last executing test programs:

1m25.801999863s ago: executing program 1 (id=893):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rename(&(0x7f0000000040)='./file1\x00', 0x0)
pipe(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, 0x0)
creat(0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000280), &(0x7f0000000200)=r3}, 0x20)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$packet(0x11, 0x2, 0x300)
r4 = syz_open_procfs(0x0, 0x0)
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x35, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x408)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)

1m25.712735165s ago: executing program 1 (id=894):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000010100000000b58104a7baaf442a7c345a2bd890e6ed14a6709e9431f4f0b9ec867faaa6648743d7351078170b428b02b9a97d2f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, 0x0, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0400000000000000000000000000000d04000000000000000000000400000000040000000000000803000000000000006100facde307bf245ff0082a662b212769f0a312843141f50262cf74bfb134a626afa1727359a08c719e6fe75435f6704db5792ba88ad239423b78000de15acc674dbb4bfe53d579d41a80c0e7c9d99885f7d2c2e06c6bd504317d57ea921ea9cd3b32c6b3a5bb9f5f4a25a4e34b86e20dc45ee8d02dfcbf26dffe3a9bde5fe26b98bf1407b0661f1ceef07129600df5cb28622bcb6072172fee81e3fad3521b6cf1c5f33935b7d40d657ae218b14fa6d2561f42957823d448ed51731d12dc99d3be909284d34e726b6ff4cf209c706b34ea28109101af1772f08fe704a2d5840f00cd5528fb48c9"], 0x0, 0x52}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
unshare(0x20040400)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r4=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000100)={r4, 0x2, 0x6}, 0x10)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={r4, 0x1, 0x6, @multicast}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000640)={'syztnl0\x00', &(0x7f00000005c0)={'syztnl2\x00', 0x0, 0x29, 0x6, 0x8, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}, @empty, 0x40, 0x31, 0x8, 0x1000}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'sit0\x00'})
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x420, 0xffffffff, 0x260, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x350, 0x350, 0x350, 0xffffffff, 0x4, &(0x7f00000004c0), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x34}, [0xff, 0xffffffff, 0xff000000], [0xffffff00, 0xffffffff, 0x0, 0xff000000], 'caif0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x3a, 0x0, 0x3, 0x28}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x168, 0x190, 0x0, {}, [@common=@srh1={{0x90}, {0x6c, 0x7, 0x1, 0x9, 0x7f, @remote, @private0, @local, [0x0, 0x0, 0xff, 0xffffffff], [0x0, 0xff, 0xff], [0xffffff00, 0xffff00, 0x0, 0xff000000], 0x24, 0xa4}}, @common=@ah={{0x30}, {[0x4d2, 0x4d6], 0x6, 0xb, 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'veth1_to_batadv\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x480)

1m25.643255676s ago: executing program 1 (id=895):
socket$nl_route(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x10b, &(0x7f00000001c0)={0x0, 0x587d, 0x1000, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000240)=<r3=>0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
r5 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x1})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
lseek(r4, 0x2000, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x80, &(0x7f00000000c0)=@in={0x2, 0x4e22, @local}})
unshare(0x2a020400)
r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x120)
vmsplice(r6, 0x0, 0x4000, 0x1)
io_uring_enter(r1, 0x351e, 0x483, 0x0, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001340)={&(0x7f0000000340)='kfree\x00', r7, 0x0, 0x6}, 0x18)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000000003803afffe8000000000000000000000000000aaff02000000000000000000000000000186009078010000000000000000000000190aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af250203010000000500000000260004000318fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f883ff08895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000190b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0252107b8a3e100908f61640000000200fe80ffff00000000000000ff0bc0fe00000000008879e66485201a0015ca83747357a02745000400000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf0630af1f98aea6fb3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7596d779b8353aac33a57d79b05613a12328f6101000000634a287570af5e4e12e213408c0005d5170000dce9674a36da018dff16e7a94fe18e88605abbbe1a02a326a63ce65f81ed000000"], 0x0)
r8 = creat(&(0x7f0000000080)='./file0\x00', 0xc7)
close(r8)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r9 = socket$xdp(0x2c, 0x3, 0x0)
r10 = socket(0x1d, 0x2, 0x6)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',w=', @ANYRESHEX=r9, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x717e, 0x100, 0x3, 0x150}, &(0x7f0000000140), &(0x7f0000000200))

1m25.437961099s ago: executing program 1 (id=899):
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
prctl$PR_SET_NAME(0xf, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = syz_clone(0x1800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x5}, 0x18)
kcmp(r0, r0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)

1m25.38014105s ago: executing program 1 (id=901):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
close(r1)

1m25.207769583s ago: executing program 1 (id=903):
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000, 0x4)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x48)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000500)=0x35)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f00000007c0)=0x101, 0x0, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1d, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x0, 0x1, 0x4, 0x0, 0x8, 0x0, 0x4}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000540)='syzkaller\x00', 0x4, 0x0, &(0x7f0000000640), 0x40f00, 0x10, '\x00', 0x0, @fallback=0x3, r3, 0x8, &(0x7f0000000780)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000900)={0x5, 0xb, 0x5, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)=[r1, r3, r3, r1, r1, r1, 0xffffffffffffffff, r3, 0xffffffffffffffff], 0x0, 0x10, 0x8}, 0x94)
flock(0xffffffffffffffff, 0x5)
io_setup(0x0, &(0x7f00000002c0)=<r4=>0x0)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000000a14010025bd7000fedbdf25050009"], 0x28}, 0x1, 0x0, 0x0, 0x4024}, 0x480c0)
socket$igmp6(0xa, 0x3, 0x2)
socket$packet(0x11, 0x2, 0x300)
io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x8, 0x0, r0, &(0x7f0000000440)="012b7e61f51ab2e347089cfe28d84cbc0bac7bdb6c9f4bd08c835ff3573f1594feba23997debf0fe75d4b8a60278d544ee48faf78911ea9473f6f6a02378153aa5f7930c56b1bc16b4a06b97c3f48fd341a75ad78f198fc9e2b161779a56f40cebc739716345b2a67e99fa58e6e00027086f56c05604ca2698bbe5679d1125d0117b649ae6b6bc83409573befc0f5007c6f03011", 0x94, 0x0, 0x0, 0x3}])
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYRESOCT=r1], &(0x7f0000000200)='GPL\x00', 0xb7, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_mreqsrc(r5, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x8)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m25.182654164s ago: executing program 32 (id=903):
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x4000, 0x4)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r0], 0x48)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000500)=0x35)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f00000007c0)=0x101, 0x0, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x1d, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x0, 0x1, 0x4, 0x0, 0x8, 0x0, 0x4}, @exit, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000540)='syzkaller\x00', 0x4, 0x0, &(0x7f0000000640), 0x40f00, 0x10, '\x00', 0x0, @fallback=0x3, r3, 0x8, &(0x7f0000000780)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000900)={0x5, 0xb, 0x5, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)=[r1, r3, r3, r1, r1, r1, 0xffffffffffffffff, r3, 0xffffffffffffffff], 0x0, 0x10, 0x8}, 0x94)
flock(0xffffffffffffffff, 0x5)
io_setup(0x0, &(0x7f00000002c0)=<r4=>0x0)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000000a14010025bd7000fedbdf25050009"], 0x28}, 0x1, 0x0, 0x0, 0x4024}, 0x480c0)
socket$igmp6(0xa, 0x3, 0x2)
socket$packet(0x11, 0x2, 0x300)
io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x8, 0x0, r0, &(0x7f0000000440)="012b7e61f51ab2e347089cfe28d84cbc0bac7bdb6c9f4bd08c835ff3573f1594feba23997debf0fe75d4b8a60278d544ee48faf78911ea9473f6f6a02378153aa5f7930c56b1bc16b4a06b97c3f48fd341a75ad78f198fc9e2b161779a56f40cebc739716345b2a67e99fa58e6e00027086f56c05604ca2698bbe5679d1125d0117b649ae6b6bc83409573befc0f5007c6f03011", 0x94, 0x0, 0x0, 0x3}])
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYRESOCT=r1], &(0x7f0000000200)='GPL\x00', 0xb7, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_mreqsrc(r5, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x8)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m21.335300926s ago: executing program 3 (id=933):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000800)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x300}, 0x48)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0x4, 0x0, 0xb51b, 0x10}, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001200010a0000000000000000820000004011c111c4"], 0x26}}, 0x0)
socket$packet(0x11, 0xa, 0x300)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
creat(&(0x7f0000000180)='./file0\x00', 0x60)

1m21.214570698s ago: executing program 3 (id=935):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x4e, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000010700000000200000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x2000000}, 0x0)

1m20.867783024s ago: executing program 3 (id=937):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0xfe59)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0, 0x8}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc8}, 0x1, 0x0, 0x0, 0x28008040}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
fchdir(r4)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000)

1m20.431328601s ago: executing program 3 (id=939):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = syz_open_procfs(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f00000000c0), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x4, 0x0, 0x3, 0x6, 0x0, 0x20, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
unlink(&(0x7f0000000180)='./file1\x00')

1m19.482493577s ago: executing program 3 (id=943):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41101, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1f, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb206db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})

1m19.047816454s ago: executing program 3 (id=946):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000640)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002"], 0x254}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1200)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

1m18.999809295s ago: executing program 33 (id=946):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000640)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002"], 0x254}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1200)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

1m17.886697843s ago: executing program 4 (id=951):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="050000000500000081f00200000007000000984e49f27686", @ANYRES32=0x1, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = socket$tipc(0x1e, 0x5, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000006000000000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
bind$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES8], 0x48)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x0, 0x1000f4)

1m17.797349195s ago: executing program 4 (id=953):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = syz_open_procfs(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f00000000c0), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)

