid=15214 comm="syz.5.4791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  686.121435][T15236] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15236 comm=syz.5.4801
[  686.212738][T15247] device syzkaller0 entered promiscuous mode
[  686.332406][ T3802] Bluetooth: hci0: command 0x1009 tx timeout
[  686.824165][T15275] bridge0: port 3(syz_tun) entered blocking state
[  686.830826][T15275] bridge0: port 3(syz_tun) entered disabled state
[  686.838087][T15275] device syz_tun entered promiscuous mode
[  686.844264][T15275] bridge0: port 3(syz_tun) entered blocking state
[  686.850732][T15275] bridge0: port 3(syz_tun) entered forwarding state
[  686.869686][T15277] device syzkaller0 entered promiscuous mode
[  686.981849][T15299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4831'.
[  687.057005][T15304] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15304 comm=syz.1.4833
[  687.081923][T15306] device syzkaller0 entered promiscuous mode
[  687.198809][T15328] IPv6: NLM_F_CREATE should be specified when creating new route
[  687.244948][T15336] device syzkaller0 entered promiscuous mode
[  687.489876][T15375] device syzkaller0 entered promiscuous mode
[  687.631653][T15387] netlink: 172 bytes leftover after parsing attributes in process `syz.1.4874'.
[  687.980757][T15398] sch_tbf: peakrate 64 is lower than or equals to rate 17038211371681383082 !
[  688.173810][T15439] device syzkaller0 entered promiscuous mode
[  688.255137][T15445] device syz_tun left promiscuous mode
[  688.261900][T15445] bridge0: port 3(syz_tun) entered disabled state
[  688.274408][T15445] device bridge_slave_0 left promiscuous mode
[  688.280630][T15445] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.290143][T15445] device bridge_slave_1 left promiscuous mode
[  688.297012][T15445] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.309984][T15451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4905'.
[  688.346584][T15462] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15462 comm=syz.5.4910
[  688.421809][T15478] capability: warning: `syz.3.4918' uses 32-bit capabilities (legacy support in use)
[  688.437565][T15480] device syzkaller0 entered promiscuous mode
[  688.490376][T15487] device syzkaller0 entered promiscuous mode
[  688.509952][T15493] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15493 comm=syz.1.4925
[  688.635643][T15517] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15517 comm=syz.5.4937
[  688.795802][T15545] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15545 comm=syz.1.4950
[  689.013207][T15580] device syzkaller0 entered promiscuous mode
[  689.280703][T15615] x_tables: unsorted entry at hook 1
[  689.333516][T15623] device syzkaller0 entered promiscuous mode
[  689.550407][T15651] device syzkaller0 entered promiscuous mode
[  689.739797][T15675] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15675 comm=syz.5.5011
[  689.864878][T15696] device syzkaller0 entered promiscuous mode
[  689.919094][T15705] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15705 comm=syz.1.5026
[  690.118262][T15721] device syzkaller0 entered promiscuous mode
[  690.192080][T15730] device syzkaller0 entered promiscuous mode
[  690.381799][T15748] device syzkaller0 entered promiscuous mode
[  690.390784][T15750] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15750 comm=syz.1.5047
[  690.482146][T15762] device syzkaller0 entered promiscuous mode
[  690.642515][T15792] device syzkaller0 entered promiscuous mode
[  690.709660][T15809] netlink: 'syz.1.5077': attribute type 9 has an invalid length.
[  690.719332][T15809] netlink: 1972 bytes leftover after parsing attributes in process `syz.1.5077'.
[  690.730689][T15811] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15811 comm=syz.3.5076
[  690.795764][T15822] device syzkaller0 entered promiscuous mode
[  690.814699][T15827] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5083'.