1m17.46662982s ago: executing program 4 (id=957):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000010100000000b58104a7baaf442a7c345a2bd890e6ed14a6709e9431f4f0b9ec867faaa6648743d7351078170b428b02b9a97d2f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, 0x0, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0400000000000000000000000000000d04000000000000000000000400000000040000000000000803000000000000006100facde307bf245ff0082a662b212769f0a312843141f50262cf74bfb134a626afa1727359a08c719e6fe75435f6704db5792ba88ad239423b78000de15acc674dbb4bfe53d579d41a80c0e7c9d99885f7d2c2e06c6bd504317d57ea921ea9cd3b32c6b3a5bb9f5f4a25a4e34b86e20dc45ee8d02dfcbf26dffe3a9bde5fe26b98bf1407b0661f1ceef07129600df5cb28622bcb6072172fee81e3fad3521b6cf1c5f33935b7d40d657ae218b14fa6d2561f42957823d448ed51731d12dc99d3be909284d34e726b6ff4cf209c706b34ea28109101af1772f08fe704a2d5840f00cd5528fb48c9"], 0x0, 0x52}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
unshare(0x20040400)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r4=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000100)={r4, 0x2, 0x6}, 0x10)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={r4, 0x1, 0x6, @multicast}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000640)={'syztnl0\x00', &(0x7f00000005c0)={'syztnl2\x00', 0x0, 0x29, 0x6, 0x8, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}, @empty, 0x40, 0x31, 0x8, 0x1000}})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'sit0\x00'})
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x420, 0xffffffff, 0x260, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x350, 0x350, 0x350, 0xffffffff, 0x4, &(0x7f00000004c0), {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x34}, [0xff, 0xffffffff, 0xff000000], [0xffffff00, 0xffffffff, 0x0, 0xff000000], 'caif0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x3a, 0x0, 0x3, 0x28}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x168, 0x190, 0x0, {}, [@common=@srh1={{0x90}, {0x6c, 0x7, 0x1, 0x9, 0x7f, @remote, @private0, @local, [0x0, 0x0, 0xff, 0xffffffff], [0x0, 0xff, 0xff], [0xffffff00, 0xffff00, 0x0, 0xff000000], 0x24, 0xa4}}, @common=@ah={{0x30}, {[0x4d2, 0x4d6], 0x6, 0xb, 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'veth1_to_batadv\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x480)

1m17.278848033s ago: executing program 4 (id=960):
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
prctl$PR_SET_NAME(0xf, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_clone(0x1800000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)

1m16.976556738s ago: executing program 4 (id=966):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

1m16.531608455s ago: executing program 4 (id=968):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_secret(0x80000)
ftruncate(r2, 0x51a9497)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYRES8], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@fallback=r5, 0x24, 0x0, 0x3, &(0x7f0000000240)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
finit_module(r2, 0x0, 0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="05a00200000000002800128009000100766c616e00000000180002800c000200540a00001d000000060001000000000008000500", @ANYRES32=r8], 0x50}, 0x1, 0xba01}, 0x20)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004)
ioctl$sock_SIOCBRDELBR(r9, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x2e, &(0x7f0000000140)={@broadcast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @empty, @empty, @local, @remote}}}}, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x40000080)
syz_usb_disconnect(0xffffffffffffffff)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)

1m16.435988167s ago: executing program 34 (id=968):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_secret(0x80000)
ftruncate(r2, 0x51a9497)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYRES8], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@fallback=r5, 0x24, 0x0, 0x3, &(0x7f0000000240)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
finit_module(r2, 0x0, 0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="05a00200000000002800128009000100766c616e00000000180002800c000200540a00001d000000060001000000000008000500", @ANYRES32=r8], 0x50}, 0x1, 0xba01}, 0x20)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004)
ioctl$sock_SIOCBRDELBR(r9, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x2e, &(0x7f0000000140)={@broadcast, @multicast, @val={@void}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @empty, @empty, @local, @remote}}}}, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x40000080)
syz_usb_disconnect(0xffffffffffffffff)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)

46.322973401s ago: executing program 0 (id=1292):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_submit_inode_data\x00', 0xffffffffffffffff, 0x0, 0x7f}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
r0 = socket(0x10, 0x3, 0x9)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=ANY=[@ANYBLOB="14000000f60301000000009c51759bf866a89d0a14000000110001f75f37f2cfa6ef28bac72f9a3e"], 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)

46.196368712s ago: executing program 0 (id=1293):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(r2, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
creat(&(0x7f0000000180)='./file0\x00', 0x60)

46.161189103s ago: executing program 0 (id=1294):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058000084696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c0196322e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d0300470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b720000000000000000000000000000005214e7febdbc00"], 0x1, 0x120b, &(0x7f0000002300)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=")
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000001300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

45.988554896s ago: executing program 0 (id=1296):
perf_event_open(&(0x7f0000000e00)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0xd, 0xd8750, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x4c58, 0x5, 0x0, 0x1, 0x6, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000080)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='mpol=interleave,mpol=local'])
open$dir(&(0x7f0000000000)='./file0/file0\x00', 0x101042, 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x34, r6, 0x1, 0x0, 0x0, {0x1a}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r7}, 0x18)
ustat(0x5, &(0x7f0000000300))
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001"], 0x64}}, 0x0)

45.058578131s ago: executing program 0 (id=1304):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(r2, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
creat(&(0x7f0000000180)='./file0\x00', 0x60)

44.563274689s ago: executing program 0 (id=1308):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='writeback_sb_inodes_requeue\x00', r1}, 0x18)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
r4 = fsmount(r2, 0x0, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r8}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a030000000000000000000002"], 0x0, 0x56}, 0x20)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a40ffff060e05000300020000000900020073797a310000000005000100070000005052a4a44bc54e80dce10780be1b8128028e4110d16da30898831ae1bea934a4cea000e214e4f57e4840494e9d5d12fd7e4dfd02ed"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
openat(r4, &(0x7f0000000040)='./file0\x00', 0x515a02, 0x52abe154ad664fa4)

44.49277858s ago: executing program 35 (id=1308):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='writeback_sb_inodes_requeue\x00', r1}, 0x18)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
r4 = fsmount(r2, 0x0, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r8}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a030000000000000000000002"], 0x0, 0x56}, 0x20)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a40ffff060e05000300020000000900020073797a310000000005000100070000005052a4a44bc54e80dce10780be1b8128028e4110d16da30898831ae1bea934a4cea000e214e4f57e4840494e9d5d12fd7e4dfd02ed"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
openat(r4, &(0x7f0000000040)='./file0\x00', 0x515a02, 0x52abe154ad664fa4)

2.330246652s ago: executing program 6 (id=1905):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x281c2, 0x120)
fcntl$setlease(r2, 0x400, 0x1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

2.219733483s ago: executing program 6 (id=1907):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='writeback_sb_inodes_requeue\x00', r1}, 0x18)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
r4 = fsmount(r2, 0x0, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00'}, 0x18)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="480000000906010200000000000000000200ffff200007800c00018008000140e000000208000a40ffff060e05000300020000000900020073797a310000000005000100070000005052a4a44bc54e80dce10780be1b8128028e4110d16da30898831ae1bea934a4cea000e214e4f57e4840494e9d5d12fd7e4dfd02ed"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
openat(r4, &(0x7f0000000040)='./file0\x00', 0x515a02, 0x52abe154ad664fa4)

2.158834504s ago: executing program 6 (id=1910):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xffffffff}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030007e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
pipe(&(0x7f0000000080))
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r5], 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

2.034679806s ago: executing program 6 (id=1914):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000640)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00"/36, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002"], 0x254}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1200)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
utimes(&(0x7f0000000080)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="60000000100001042cbd70000000000000000000", @ANYRES32=r9, @ANYBLOB="0000000014310000400012800b000100697036746e6c00003000028005000600ee40000027000200fc02000000000000000000000000000106000f00000000000500050000000000a26e114d09e94f1da6cac4a7ad9aa9b3281dcd5b89e6b66d8052b0fb3a795a41923530967aac2471f882c73b11a211853aea6b0ebffce39fca57e617c96a0de6b107c2a820ebb7e72169da944659a31e0a5a54f18773aa9214db4b81da0b9e4d84b46f4e0d45394eb6b9ee4df9cee072d6d2763af875437fdc745d4010ececa9872147fdd95811357441b59b8aef613c3740ea2ae66e579e1f99d762724db7f2e7b469395e2649a99b019329998eb8f4b2b19bf71b5a554802ec1170bcdffa71bdf0b08c09ada71db537685cfe97eb37823cab4bc6ce0f67dd308b278307a8771f051baba831348e44caadae79c2e2fb103bd8c222d6554ab1f4fb32713fe01758807615f8389e3e1046c5d4"], 0x60}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9c0000001000010400"/20, @ANYRES32=r9, @ANYBLOB="8750a754ac0000007c0012800b000100697036746e6c00106c000280140002000000000000000000000000000000000114000200fe8000000000000000000000000000aa14000300fe8000000000000000000000000000bb08bc550973263549f22c1ac3a5d5", @ANYRES32=r9, @ANYBLOB], 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

1.508207936s ago: executing program 2 (id=1921):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000d00)='/sys/power/mem_sleep', 0x122102, 0x0)
sendfile(r2, r2, 0x0, 0x6)

1.22826488s ago: executing program 2 (id=1922):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000640)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002"], 0x254}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1200)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
utimes(&(0x7f0000000080)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r7 = socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9c0000001000010400"/20, @ANYRES32=r8, @ANYBLOB="8750a754ac0000007c0012800b000100697036746e6c00106c000280140002000000000000000000000000000000000114000200fe8000000000000000000000000000aa14000300fe8000000000000000000000000000bb08bc550973263549f22c1ac3a5d5", @ANYRES32=r8, @ANYBLOB], 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

1.046980352s ago: executing program 6 (id=1923):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0xfffffffd, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$netlink(0x10, 0x3, 0xf)
r1 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f00000074c0)={0x0, 0x0, &(0x7f0000007480)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0xa}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0xfffe, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0xfd, 0x2, 0x7ff}, {0x6, 0x0, 0x1}]}, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})

1.034995763s ago: executing program 8 (id=1924):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xffffffff}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030007e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
pipe(&(0x7f0000000080))
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r5], 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

939.869044ms ago: executing program 6 (id=1925):
r0 = syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r2, &(0x7f0000000740)="cc", 0x1)
sendfile(r2, r1, 0x0, 0x3ffff)
sendfile(r2, r1, 0x0, 0x7fffeffd)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
openat(r0, &(0x7f0000000100)='./bus/file0\x00', 0x4c4c01, 0x28)
sync()
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
io_setup(0x6, &(0x7f0000001000)=<r3=>0x0)
io_getevents(r3, 0x3, 0x3, &(0x7f00000010c0)=[{}, {}, {}], &(0x7f0000001140)={0x0, 0x3938700})
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f00000007c0), 0x4)
keyctl$read(0xb, 0x0, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, 0x0, 0x0)
flock(0xffffffffffffffff, 0x5)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sync()
bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x6)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
write(r6, &(0x7f00000001c0)="f14a18f6", 0x4)
sendfile(r6, 0xffffffffffffffff, 0x0, 0x40001)
sendfile(r6, r5, 0x0, 0x7ffff000)

917.219175ms ago: executing program 8 (id=1926):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rename(&(0x7f0000000040)='./file1\x00', 0x0)
pipe(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, 0x0)
creat(0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000280), &(0x7f0000000200)=r3}, 0x20)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$packet(0x11, 0x2, 0x300)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x35, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x408)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)

799.078127ms ago: executing program 8 (id=1928):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

710.739728ms ago: executing program 8 (id=1929):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")

549.841871ms ago: executing program 8 (id=1931):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES32=r0], 0xa0}, 0x1, 0x0, 0x0, 0x400c881}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="0000000000000000b708000000000000000000000007020000f8ffffffb703000008000000b70400000000000085000000010000009500"/65], &(0x7f0000000100)='GPL\x00', 0x1400, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4080}, 0x8000)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xfff1, 0xffff}, {0x1b6dd91e85e94ce1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@delchain={0x24, 0x2e, 0x3, 0x0, 0x3, {0x0, 0x0, 0x0, r7, {0xfff2, 0x7}, {0xfff3, 0xffff}, {0x7, 0xe}}}, 0x24}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000090000004200000040000000c0000000", @ANYRES32=0x1, @ANYBLOB="00000000000001000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r8}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffefffff}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

522.648781ms ago: executing program 5 (id=1932):
r0 = socket(0x10, 0x3, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=ANY=[@ANYBLOB="14000000f60301000000009c51759bf866a89d0a14000000110001f75f37f2cfa6ef28bac72f9a3e"], 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)

470.822182ms ago: executing program 8 (id=1934):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000640)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00"/36, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002"], 0x254}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x1200)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
utimes(&(0x7f0000000080)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="60000000100001042cbd70000000000000000000", @ANYRES32=r9, @ANYBLOB="0000000014310000400012800b000100697036746e6c00003000028005000600ee40000027000200fc02000000000000000000000000000106000f00000000000500050000000000a26e114d09e94f1da6cac4a7ad9aa9b3281dcd5b89e6b66d8052b0fb3a795a41923530967aac2471f882c73b11a211853aea6b0ebffce39fca57e617c96a0de6b107c2a820ebb7e72169da944659a31e0a5a54f18773aa9214db4b81da0b9e4d84b46f4e0d45394eb6b9ee4df9cee072d6d2763af875437fdc745d4010ececa9872147fdd95811357441b59b8aef613c3740ea2ae66e579e1f99d762724db7f2e7b469395e2649a99b019329998eb8f4b2b19bf71b5a554802ec1170bcdffa71bdf0b08c09ada71db537685cfe97eb37823cab4bc6ce0f67dd308b278307a8771f051baba831348e44caadae79c2e2fb103bd8c222d6554ab1f4fb32713fe01758807615f8389e3e1046c5d4"], 0x60}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9c0000001000010400"/20, @ANYRES32=r9, @ANYBLOB="8750a754ac0000007c0012800b000100697036746e6c00106c000280140002000000000000000000000000000000000114000200fe8000000000000000000000000000aa14000300fe8000000000000000000000000000bb08bc550973263549f22c1ac3a5d5", @ANYRES32=r9, @ANYBLOB], 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

425.500143ms ago: executing program 5 (id=1936):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xffffffff}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030007e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
pipe(&(0x7f0000000080))
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r5], 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

359.702534ms ago: executing program 7 (id=1937):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(r2, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
creat(&(0x7f0000000180)='./file0\x00', 0x60)

358.885074ms ago: executing program 7 (id=1938):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rename(&(0x7f0000000040)='./file1\x00', 0x0)
pipe(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, 0x0)
creat(0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000280), &(0x7f0000000200)=r3}, 0x20)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$packet(0x11, 0x2, 0x300)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x35, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x408)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)

353.402714ms ago: executing program 5 (id=1939):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000040000009900"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x281c2, 0x120)
fcntl$setlease(r2, 0x400, 0x1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

326.098725ms ago: executing program 5 (id=1940):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="050000000500000081f00200000007000000984e49f27686", @ANYRES32=0x1, @ANYBLOB="ffffffff00"/20, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = socket$tipc(0x1e, 0x5, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000006000000000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
bind$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES8], 0x48)
r3 = syz_clone3(&(0x7f0000000a00)={0x12000, &(0x7f0000000240), &(0x7f00000002c0), &(0x7f0000000300), {0x13}, &(0x7f0000000640)=""/238, 0xee, &(0x7f00000008c0)=""/232, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff], 0xa}, 0x58)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0xfd, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0xd}, 0x4, 0x2, 0x0, 0x6, 0x8, 0x20002, 0x2b, 0x0, 0x0, 0x0, 0x2}, r3, 0x5, 0xffffffffffffffff, 0x2)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000000)=0x1, 0x4)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r6 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYRESDEC=r2], 0x48)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/reserved_size', 0x169a82, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, r7, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='sched_move_numa\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
fallocate(r5, 0x0, 0x0, 0x1000f4)
io_submit(0x0, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r6}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r5, 0x0, 0x0, 0xffffffffffffffff}])

268.189495ms ago: executing program 2 (id=1941):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x40, 0x0, 0x7, 0x510, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0xc, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000040000000400000001"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, r0}, 0x38)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r2, @ANYBLOB="ffffffff0a000200e1ff"], 0x28}, 0x1, 0x0, 0x0, 0x44801}, 0x200000c0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x26000451}, 0x800)

237.432396ms ago: executing program 2 (id=1942):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000300)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0xa)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x5c, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x9}, {0x10, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0xffff00, 0xffffffff, 0xffffff00, 0xff]}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @empty}]}}]}, 0x5c}}, 0x4040004)

236.746246ms ago: executing program 7 (id=1943):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x28440, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040814}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newtfilter={0x60, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x8}, {}, {0xfff2, 0xb}}, [@filter_kind_options=@f_matchall={{0xd}, {0x2c, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_CLASSID={0xfffffffffffffedf, 0x1, {0x0, 0xffff}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x8, 0xffe0}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x8}]}}]}, 0x60}}, 0x400c084)

205.395007ms ago: executing program 5 (id=1944):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

199.413256ms ago: executing program 2 (id=1945):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES32=r0], 0xa0}, 0x1, 0x0, 0x0, 0x400c881}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="0000000000000000b708000000000000000000000007020000f8ffffffb703000008000000b70400000000000085000000010000009500"/65], &(0x7f0000000100)='GPL\x00', 0x1400, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4080}, 0x8000)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xfff1, 0xffff}, {0x1b6dd91e85e94ce1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@delchain={0x24, 0x2e, 0x3, 0x0, 0x3, {0x0, 0x0, 0x0, r7, {0xfff2, 0x7}, {0xfff3, 0xffff}, {0x7, 0xe}}}, 0x24}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000090000004200000040000000c0000000", @ANYRES32=0x1, @ANYBLOB="00000000000001000100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r8}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffefffff}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

165.620087ms ago: executing program 5 (id=1946):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f0000000740)="cc", 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7fffeffd)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0)
write(r3, &(0x7f00000001c0)="f14a18f6", 0x4)
sendfile(r3, r2, 0x0, 0x7ffff000)

145.309817ms ago: executing program 7 (id=1947):
r0 = socket(0x10, 0x3, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)=ANY=[@ANYBLOB="14000000f60301000000009c51759bf866a89d0a14000000110001f75f37f2cfa6ef28bac72f9a3e"], 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)

55.141949ms ago: executing program 7 (id=1948):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x300, 0x0, 0x0, 0x6c, 0x0, @private}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}}}, 0x0)

44.481289ms ago: executing program 2 (id=1949):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x103940)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000180)={0x80, 0x2a, 0x3})