[  690.862994][   T30] kauditd_printk_skb: 1616 callbacks suppressed
[  690.863012][   T30] audit: type=1400 audit(690.847:11759): avc:  denied  { create } for  pid=15835 comm="syz.5.5088" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=0
[  690.895270][   T30] audit: type=1400 audit(690.847:11760): avc:  denied  { create } for  pid=15835 comm="syz.5.5088" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=0
[  690.915847][   T30] audit: type=1400 audit(690.847:11761): avc:  denied  { write } for  pid=15833 comm="syz.4.5087" name="001" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=0
[  690.939488][   T30] audit: type=1400 audit(690.867:11762): avc:  denied  { create } for  pid=15833 comm="syz.4.5087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=0
[  690.961422][   T30] audit: type=1400 audit(690.867:11763): avc:  denied  { execmem } for  pid=15833 comm="syz.4.5087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
[  690.980741][   T30] audit: type=1400 audit(690.867:11764): avc:  denied  { map_create } for  pid=15833 comm="syz.4.5087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  691.004811][T15843] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15843 comm=syz.4.5092
[  691.019223][   T30] audit: type=1400 audit(690.867:11765): avc:  denied  { read write } for  pid=9816 comm="syz-executor" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  691.049723][   T30] audit: type=1400 audit(690.877:11766): avc:  denied  { read write } for  pid=9269 comm="syz-executor" name="loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  691.077238][   T30] audit: type=1400 audit(690.897:11767): avc:  denied  { prog_load } for  pid=15838 comm="syz.5.5089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  691.099399][   T30] audit: type=1400 audit(690.897:11768): avc:  denied  { map_create } for  pid=15840 comm="syz.1.5090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  691.139268][T15849] device syzkaller0 entered promiscuous mode
[  691.199374][T15860] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5100'.
[  691.245398][T15868] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15868 comm=syz.3.5105
[  691.323388][T15884] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5111'.
[  691.353773][T15884] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5111'.
[  691.367230][T15884] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5111'.
[  691.709392][T15981] device syzkaller0 entered promiscuous mode
[  691.872186][T16015] device syzkaller0 entered promiscuous mode
[  691.895043][T16017] ==================================================================
[  691.903160][T16017] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240
[  691.911459][T16017] Read of size 8 at addr ffff8881077867c0 by task syz.3.5177/16017
[  691.919374][T16017] 
[  691.921726][T16017] CPU: 0 PID: 16017 Comm: syz.3.5177 Tainted: G        W         syzkaller #0
[  691.930730][T16017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  691.940821][T16017] Call Trace:
[  691.944129][T16017]  <TASK>
[  691.947095][T16017]  __dump_stack+0x21/0x30
[  691.951561][T16017]  dump_stack_lvl+0xee/0x150
[  691.956186][T16017]  ? show_regs_print_info+0x20/0x20
[  691.961418][T16017]  ? load_image+0x3a0/0x3a0
[  691.965948][T16017]  print_address_description+0x7f/0x2c0