0s ago: executing program 7 (id=1950):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000040000009900"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x281c2, 0x120)
fcntl$setlease(r2, 0x400, 0x1)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

p7: detected capacity change from 0 to 1024
[  135.007715][ T7922] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.035448][ T7922] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4113: comm syz.7.1222: Allocating blocks 497-513 which overlap fs metadata
[  135.040263][ T7926] loop2: detected capacity change from 0 to 1024
[  135.062494][ T7922] EXT4-fs (loop7): pa ffff888106a298c0: logic 256, phys. 369, len 9
[  135.070663][ T7922] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  135.081069][ T7922] EXT4-fs error (device loop7): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  135.116289][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.125699][ T7926] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.151642][ T7931] netlink: 'syz.7.1224': attribute type 1 has an invalid length.
[  135.162215][ T7926] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1223: Allocating blocks 497-513 which overlap fs metadata
[  135.171278][ T7931] 8021q: adding VLAN 0 to HW filter on device bond1
[  135.186658][ T7926] EXT4-fs (loop2): pa ffff888106a6c4d0: logic 256, phys. 369, len 9
[  135.195452][ T7926] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  135.207374][ T7926] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  135.231335][ T7933] bond1: (slave veth3): Enslaving as an active interface with a down link
[  135.255787][ T7931] bond1: (slave dummy0): making interface the new active one
[  135.275891][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.284821][ T7931] dummy0: entered promiscuous mode
[  135.290341][ T7931] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  135.378464][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1228'.
[  135.411664][ T7945] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1229'.
[  135.476315][ T7947] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1229'.
[  135.487613][ T7948] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1228'.
[  136.268199][ T7944] Set syz1 is full, maxelem 65536 reached
[  136.308116][ T7967] loop5: detected capacity change from 0 to 512
[  136.391191][ T7967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.516764][ T7975] loop6: detected capacity change from 0 to 512
[  136.559619][ T7953] Set syz1 is full, maxelem 65536 reached
[  136.628273][ T7975] EXT4-fs (loop6): too many log groups per flexible block group
[  136.636076][ T7975] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  136.674954][ T7975] EXT4-fs (loop6): mount failed
[  136.776799][ T7990] FAULT_INJECTION: forcing a failure.
[  136.776799][ T7990] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.789960][ T7990] CPU: 0 UID: 0 PID: 7990 Comm: syz.2.1239 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  136.789989][ T7990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.790016][ T7990] Call Trace:
[  136.790023][ T7990]  <TASK>
[  136.790030][ T7990]  __dump_stack+0x1d/0x30
[  136.790050][ T7990]  dump_stack_lvl+0xe8/0x140
[  136.790129][ T7990]  dump_stack+0x15/0x1b
[  136.790220][ T7990]  should_fail_ex+0x265/0x280
[  136.790252][ T7990]  should_fail+0xb/0x20
[  136.790279][ T7990]  should_fail_usercopy+0x1a/0x20
[  136.790311][ T7990]  _copy_to_user+0x20/0xa0
[  136.790355][ T7990]  simple_read_from_buffer+0xb5/0x130
[  136.790462][ T7990]  proc_fail_nth_read+0x100/0x140
[  136.790498][ T7990]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.790581][ T7990]  vfs_read+0x1a0/0x6f0
[  136.790611][ T7990]  ? __rcu_read_unlock+0x4f/0x70
[  136.790689][ T7990]  ? __fget_files+0x184/0x1c0
[  136.790711][ T7990]  ksys_read+0xda/0x1a0
[  136.790758][ T7990]  __x64_sys_read+0x40/0x50
[  136.790789][ T7990]  x64_sys_call+0x2d77/0x2fb0
[  136.790811][ T7990]  do_syscall_64+0xd2/0x200
[  136.790830][ T7990]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  136.790857][ T7990]  ? clear_bhb_loop+0x40/0x90
[  136.790923][ T7990]  ? clear_bhb_loop+0x40/0x90
[  136.790945][ T7990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.790966][ T7990] RIP: 0033:0x7fa386f6d3bc
[  136.790982][ T7990] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  136.791059][ T7990] RSP: 002b:00007fa3855cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.791135][ T7990] RAX: ffffffffffffffda RBX: 00007fa387195fa0 RCX: 00007fa386f6d3bc
[  136.791147][ T7990] RDX: 000000000000000f RSI: 00007fa3855cf0a0 RDI: 0000000000000006
[  136.791159][ T7990] RBP: 00007fa3855cf090 R08: 0000000000000000 R09: 0000000000000000
[  136.791194][ T7990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.791208][ T7990] R13: 0000000000000000 R14: 00007fa387195fa0 R15: 00007ffddbfd4198
[  136.791229][ T7990]  </TASK>
[  136.996381][   T29] kauditd_printk_skb: 163 callbacks suppressed
[  136.996398][   T29] audit: type=1326 audit(1753680290.902:5229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.026905][   T29] audit: type=1326 audit(1753680290.902:5230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.051062][   T29] audit: type=1326 audit(1753680290.902:5231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.075510][   T29] audit: type=1326 audit(1753680290.902:5232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.099646][   T29] audit: type=1326 audit(1753680290.902:5233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.123887][   T29] audit: type=1326 audit(1753680290.902:5234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.148468][   T29] audit: type=1326 audit(1753680290.902:5235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.172626][   T29] audit: type=1326 audit(1753680290.902:5236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.196754][   T29] audit: type=1326 audit(1753680290.902:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.220735][   T29] audit: type=1326 audit(1753680290.902:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7be9ee9a9 code=0x7ffc0000
[  137.276678][ T7998] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=7998 comm=syz.2.1242
[  137.307482][ T8002] FAULT_INJECTION: forcing a failure.
[  137.307482][ T8002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.320713][ T8002] CPU: 0 UID: 0 PID: 8002 Comm: syz.2.1244 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  137.320774][ T8002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.320785][ T8002] Call Trace:
[  137.320791][ T8002]  <TASK>
[  137.320865][ T8002]  __dump_stack+0x1d/0x30
[  137.320883][ T8002]  dump_stack_lvl+0xe8/0x140
[  137.320926][ T8002]  dump_stack+0x15/0x1b
[  137.320987][ T8002]  should_fail_ex+0x265/0x280
[  137.321031][ T8002]  should_fail+0xb/0x20
[  137.321055][ T8002]  should_fail_usercopy+0x1a/0x20
[  137.321083][ T8002]  _copy_from_user+0x1c/0xb0
[  137.321151][ T8002]  __copy_msghdr+0x244/0x300
[  137.321182][ T8002]  ___sys_sendmsg+0x109/0x1d0
[  137.321251][ T8002]  __x64_sys_sendmsg+0xd4/0x160
[  137.321272][ T8002]  x64_sys_call+0x2999/0x2fb0
[  137.321353][ T8002]  do_syscall_64+0xd2/0x200
[  137.321370][ T8002]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  137.321486][ T8002]  ? clear_bhb_loop+0x40/0x90
[  137.321585][ T8002]  ? clear_bhb_loop+0x40/0x90
[  137.321657][ T8002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.321676][ T8002] RIP: 0033:0x7fa386f6e9a9
[  137.321689][ T8002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.321711][ T8002] RSP: 002b:00007fa3855cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.321842][ T8002] RAX: ffffffffffffffda RBX: 00007fa387195fa0 RCX: 00007fa386f6e9a9
[  137.321854][ T8002] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  137.321869][ T8002] RBP: 00007fa3855cf090 R08: 0000000000000000 R09: 0000000000000000
[  137.321955][ T8002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.321970][ T8002] R13: 0000000000000000 R14: 00007fa387195fa0 R15: 00007ffddbfd4198
[  137.321994][ T8002]  </TASK>
[  137.570051][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.603684][ T8012] loop5: detected capacity change from 0 to 1024
[  137.647820][ T8012] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.705881][ T8012] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  137.796001][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.099135][ T8042] loop7: detected capacity change from 0 to 8192
[  138.218027][ T8046] ALSA: seq fatal error: cannot create timer (-22)
[  138.254824][ T8048] loop0: detected capacity change from 0 to 512
[  138.271528][ T8048] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  138.294953][ T8048] EXT4-fs (loop0): 1 truncate cleaned up
[  138.304936][ T8048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.485632][ T8057] loop7: detected capacity change from 0 to 512
[  138.514126][ T8057] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.568776][ T8057] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.638915][ T8057] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.990720][ T8068] loop6: detected capacity change from 0 to 256
[  139.045207][ T8068] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  139.095215][ T8070] loop5: detected capacity change from 0 to 128
[  139.123611][ T8068] FAT-fs (loop6): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  139.132215][ T8068] FAT-fs (loop6): Filesystem has been set read-only
[  139.160576][ T8068] FAULT_INJECTION: forcing a failure.
[  139.160576][ T8068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.173840][ T8068] CPU: 0 UID: 0 PID: 8068 Comm: syz.6.1267 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  139.173874][ T8068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.173963][ T8068] Call Trace:
[  139.173972][ T8068]  <TASK>
[  139.173982][ T8068]  __dump_stack+0x1d/0x30
[  139.174036][ T8068]  dump_stack_lvl+0xe8/0x140
[  139.174061][ T8068]  dump_stack+0x15/0x1b
[  139.174082][ T8068]  should_fail_ex+0x265/0x280
[  139.174137][ T8068]  should_fail+0xb/0x20
[  139.174175][ T8068]  should_fail_usercopy+0x1a/0x20
[  139.174206][ T8068]  _copy_to_user+0x20/0xa0
[  139.174226][ T8068]  simple_read_from_buffer+0xb5/0x130
[  139.174276][ T8068]  proc_fail_nth_read+0x100/0x140
[  139.174313][ T8068]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  139.174390][ T8068]  vfs_read+0x1a0/0x6f0
[  139.174422][ T8068]  ? __rcu_read_unlock+0x4f/0x70
[  139.174447][ T8068]  ? __fget_files+0x184/0x1c0
[  139.174530][ T8068]  ksys_read+0xda/0x1a0
[  139.174560][ T8068]  __x64_sys_read+0x40/0x50
[  139.174590][ T8068]  x64_sys_call+0x2d77/0x2fb0
[  139.174658][ T8068]  do_syscall_64+0xd2/0x200
[  139.174676][ T8068]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  139.174701][ T8068]  ? clear_bhb_loop+0x40/0x90
[  139.174723][ T8068]  ? clear_bhb_loop+0x40/0x90
[  139.174815][ T8068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.174835][ T8068] RIP: 0033:0x7f7d966cd3bc
[  139.174853][ T8068] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  139.174870][ T8068] RSP: 002b:00007f7d94d2f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  139.174888][ T8068] RAX: ffffffffffffffda RBX: 00007f7d968f5fa0 RCX: 00007f7d966cd3bc
[  139.174900][ T8068] RDX: 000000000000000f RSI: 00007f7d94d2f0a0 RDI: 0000000000000008
[  139.174924][ T8068] RBP: 00007f7d94d2f090 R08: 0000000000000000 R09: 0000000000000000
[  139.174939][ T8068] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[  139.175002][ T8068] R13: 0000000000000000 R14: 00007f7d968f5fa0 R15: 00007ffc5b0428f8
[  139.175048][ T8068]  </TASK>
[  139.492867][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.563234][ T8073] loop2: detected capacity change from 0 to 128
[  139.580439][ T8076] __nla_validate_parse: 14 callbacks suppressed
[  139.580462][ T8076] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1272'.
[  139.612490][ T8073] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  139.645824][ T8081] netlink: 44 bytes leftover after parsing attributes in process `+}[@'.
[  139.672494][ T8082] loop6: detected capacity change from 0 to 128
[  139.685350][ T8084] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1274'.
[  139.723392][ T8084] hsr_slave_1 (unregistering): left promiscuous mode
[  139.833641][ T8093] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  139.840744][ T8095] loop2: detected capacity change from 0 to 512
[  139.862492][ T8093] vhci_hcd: default hub control req: 1f07 v0017 i0001 l0
[  139.884272][ T8095] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.996909][ T8107] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1285'.
[  140.006279][ T8103] loop5: detected capacity change from 0 to 8192
[  140.024120][ T8107] netlink: 44 bytes leftover after parsing attributes in process `+}[@'.
[  140.144007][ T8111] loop5: detected capacity change from 0 to 8192
[  140.649557][ T8143] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8143 comm=syz.0.1292
[  140.816159][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.847252][ T8147] loop0: detected capacity change from 0 to 8192
[  140.985961][ T8152] tipc: Enabling of bearer <edp:s> rejected, media not registered
[  140.994011][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.001514][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.009035][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.016496][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.023958][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.031501][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.038973][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.046654][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.054208][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.061628][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.069163][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.076624][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.084185][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.091637][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.096339][ T8158] loop0: detected capacity change from 0 to 512
[  141.099148][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.112954][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.120374][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.127904][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.135419][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.142938][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.150363][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.157851][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.165341][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.172849][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.180279][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.187749][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.189340][ T8158] EXT4-fs: Ignoring removed nobh option
[  141.195376][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195405][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195436][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195507][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195534][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195556][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195583][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195628][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.195654][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.268065][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.275503][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.282997][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.290410][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.297863][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.305350][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.312807][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.320318][ T4775] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  141.325694][ T8158] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.1296: iget: bad i_size value: 38620345925642
[  141.349672][ T8158] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.1296: couldn't read orphan inode 15 (err -117)
[  141.409227][ T8158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.429489][ T4775] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  141.543733][ T8156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1296'.
[  141.543957][ T8165] fido_id[8165]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  141.570455][ T8169] FAULT_INJECTION: forcing a failure.
[  141.570455][ T8169] name failslab, interval 1, probability 0, space 0, times 0
[  141.583238][ T8169] CPU: 0 UID: 0 PID: 8169 Comm: +}[@ Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  141.583268][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.583283][ T8169] Call Trace:
[  141.583290][ T8169]  <TASK>
[  141.583306][ T8169]  __dump_stack+0x1d/0x30
[  141.583333][ T8169]  dump_stack_lvl+0xe8/0x140
[  141.583356][ T8169]  dump_stack+0x15/0x1b
[  141.583428][ T8169]  should_fail_ex+0x265/0x280
[  141.583467][ T8169]  should_failslab+0x8c/0xb0
[  141.583494][ T8169]  kmem_cache_alloc_noprof+0x50/0x310
[  141.583519][ T8169]  ? skb_clone+0x151/0x1f0
[  141.583538][ T8169]  skb_clone+0x151/0x1f0
[  141.583602][ T8169]  __netlink_deliver_tap+0x2c9/0x500
[  141.583631][ T8169]  netlink_unicast+0x653/0x680
[  141.583671][ T8169]  netlink_sendmsg+0x58b/0x6b0
[  141.583692][ T8169]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.583748][ T8169]  __sock_sendmsg+0x142/0x180
[  141.583772][ T8169]  ____sys_sendmsg+0x31e/0x4e0
[  141.583792][ T8169]  ___sys_sendmsg+0x17b/0x1d0
[  141.583854][ T8169]  __x64_sys_sendmsg+0xd4/0x160
[  141.583884][ T8169]  x64_sys_call+0x2999/0x2fb0
[  141.583907][ T8169]  do_syscall_64+0xd2/0x200
[  141.583924][ T8169]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  141.584017][ T8169]  ? clear_bhb_loop+0x40/0x90
[  141.584041][ T8169]  ? clear_bhb_loop+0x40/0x90
[  141.584066][ T8169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.584160][ T8169] RIP: 0033:0x7f7d966ce9a9
[  141.584175][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.584192][ T8169] RSP: 002b:00007f7d94d2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.584239][ T8169] RAX: ffffffffffffffda RBX: 00007f7d968f5fa0 RCX: 00007f7d966ce9a9
[  141.584255][ T8169] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 000000000000000a
[  141.584270][ T8169] RBP: 00007f7d94d2f090 R08: 0000000000000000 R09: 0000000000000000
[  141.584287][ T8169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.584310][ T8169] R13: 0000000000000000 R14: 00007f7d968f5fa0 R15: 00007ffc5b0428f8
[  141.584329][ T8169]  </TASK>
[  141.835068][ T8174] loop7: detected capacity change from 0 to 512
[  141.877522][ T8174] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.937041][ T5374] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.963003][ T8174] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.989472][ T8176] syz.2.1303 (8176) used greatest stack depth: 9528 bytes left
[  142.030704][ T5374] bridge0: port 3(syz_tun) entered disabled state
[  142.043569][ T8174] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.044802][ T5374] syz_tun (unregistering): left allmulticast mode
[  142.063812][ T5374] syz_tun (unregistering): left promiscuous mode
[  142.070196][ T5374] bridge0: port 3(syz_tun) entered disabled state
[  142.102697][ T8174] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.118995][ T8174] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.134683][   T29] kauditd_printk_skb: 355 callbacks suppressed
[  142.134697][   T29] audit: type=1400 audit(1753680296.262:5594): avc:  denied  { mounton } for  pid=8173 comm="syz.7.1302" path="/56/file1/file0" dev="loop7" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  142.184716][ T8174] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.196995][ T8188] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.214939][ T8174] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.227923][ T8188] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.229525][   T29] audit: type=1400 audit(1753680296.342:5595): avc:  denied  { read } for  pid=8173 comm="syz.7.1302" name="file1" dev="loop7" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.250345][ T8190] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.287510][ T8188] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.305354][ T8174] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.316356][ T8190] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.336262][   T29] audit: type=1400 audit(1753680296.462:5596): avc:  denied  { setattr } for  pid=8173 comm="syz.7.1302" name="file1" dev="loop7" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.369826][ T8188] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.382061][ T8190] EXT4-fs error (device loop7): ext4_xattr_block_find:1869: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.444436][ T3333] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.456495][ T8191] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.484271][ T8188] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.506908][ T8191] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.581855][ T8191] EXT4-fs error (device loop7): ext4_xattr_block_find:1869: inode #15: comm syz.7.1302: corrupted xattr block 19: overlapping e_value 
[  142.599419][ T8188] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  142.609184][ T3333] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.663227][   T29] audit: type=1400 audit(1753680296.782:5597): avc:  denied  { mounton } for  pid=8196 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  142.691039][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.837349][ T8182] Set syz1 is full, maxelem 65536 reached
[  142.851693][ T3333] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.912727][ T8210] x_tables: duplicate underflow at hook 2
[  142.919760][ T3333] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.004916][   T29] audit: type=1400 audit(1753680297.132:5598): avc:  denied  { create } for  pid=8211 comm="syz.2.1313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  143.054838][   T29] audit: type=1400 audit(1753680297.152:5599): avc:  denied  { sys_admin } for  pid=8211 comm="syz.2.1313" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  143.076682][   T29] audit: type=1326 audit(1753680297.162:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8217 comm="syz.7.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  143.101054][   T29] audit: type=1326 audit(1753680297.162:5601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8217 comm="syz.7.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  143.125588][   T29] audit: type=1326 audit(1753680297.172:5602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8217 comm="syz.7.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  143.149558][   T29] audit: type=1326 audit(1753680297.172:5603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8217 comm="syz.7.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  143.185056][ T3333] bridge_slave_1: left allmulticast mode
[  143.190781][ T3333] bridge_slave_1: left promiscuous mode
[  143.196763][ T3333] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.216757][ T8218] loop7: detected capacity change from 0 to 512
[  143.243872][ T8237] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1317'.
[  143.259229][ T8218] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  143.281641][ T3333] bridge_slave_0: left allmulticast mode
[  143.287467][ T3333] bridge_slave_0: left promiscuous mode
[  143.293234][ T3333] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.317314][ T8218] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.337847][ T8246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1317'.