[  691.971641][T16017]  ? tc_setup_flow_action+0x870/0x3240
[  691.977247][T16017]  kasan_report+0xf1/0x140
[  691.981696][T16017]  ? tc_setup_flow_action+0x870/0x3240
[  691.987205][T16017]  __asan_report_load8_noabort+0x14/0x20
[  691.993094][T16017]  tc_setup_flow_action+0x870/0x3240
[  691.998562][T16017]  mall_replace_hw_filter+0x293/0x820
[  692.003972][T16017]  ? pcpu_block_update_hint_alloc+0x8c1/0xc50
[  692.010193][T16017]  ? mall_set_parms+0x520/0x520
[  692.015095][T16017]  ? tcf_exts_destroy+0xb0/0xb0
[  692.019984][T16017]  ? mall_set_parms+0x1e8/0x520
[  692.024873][T16017]  mall_change+0x526/0x740
[  692.029323][T16017]  ? __kasan_check_write+0x14/0x20
[  692.034457][T16017]  ? mall_get+0xa0/0xa0
[  692.038716][T16017]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[  692.044680][T16017]  tc_new_tfilter+0x12a2/0x1870
[  692.049557][T16017]  ? tcf_gate_entry_destructor+0x20/0x20
[  692.055373][T16017]  ? security_capable+0x87/0xb0
[  692.060266][T16017]  ? ns_capable+0x8c/0xf0
[  692.064629][T16017]  ? netlink_net_capable+0x125/0x160
[  692.069939][T16017]  ? tcf_gate_entry_destructor+0x20/0x20
[  692.075586][T16017]  rtnetlink_rcv_msg+0x81b/0xb90
[  692.080545][T16017]  ? rtnetlink_bind+0x80/0x80
[  692.085229][T16017]  ? memcpy+0x56/0x70
[  692.089308][T16017]  ? avc_has_perm_noaudit+0x2f4/0x460
[  692.095150][T16017]  ? arch_stack_walk+0xee/0x140
[  692.100095][T16017]  ? avc_denied+0x1b0/0x1b0
[  692.104800][T16017]  ? stack_trace_save+0x98/0xe0
[  692.109669][T16017]  ? avc_has_perm+0x158/0x240
[  692.114358][T16017]  ? avc_has_perm_noaudit+0x460/0x460
[  692.119746][T16017]  ? x64_sys_call+0x4b/0x9a0
[  692.124345][T16017]  ? selinux_nlmsg_lookup+0x416/0x4c0
[  692.129813][T16017]  netlink_rcv_skb+0x1e0/0x430
[  692.134585][T16017]  ? rtnetlink_bind+0x80/0x80
[  692.139269][T16017]  ? netlink_ack+0xb60/0xb60
[  692.143880][T16017]  ? __netlink_lookup+0x387/0x3b0
[  692.148921][T16017]  rtnetlink_rcv+0x1c/0x20
[  692.153438][T16017]  netlink_unicast+0x876/0xa40
[  692.158555][T16017]  netlink_sendmsg+0x86a/0xb70
[  692.163331][T16017]  ? netlink_getsockopt+0x530/0x530
[  692.168672][T16017]  ? security_socket_sendmsg+0x82/0xa0
[  692.174172][T16017]  ? netlink_getsockopt+0x530/0x530
[  692.179408][T16017]  ____sys_sendmsg+0x5a2/0x8c0
[  692.184229][T16017]  ? __sys_sendmsg_sock+0x40/0x40
[  692.189298][T16017]  ? import_iovec+0x7c/0xb0
[  692.193845][T16017]  ___sys_sendmsg+0x1f0/0x260
[  692.198571][T16017]  ? __sys_sendmsg+0x250/0x250
[  692.203370][T16017]  ? bpf_raw_tracepoint_open+0xa7/0x960
[  692.208955][T16017]  ? __fdget+0x1a1/0x230
[  692.213218][T16017]  __x64_sys_sendmsg+0x1e2/0x2a0
[  692.218163][T16017]  ? ___sys_sendmsg+0x260/0x260
[  692.223030][T16017]  ? __kasan_check_write+0x14/0x20
[  692.228259][T16017]  ? switch_fpu_return+0x15d/0x2c0
[  692.233376][T16017]  x64_sys_call+0x4b/0x9a0
[  692.237993][T16017]  do_syscall_64+0x4c/0xa0
[  692.242433][T16017]  ? clear_bhb_loop+0x50/0xa0
[  692.247120][T16017]  ? clear_bhb_loop+0x50/0xa0
[  692.251810][T16017]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  692.257833][T16017] RIP: 0033:0x7fa66d1a6fc9
[  692.262273][T16017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.281909][T16017] RSP: 002b:00007fa66bc0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.290343][T16017] RAX: ffffffffffffffda RBX: 00007fa66d3fdfa0 RCX: 00007fa66d1a6fc9