[  143.376704][ T8243] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1318'.
[  143.388054][ T8218] ext4 filesystem being mounted at /59/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  143.410629][ T8218] EXT4-fs error (device loop7): ext4_lookup:1787: inode #12: comm syz.7.1315: iget: bad i_size value: 2533274857506816
[  143.474420][ T3333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  143.488242][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.524346][ T3333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  143.537347][ T3333] bond0 (unregistering): Released all slaves
[  143.557282][ T3333] bond1 (unregistering): Released all slaves
[  143.567544][ T3333] bond2 (unregistering): (slave veth3): Releasing backup interface
[  143.576926][ T3333] bond2 (unregistering): (slave vlan2): Releasing backup interface
[  143.598608][ T3333] veth1: left promiscuous mode
[  143.605211][ T3333] bond2 (unregistering): Released all slaves
[  143.688317][ T3333] hsr_slave_0: left promiscuous mode
[  143.694960][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.702580][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.712255][ T3333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.719846][ T3333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.736342][ T3333] veth1_macvtap: left promiscuous mode
[  143.743346][ T3333] veth0_macvtap: left promiscuous mode
[  143.748990][ T3333] veth1_vlan: left promiscuous mode
[  143.756432][ T3333] veth0_vlan: left promiscuous mode
[  143.877539][ T3333] team0 (unregistering): Port device team_slave_1 removed
[  143.899668][ T3333] team0 (unregistering): Port device team_slave_0 removed
[  143.913851][   T51] smc: removing ib device syz!
[  143.962126][ T8196] chnl_net:caif_netlink_parms(): no params data found
[  144.101946][ T8275] x_tables: ip6_tables: mh match: only valid for protocol 135
[  144.115584][ T8196] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.123190][ T8196] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.133548][ T8196] bridge_slave_0: entered allmulticast mode
[  144.173750][ T8196] bridge_slave_0: entered promiscuous mode
[  144.192644][ T8196] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.199797][ T8196] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.236924][ T8196] bridge_slave_1: entered allmulticast mode
[  144.245854][ T8196] bridge_slave_1: entered promiscuous mode
[  144.285552][ T8196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  144.313761][ T8287] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8287 comm=syz.6.1326
[  144.328847][ T8196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  144.375950][ T8291] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1327'.
[  144.425103][ T8196] team0: Port device team_slave_0 added
[  144.442841][ T8196] team0: Port device team_slave_1 added
[  144.476970][ T8302] loop7: detected capacity change from 0 to 512
[  144.491007][ T8196] batman_adv: batadv0: Adding interface: batadv_slave_0
[  144.498139][ T8196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.521237][ T8302] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.524958][ T8196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  144.550115][ T8196] batman_adv: batadv0: Adding interface: batadv_slave_1
[  144.557229][ T8196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  144.583866][ T8196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.619975][ T8196] hsr_slave_0: entered promiscuous mode
[  144.626264][ T8196] hsr_slave_1: entered promiscuous mode
[  144.632677][ T8196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  144.640572][ T8196] Cannot create hsr debugfs directory
[  144.810750][ T8196] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  144.825741][ T8196] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  144.848662][ T8196] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  144.858258][ T8196] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  144.906178][ T8331] loop5: detected capacity change from 0 to 512
[  144.929170][ T8331] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.976699][ T8196] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.999099][ T8196] 8021q: adding VLAN 0 to HW filter on device team0
[  145.015309][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.022535][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.046560][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.053733][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.078504][ T8196] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  145.108342][ T8340] __nla_validate_parse: 2 callbacks suppressed
[  145.108362][ T8340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1330'.
[  145.192935][ T8351] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1330'.
[  145.198619][ T8196] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.230223][ T8351] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1330'.
[  145.289585][ T8355] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1331'.
[  145.375442][ T8363] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1331'.
[  145.775950][ T8196] veth0_vlan: entered promiscuous mode
[  145.800751][ T8196] veth1_vlan: entered promiscuous mode
[  145.849922][ T8196] veth0_macvtap: entered promiscuous mode
[  145.880043][ T8196] veth1_macvtap: entered promiscuous mode
[  145.890013][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.923369][ T8196] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.968714][ T8196] batman_adv: batadv0: Interface activated: batadv_slave_1
[  146.006841][ T8196] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.015742][ T8196] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.024551][ T8196] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.033360][ T8196] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  146.235377][ T8406] loop6: detected capacity change from 0 to 164
[  146.260545][ T8406] Unable to read rock-ridge attributes
[  146.277694][ T8406] Unable to read rock-ridge attributes
[  146.319864][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.332790][ T8417] x_tables: duplicate underflow at hook 2
[  146.344127][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1338'.
[  146.401095][ T8424] x_tables: duplicate underflow at hook 2
[  146.425706][ T8428] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1338'.
[  146.483829][ T8433] loop2: detected capacity change from 0 to 128
[  146.503857][ T8435] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1343'.
[  146.515465][ T8439] x_tables: duplicate underflow at hook 2
[  146.581430][ T8449] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1343'.
[  146.644456][ T8458] Set syz1 is full, maxelem 65536 reached
[  146.706216][ T8465] x_tables: duplicate underflow at hook 2
[  146.759128][ T8468] loop2: detected capacity change from 0 to 164
[  146.774656][ T8468] Unable to read rock-ridge attributes
[  146.784454][ T8468] Unable to read rock-ridge attributes
[  146.943061][ T8484] x_tables: duplicate underflow at hook 2
[  147.007054][ T8493] loop2: detected capacity change from 0 to 128
[  147.156716][ T8506] loop2: detected capacity change from 0 to 512
[  147.164528][   T29] kauditd_printk_skb: 217 callbacks suppressed
[  147.164543][   T29] audit: type=1326 audit(1753680301.292:5821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.204333][   T51] dummy0: left promiscuous mode
[  147.206229][   T29] audit: type=1326 audit(1753680301.292:5822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.233354][   T29] audit: type=1326 audit(1753680301.322:5823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.257531][   T29] audit: type=1326 audit(1753680301.322:5824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.281687][   T29] audit: type=1326 audit(1753680301.322:5825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.305800][   T29] audit: type=1326 audit(1753680301.322:5826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.329875][   T29] audit: type=1326 audit(1753680301.322:5827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.354143][   T29] audit: type=1326 audit(1753680301.322:5828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.381561][ T8506] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.386182][ T8518] loop8: detected capacity change from 0 to 512
[  147.402194][ T8517] loop6: detected capacity change from 0 to 164
[  147.410761][   T29] audit: type=1326 audit(1753680301.332:5829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.435036][   T29] audit: type=1326 audit(1753680301.332:5830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.7.1360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  147.463350][ T8517] Unable to read rock-ridge attributes
[  147.484018][ T8518] EXT4-fs (loop8): too many log groups per flexible block group
[  147.491839][ T8518] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  147.492804][ T8520] loop7: detected capacity change from 0 to 512
[  147.498798][ T8518] EXT4-fs (loop8): mount failed
[  147.520717][ T8517] Unable to read rock-ridge attributes
[  147.563298][ T8520] EXT4-fs (loop7): too many log groups per flexible block group
[  147.571062][ T8520] EXT4-fs (loop7): failed to initialize mballoc (-12)
[  147.604397][ T8520] EXT4-fs (loop7): mount failed
[  147.692610][ T8533] x_tables: duplicate underflow at hook 2
[  147.766628][ T8538] loop7: detected capacity change from 0 to 8192
[  147.798503][ T8544] loop6: detected capacity change from 0 to 128
[  147.929574][ T8553] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1374'.
[  148.285369][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.408484][ T8568] loop2: detected capacity change from 0 to 164
[  148.416470][ T8568] Unable to read rock-ridge attributes
[  148.424406][ T8568] Unable to read rock-ridge attributes
[  148.594150][ T8574] loop8: detected capacity change from 0 to 1024
[  148.606009][ T8574] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.636127][ T8574] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.1379: Allocating blocks 497-513 which overlap fs metadata
[  148.654632][ T8574] EXT4-fs (loop8): pa ffff888106a6c4d0: logic 256, phys. 369, len 9
[  148.662875][ T8574] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  148.955486][ T8574] EXT4-fs error (device loop8): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  149.084544][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.133498][ T8592] loop8: detected capacity change from 0 to 128
[  149.154974][ T8593] loop6: detected capacity change from 0 to 128
[  149.209749][ T8596] loop7: detected capacity change from 0 to 512
[  149.210191][ T8598] loop8: detected capacity change from 0 to 512
[  149.258246][ T8596] EXT4-fs (loop7): too many log groups per flexible block group
[  149.266025][ T8596] EXT4-fs (loop7): failed to initialize mballoc (-12)
[  149.286789][ T8598] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.321453][ T8596] EXT4-fs (loop7): mount failed
[  149.398680][ T8607] loop2: detected capacity change from 0 to 512
[  149.436804][ T8607] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.494515][ T8607] ext4 filesystem being mounted at /291/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.541221][ T8607] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.563997][ T8607] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.574649][ T8607] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.597007][ T8607] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.606384][ T8607] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.623835][ T8621] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.647466][ T8607] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.657539][ T8621] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.684650][ T8621] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.687281][ T8627] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.710701][ T8621] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.723605][ T8621] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.724817][ T8627] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.759900][ T8627] EXT4-fs error (device loop2): ext4_xattr_block_find:1869: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.778832][ T8607] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.800526][ T8607] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.809893][ T8607] EXT4-fs error (device loop2): ext4_xattr_block_find:1869: inode #15: comm syz.2.1388: corrupted xattr block 19: overlapping e_value 
[  149.812722][ T8630] loop6: detected capacity change from 0 to 1024
[  149.827723][ T8621] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  149.855436][ T8630] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.870573][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.874269][ T8630] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.1393: Allocating blocks 497-513 which overlap fs metadata
[  149.904144][ T8630] EXT4-fs (loop6): pa ffff888106a6c4d0: logic 256, phys. 369, len 9
[  149.912371][ T8630] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  149.924827][ T8630] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  149.955793][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.015215][ T8640] loop6: detected capacity change from 0 to 128
[  150.277329][ T8651] __nla_validate_parse: 4 callbacks suppressed
[  150.277352][ T8651] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1401'.
[  150.344726][ T8655] netlink: 204 bytes leftover after parsing attributes in process `syz.7.1403'.
[  150.604186][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.714577][ T8661] loop7: detected capacity change from 0 to 512
[  150.755064][ T8661] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.824134][ T8663] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1404'.
[  150.831082][ T8666] loop5: detected capacity change from 0 to 8192
[  150.857826][ T8663] hsr_slave_1 (unregistering): left promiscuous mode
[  150.868719][ T8668] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.1407'.
[  150.911373][ T8668] FAULT_INJECTION: forcing a failure.
[  150.911373][ T8668] name failslab, interval 1, probability 0, space 0, times 0
[  150.924321][ T8668] CPU: 0 UID: 0 PID: 8668 Comm: syz.6.1407 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  150.924349][ T8668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.924395][ T8668] Call Trace:
[  150.924403][ T8668]  <TASK>
[  150.924413][ T8668]  __dump_stack+0x1d/0x30
[  150.924436][ T8668]  dump_stack_lvl+0xe8/0x140
[  150.924455][ T8668]  dump_stack+0x15/0x1b
[  150.924470][ T8668]  should_fail_ex+0x265/0x280
[  150.924540][ T8668]  should_failslab+0x8c/0xb0
[  150.924568][ T8668]  kmem_cache_alloc_noprof+0x50/0x310
[  150.924667][ T8668]  ? skb_clone+0x151/0x1f0
[  150.924688][ T8668]  skb_clone+0x151/0x1f0
[  150.924707][ T8668]  __netlink_deliver_tap+0x2c9/0x500
[  150.924730][ T8668]  netlink_dump+0x7f8/0x850
[  150.924786][ T8668]  __netlink_dump_start+0x43e/0x520
[  150.924820][ T8668]  ? __pfx_tc_dump_qdisc+0x10/0x10
[  150.924859][ T8668]  rtnetlink_rcv_msg+0x552/0x6d0
[  150.924881][ T8668]  ? __pfx_tc_dump_qdisc+0x10/0x10
[  150.924982][ T8668]  ? __pfx_rtnl_dumpit+0x10/0x10
[  150.925003][ T8668]  ? __pfx_tc_dump_qdisc+0x10/0x10
[  150.925030][ T8668]  netlink_rcv_skb+0x123/0x220
[  150.925192][ T8668]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  150.925223][ T8668]  rtnetlink_rcv+0x1c/0x30
[  150.925266][ T8668]  netlink_unicast+0x5a8/0x680
[  150.925308][ T8668]  netlink_sendmsg+0x58b/0x6b0
[  150.925349][ T8668]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.925369][ T8668]  __sock_sendmsg+0x142/0x180
[  150.925395][ T8668]  sock_write_iter+0x165/0x1b0
[  150.925421][ T8668]  ? __pfx_sock_write_iter+0x10/0x10
[  150.925507][ T8668]  vfs_write+0x4a0/0x8e0
[  150.925543][ T8668]  ksys_write+0xda/0x1a0
[  150.925577][ T8668]  __x64_sys_write+0x40/0x50
[  150.925654][ T8668]  x64_sys_call+0x2cdd/0x2fb0
[  150.925675][ T8668]  do_syscall_64+0xd2/0x200
[  150.925694][ T8668]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  150.925725][ T8668]  ? clear_bhb_loop+0x40/0x90
[  150.925823][ T8668]  ? clear_bhb_loop+0x40/0x90
[  150.925845][ T8668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.925867][ T8668] RIP: 0033:0x7f7d966ce9a9
[  150.925882][ T8668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.925926][ T8668] RSP: 002b:00007f7d94d2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  150.925945][ T8668] RAX: ffffffffffffffda RBX: 00007f7d968f5fa0 RCX: 00007f7d966ce9a9
[  150.925957][ T8668] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000005
[  150.926026][ T8668] RBP: 00007f7d94d2f090 R08: 0000000000000000 R09: 0000000000000000
[  150.926038][ T8668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.926050][ T8668] R13: 0000000000000000 R14: 00007f7d968f5fa0 R15: 00007ffc5b0428f8
[  150.926069][ T8668]  </TASK>
[  151.367117][ T8686] loop5: detected capacity change from 0 to 764
[  151.389429][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.397718][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.405186][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.477339][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.484892][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.493079][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.500584][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.508115][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.516354][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.523893][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.531366][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.539601][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.547062][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.555164][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.601715][ T8686] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1413'.
[  151.606840][ T8701] 9pnet_fd: Insufficient options for proto=fd
[  151.699468][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.706951][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.715180][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.722715][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.730181][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.738425][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.745938][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.754172][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.761628][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.769285][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.777488][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.785000][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.793106][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.800537][ T3380] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  151.810943][ T8693] loop8: detected capacity change from 0 to 8192
[  151.818583][ T8686] bond0: Unable to set down delay as MII monitoring is disabled
[  151.826968][ T3380] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v8.00 Device [syz1] on syz0
[  151.861078][ T8703] fido_id[8703]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  151.907382][ T8707] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8707 comm=syz.2.1417
[  151.929945][ T8705] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1416'.
[  151.947443][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.018399][ T8714] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1416'.
[  152.022353][ T8716] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1418'.
[  152.029578][ T8714] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1416'.
[  152.050067][ T8715] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1420'.
[  152.058971][ T8716] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  152.068359][ T8716] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  152.078338][ T8716] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  152.087208][ T8716] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  152.106092][ T8716] vxlan0: entered promiscuous mode
[  152.164418][ T8724] loop6: detected capacity change from 0 to 1024
[  152.186767][ T8724] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.189666][ T8730] loop8: detected capacity change from 0 to 512
[  152.220220][ T8724] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.1424: Allocating blocks 497-513 which overlap fs metadata
[  152.235568][ T8730] EXT4-fs (loop8): too many log groups per flexible block group
[  152.237336][ T8724] EXT4-fs (loop6): pa ffff888106a29a80: logic 256, phys. 369, len 9
[  152.243309][ T8730] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  152.251503][ T8724] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  152.260442][ T8730] EXT4-fs (loop8): mount failed
[  152.276885][ T8724] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  152.309710][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.340372][ T8736] loop6: detected capacity change from 0 to 512
[  152.351009][ T8736] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.393366][ T8738] 9pnet_fd: Insufficient options for proto=fd
[  152.809337][   T29] kauditd_printk_skb: 162 callbacks suppressed
[  152.809353][   T29] audit: type=1400 audit(1753680306.932:5993): avc:  denied  { unmount } for  pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  152.862605][ T8753] loop5: detected capacity change from 0 to 512
[  152.872703][   T29] audit: type=1400 audit(1753680307.002:5994): avc:  denied  { create } for  pid=8754 comm="syz.2.1429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  152.893510][   T29] audit: type=1400 audit(1753680307.022:5995): avc:  denied  { setopt } for  pid=8754 comm="syz.2.1429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  152.925035][ T8753] EXT4-fs (loop5): too many log groups per flexible block group
[  152.933661][ T8753] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  152.987110][ T8753] EXT4-fs (loop5): mount failed
[  153.018092][   T29] audit: type=1400 audit(1753680307.132:5996): avc:  denied  { map } for  pid=8763 comm="syz.7.1431" path="socket:[22048]" dev="sockfs" ino=22048 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  153.042295][   T29] audit: type=1400 audit(1753680307.132:5997): avc:  denied  { read } for  pid=8763 comm="syz.7.1431" path="socket:[22048]" dev="sockfs" ino=22048 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  153.161612][ T8772] loop7: detected capacity change from 0 to 512
[  153.199627][ T8772] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  153.237570][ T8772] EXT4-fs (loop7): 1 truncate cleaned up
[  153.264108][ T8772] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.319048][   T29] audit: type=1400 audit(1753680307.442:5998): avc:  denied  { ioctl } for  pid=8776 comm="syz.2.1437" path="socket:[22932]" dev="sockfs" ino=22932 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  153.408886][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.453180][ T8785] loop8: detected capacity change from 0 to 8192
[  153.469141][ T8790] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  153.508252][   T29] audit: type=1400 audit(1753680307.622:5999): avc:  denied  { bind } for  pid=8789 comm="syz.6.1440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  153.564133][ T8797] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  153.609157][ T8801] sctp: [Deprecated]: syz.8.1444 (pid 8801) Use of struct sctp_assoc_value in delayed_ack socket option.
[  153.609157][ T8801] Use struct sctp_sack_info instead
[  153.680445][ T4775] kernel write not supported for file /context (pid: 4775 comm: kworker/0:3)