[  692.298326][T16017] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  692.306308][T16017] RBP: 00007fa66d229f91 R08: 0000000000000000 R09: 0000000000000000
[  692.314299][T16017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.322278][T16017] R13: 00007fa66d3fe038 R14: 00007fa66d3fdfa0 R15: 00007ffe721d4a78
[  692.330264][T16017]  </TASK>
[  692.333326][T16017] 
[  692.335651][T16017] Allocated by task 16017:
[  692.340058][T16017]  __kasan_kmalloc+0xda/0x110
[  692.344750][T16017]  __kmalloc+0x13d/0x2c0
[  692.349008][T16017]  tcf_idr_create+0x5f/0x790
[  692.353602][T16017]  tcf_idr_create_from_flags+0x61/0x70
[  692.359068][T16017]  tcf_gact_init+0x346/0x580
[  692.363706][T16017]  tcf_action_init_1+0x3f7/0x6a0
[  692.368669][T16017]  tcf_action_init+0x1e9/0x710
[  692.373451][T16017]  tcf_exts_validate+0x217/0x520
[  692.378395][T16017]  mall_set_parms+0x48/0x520
[  692.383118][T16017]  mall_change+0x45a/0x740
[  692.387543][T16017]  tc_new_tfilter+0x12a2/0x1870
[  692.392524][T16017]  rtnetlink_rcv_msg+0x81b/0xb90
[  692.397496][T16017]  netlink_rcv_skb+0x1e0/0x430
[  692.402273][T16017]  rtnetlink_rcv+0x1c/0x20
[  692.406714][T16017]  netlink_unicast+0x876/0xa40
[  692.411478][T16017]  netlink_sendmsg+0x86a/0xb70
[  692.416242][T16017]  ____sys_sendmsg+0x5a2/0x8c0
[  692.421018][T16017]  ___sys_sendmsg+0x1f0/0x260
[  692.425883][T16017]  __x64_sys_sendmsg+0x1e2/0x2a0
[  692.430822][T16017]  x64_sys_call+0x4b/0x9a0
[  692.435306][T16017]  do_syscall_64+0x4c/0xa0
[  692.439725][T16017]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  692.445731][T16017] 
[  692.448090][T16017] Last potentially related work creation:
[  692.453805][T16017]  kasan_save_stack+0x3a/0x60
[  692.458993][T16017]  __kasan_record_aux_stack+0xd2/0x100
[  692.464457][T16017]  kasan_record_aux_stack_noalloc+0xb/0x10
[  692.470272][T16017]  call_rcu+0x105/0xfe0
[  692.474429][T16017]  neigh_parms_release+0x1e0/0x220
[  692.479551][T16017]  addrconf_ifdown+0x15e3/0x1880
[  692.484491][T16017]  addrconf_notify+0x3bd/0xde0
[  692.489263][T16017]  raw_notifier_call_chain+0x90/0x100
[  692.494648][T16017]  unregister_netdevice_many+0xfb8/0x1990
[  692.500405][T16017]  unregister_netdevice_queue+0x31c/0x360
[  692.506265][T16017]  __tun_detach+0xca6/0x1450
[  692.510902][T16017]  tun_chr_close+0x92/0x140
[  692.515526][T16017]  __fput+0x20b/0x8b0
[  692.519514][T16017]  ____fput+0x15/0x20
[  692.523506][T16017]  task_work_run+0x127/0x190
[  692.528108][T16017]  exit_to_user_mode_loop+0xd0/0xe0
[  692.533309][T16017]  exit_to_user_mode_prepare+0x87/0xd0
[  692.538767][T16017]  syscall_exit_to_user_mode+0x1a/0x30
[  692.544253][T16017]  do_syscall_64+0x58/0xa0
[  692.548669][T16017]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  692.554569][T16017] 
[  692.556890][T16017] The buggy address belongs to the object at ffff888107786700
[  692.556890][T16017]  which belongs to the cache kmalloc-192 of size 192
[  692.570942][T16017] The buggy address is located 0 bytes to the right of
[  692.570942][T16017]  192-byte region [ffff888107786700, ffff8881077867c0)
[  692.584584][T16017] The buggy address belongs to the page:
[  692.590234][T16017] page:ffffea00041de180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107786
[  692.600472][T16017] flags: 0x4000000000000200(slab|zone=1)