[  153.886067][   T29] audit: type=1400 audit(1753680308.012:6000): avc:  denied  { getopt } for  pid=8809 comm="syz.8.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  153.975383][   T29] audit: type=1400 audit(1753680308.042:6001): avc:  denied  { ioctl } for  pid=8809 comm="syz.8.1446" path="socket:[23016]" dev="sockfs" ino=23016 ioctlcmd=0x9360 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  154.000294][   T29] audit: type=1400 audit(1753680308.052:6002): avc:  denied  { create } for  pid=8809 comm="syz.8.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  154.129731][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.151668][ T8818] loop8: detected capacity change from 0 to 512
[  154.172024][ T8818] EXT4-fs: Ignoring removed nomblk_io_submit option
[  154.196443][ T8818] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  154.208867][ T8823] loop7: detected capacity change from 0 to 512
[  154.228768][ T8823] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.240997][ T8825] loop6: detected capacity change from 0 to 1024
[  154.257192][ T8818] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.270974][ T8818] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.293714][ T8818] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  154.314996][ T8825] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.355837][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.356443][ T8825] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.1452: Allocating blocks 497-513 which overlap fs metadata
[  154.384489][ T8825] EXT4-fs (loop6): pa ffff888106a6c5b0: logic 256, phys. 369, len 9
[  154.392639][ T8825] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  154.406245][ T8825] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  154.441156][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.695885][ T8860] FAULT_INJECTION: forcing a failure.
[  154.695885][ T8860] name failslab, interval 1, probability 0, space 0, times 0
[  154.709558][ T8860] CPU: 1 UID: 0 PID: 8860 Comm: +}[@ Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  154.709667][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.709683][ T8860] Call Trace:
[  154.709691][ T8860]  <TASK>
[  154.709699][ T8860]  __dump_stack+0x1d/0x30
[  154.709725][ T8860]  dump_stack_lvl+0xe8/0x140
[  154.709802][ T8860]  dump_stack+0x15/0x1b
[  154.709824][ T8860]  should_fail_ex+0x265/0x280
[  154.709858][ T8860]  should_failslab+0x8c/0xb0
[  154.709894][ T8860]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  154.709929][ T8860]  ? __d_alloc+0x3d/0x350
[  154.709959][ T8860]  __d_alloc+0x3d/0x350
[  154.710054][ T8860]  ? mpol_shared_policy_init+0xbd/0x4c0
[  154.710093][ T8860]  d_alloc_pseudo+0x1e/0x80
[  154.710152][ T8860]  alloc_file_pseudo+0x71/0x160
[  154.710178][ T8860]  __shmem_file_setup+0x1de/0x210
[  154.710261][ T8860]  shmem_file_setup+0x3b/0x50
[  154.710296][ T8860]  __se_sys_memfd_create+0x2c3/0x590
[  154.710378][ T8860]  __x64_sys_memfd_create+0x31/0x40
[  154.710413][ T8860]  x64_sys_call+0x122f/0x2fb0
[  154.710452][ T8860]  do_syscall_64+0xd2/0x200
[  154.710475][ T8860]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  154.710544][ T8860]  ? clear_bhb_loop+0x40/0x90
[  154.710571][ T8860]  ? clear_bhb_loop+0x40/0x90
[  154.710591][ T8860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.710613][ T8860] RIP: 0033:0x7f7d966ce9a9
[  154.710632][ T8860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.710696][ T8860] RSP: 002b:00007f7d94d2ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  154.710719][ T8860] RAX: ffffffffffffffda RBX: 0000000000000702 RCX: 00007f7d966ce9a9
[  154.710735][ T8860] RDX: 00007f7d94d2eef0 RSI: 0000000000000000 RDI: 00007f7d967516fc
[  154.710750][ T8860] RBP: 0000200000001780 R08: 00007f7d94d2ebb7 R09: 00007f7d94d2ee40
[  154.710766][ T8860] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000280
[  154.710788][ T8860] R13: 00007f7d94d2eef0 R14: 00007f7d94d2eeb0 R15: 00002000000000c0
[  154.710811][ T8860]  </TASK>
[  154.996965][ T8863] loop6: detected capacity change from 0 to 512
[  155.014557][ T8863] EXT4-fs error (device loop6): ext4_orphan_get:1393: inode #15: comm syz.6.1465: casefold flag without casefold feature
[  155.039899][ T8863] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.1465: couldn't read orphan inode 15 (err -117)
[  155.067929][ T8863] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.083191][ T8823] syz.7.1451 (8823) used greatest stack depth: 9288 bytes left
[  155.099341][ T8867] loop5: detected capacity change from 0 to 128
[  155.107415][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.213028][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.271120][ T8872] loop5: detected capacity change from 0 to 1024
[  155.301237][ T8872] EXT4-fs: Ignoring removed orlov option
[  155.327226][ T8883] __nla_validate_parse: 4 callbacks suppressed
[  155.327241][ T8883] netlink: 44 bytes leftover after parsing attributes in process `syz.7.1469'.
[  155.357369][ T8872] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.375089][ T8875] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  155.405051][ T8885] loop8: detected capacity change from 0 to 512
[  155.426650][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.439351][ T8885] EXT4-fs (loop8): too many log groups per flexible block group
[  155.447238][ T8885] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  155.455000][ T8885] EXT4-fs (loop8): mount failed
[  155.549671][ T8899] FAULT_INJECTION: forcing a failure.
[  155.549671][ T8899] name failslab, interval 1, probability 0, space 0, times 0
[  155.563156][ T8899] CPU: 1 UID: 0 PID: 8899 Comm: syz.8.1477 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  155.563270][ T8899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.563287][ T8899] Call Trace:
[  155.563296][ T8899]  <TASK>
[  155.563305][ T8899]  __dump_stack+0x1d/0x30
[  155.563364][ T8899]  dump_stack_lvl+0xe8/0x140
[  155.563386][ T8899]  dump_stack+0x15/0x1b
[  155.563405][ T8899]  should_fail_ex+0x265/0x280
[  155.563459][ T8899]  should_failslab+0x8c/0xb0
[  155.563483][ T8899]  kmem_cache_alloc_node_noprof+0x57/0x320
[  155.563516][ T8899]  ? __alloc_skb+0x101/0x320
[  155.563634][ T8899]  __alloc_skb+0x101/0x320
[  155.563666][ T8899]  ? audit_log_start+0x365/0x6c0
[  155.563767][ T8899]  audit_log_start+0x380/0x6c0
[  155.563805][ T8899]  ? strncpy_from_user+0x1eb/0x230
[  155.563914][ T8899]  audit_seccomp+0x48/0x100
[  155.563944][ T8899]  ? __seccomp_filter+0x68c/0x10d0
[  155.563965][ T8899]  __seccomp_filter+0x69d/0x10d0
[  155.564003][ T8899]  ? update_load_avg+0x1da/0x820
[  155.564039][ T8899]  ? __list_add_valid_or_report+0x38/0xe0
[  155.564084][ T8899]  ? __set_next_task_fair+0x5b/0x150
[  155.564111][ T8899]  ? tracing_record_taskinfo_sched_switch+0x71/0x260
[  155.564185][ T8899]  ? _raw_spin_unlock+0x26/0x50
[  155.564214][ T8899]  __secure_computing+0x82/0x150
[  155.564238][ T8899]  syscall_trace_enter+0xcf/0x1e0
[  155.564360][ T8899]  do_syscall_64+0xac/0x200
[  155.564379][ T8899]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  155.564403][ T8899]  ? clear_bhb_loop+0x40/0x90
[  155.564425][ T8899]  ? clear_bhb_loop+0x40/0x90
[  155.564505][ T8899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.564587][ T8899] RIP: 0033:0x7fd9469cd3bc
[  155.564602][ T8899] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  155.564619][ T8899] RSP: 002b:00007fd94502f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  155.564643][ T8899] RAX: ffffffffffffffda RBX: 00007fd946bf5fa0 RCX: 00007fd9469cd3bc
[  155.564658][ T8899] RDX: 000000000000000f RSI: 00007fd94502f0a0 RDI: 0000000000000005
[  155.564673][ T8899] RBP: 00007fd94502f090 R08: 0000000000000000 R09: 0000000000000000
[  155.564708][ T8899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.564719][ T8899] R13: 0000000000000000 R14: 00007fd946bf5fa0 R15: 00007ffc6955ad08
[  155.564737][ T8899]  </TASK>
[  155.580417][ T8903] loop5: detected capacity change from 0 to 512
[  155.610105][ T8901] loop6: detected capacity change from 0 to 128
[  155.635586][ T8903] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.654578][ T8906] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1480'.
[  155.907826][   T31] kworker/u8:1: attempt to access beyond end of device
[  155.907826][   T31] loop6: rw=1, sector=657, nr_sectors = 384 limit=128
[  156.170709][ T8923] FAULT_INJECTION: forcing a failure.
[  156.170709][ T8923] name failslab, interval 1, probability 0, space 0, times 0
[  156.184167][ T8923] CPU: 1 UID: 0 PID: 8923 Comm: syz.7.1486 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  156.184196][ T8923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.184275][ T8923] Call Trace:
[  156.184284][ T8923]  <TASK>
[  156.184294][ T8923]  __dump_stack+0x1d/0x30
[  156.184321][ T8923]  dump_stack_lvl+0xe8/0x140
[  156.184345][ T8923]  dump_stack+0x15/0x1b
[  156.184363][ T8923]  should_fail_ex+0x265/0x280
[  156.184401][ T8923]  ? alloc_netdev_mqs+0x829/0xab0
[  156.184424][ T8923]  should_failslab+0x8c/0xb0
[  156.184491][ T8923]  __kmalloc_cache_noprof+0x4c/0x320
[  156.184529][ T8923]  alloc_netdev_mqs+0x829/0xab0
[  156.184556][ T8923]  slip_open+0x2d1/0x920
[  156.184600][ T8923]  ? vfree+0x295/0x3a0
[  156.184631][ T8923]  ? up_write+0x18/0x60
[  156.184678][ T8923]  tty_ldisc_open+0x5a/0xb0
[  156.184713][ T8923]  tty_set_ldisc+0x1db/0x380
[  156.184740][ T8923]  tiocsetd+0x51/0x60
[  156.184852][ T8923]  tty_ioctl+0xa7f/0xb80
[  156.184888][ T8923]  ? __pfx_tty_ioctl+0x10/0x10
[  156.184925][ T8923]  __se_sys_ioctl+0xce/0x140
[  156.184995][ T8923]  __x64_sys_ioctl+0x43/0x50
[  156.185030][ T8923]  x64_sys_call+0x19a8/0x2fb0
[  156.185057][ T8923]  do_syscall_64+0xd2/0x200
[  156.185075][ T8923]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  156.185099][ T8923]  ? clear_bhb_loop+0x40/0x90
[  156.185127][ T8923]  ? clear_bhb_loop+0x40/0x90
[  156.185163][ T8923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.185268][ T8923] RIP: 0033:0x7fef9bbee9a9
[  156.185285][ T8923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.185304][ T8923] RSP: 002b:00007fef9a24f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.185326][ T8923] RAX: ffffffffffffffda RBX: 00007fef9be15fa0 RCX: 00007fef9bbee9a9
[  156.185371][ T8923] RDX: 00002000000002c0 RSI: 0000000000005423 RDI: 0000000000000006
[  156.185387][ T8923] RBP: 00007fef9a24f090 R08: 0000000000000000 R09: 0000000000000000
[  156.185403][ T8923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.185419][ T8923] R13: 0000000000000000 R14: 00007fef9be15fa0 R15: 00007ffc178f7ec8
[  156.185445][ T8923]  </TASK>
[  156.616575][ T8920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  156.747128][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.838915][ T8948] loop5: detected capacity change from 0 to 164
[  156.848528][ T8951] loop6: detected capacity change from 0 to 128
[  156.897847][ T8948] Unable to read rock-ridge attributes
[  156.907301][ T8953] loop8: detected capacity change from 0 to 512
[  156.922921][ T8948] Unable to read rock-ridge attributes
[  156.955078][ T8953] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  156.984530][ T8957] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1495'.
[  157.003368][ T8953] EXT4-fs (loop8): 1 truncate cleaned up
[  157.021266][ T8962] loop5: detected capacity change from 0 to 512
[  157.029123][ T8953] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.057685][ T8957] hsr_slave_1 (unregistering): left promiscuous mode
[  157.066885][ T8962] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.337139][ T8985] loop6: detected capacity change from 0 to 512
[  157.365965][ T8985] EXT4-fs (loop6): too many log groups per flexible block group
[  157.373878][ T8985] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  157.401161][ T8985] EXT4-fs (loop6): mount failed
[  157.753525][ T9015] veth1_to_bond: entered allmulticast mode
[  157.809599][ T9014