[  692.606230][T16017] raw: 4000000000000200 ffffea0004a65d00 0000000600000006 ffff888100042c00
[  692.614836][T16017] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  692.623416][T16017] page dumped because: kasan: bad access detected
[  692.629833][T16017] page_owner tracks the page as allocated
[  692.635539][T16017] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 12442, ts 641373257065, free_ts 641350579960
[  692.653102][T16017]  post_alloc_hook+0x192/0x1b0
[  692.658063][T16017]  prep_new_page+0x1c/0x110
[  692.662570][T16017]  get_page_from_freelist+0x2cc5/0x2d50
[  692.668356][T16017]  __alloc_pages+0x18f/0x440
[  692.672961][T16017]  new_slab+0xa1/0x4d0
[  692.677044][T16017]  ___slab_alloc+0x381/0x810
[  692.681732][T16017]  __slab_alloc+0x49/0x90
[  692.686083][T16017]  __kmalloc+0x16a/0x2c0
[  692.690378][T16017]  ext4_update_inline_data+0x25c/0x510
[  692.695844][T16017]  ext4_prepare_inline_data+0x156/0x1f0
[  692.701397][T16017]  ext4_try_to_write_inline_data+0x317/0x1110
[  692.707475][T16017]  ext4_write_begin+0x221/0x1220
[  692.712424][T16017]  generic_perform_write+0x2ad/0x670
[  692.717722][T16017]  ext4_buffered_write_iter+0x4ed/0x670
[  692.723276][T16017]  ext4_file_write_iter+0x18c/0x1550
[  692.728585][T16017]  do_iter_readv_writev+0x491/0x600
[  692.733792][T16017] page last free stack trace:
[  692.738490][T16017]  free_unref_page_prepare+0x542/0x550
[  692.743955][T16017]  free_unref_page_list+0x134/0x9d0
[  692.749168][T16017]  release_pages+0xfda/0x1030
[  692.753862][T16017]  free_pages_and_swap_cache+0x86/0xa0
[  692.759320][T16017]  tlb_finish_mmu+0x175/0x300
[  692.764005][T16017]  exit_mmap+0x40f/0x860
[  692.768241][T16017]  __mmput+0x93/0x320
[  692.772223][T16017]  mmput+0x50/0x150
[  692.776029][T16017]  do_exit+0x9d2/0x27a0
[  692.780188][T16017]  do_group_exit+0x141/0x310
[  692.784780][T16017]  get_signal+0x66a/0x1480
[  692.789200][T16017]  arch_do_signal_or_restart+0xc1/0x10f0
[  692.794852][T16017]  exit_to_user_mode_loop+0xa7/0xe0
[  692.800068][T16017]  exit_to_user_mode_prepare+0x87/0xd0
[  692.805659][T16017]  syscall_exit_to_user_mode+0x1a/0x30
[  692.811132][T16017]  do_syscall_64+0x58/0xa0
[  692.815553][T16017] 
[  692.817871][T16017] Memory state around the buggy address:
[  692.823551][T16017]  ffff888107786680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  692.831608][T16017]  ffff888107786700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  692.839666][T16017] >ffff888107786780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  692.847720][T16017]                                            ^
[  692.853872][T16017]  ffff888107786800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  692.862099][T16017]  ffff888107786880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  692.870155][T16017] ==================================================================
[  692.878224][T16017] Disabling lock debugging due to kernel taint
Jan  1 00:11:32 syzkaller kern.alert kernel: [  692.629833][T16017] page_owner tracks the page as allocated
Jan  1 00:11:32 syzkaller kern.aler[  692.908809][T16024] device syzkaller0 entered promiscuous mode
t kernel: [  692.635539][T16017] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 12442, ts 641373257065, free_ts 641350579960
Jan  1 00:11:32 syzkaller kern.alert kernel: [  692.733792][T16017] page last free stack trace: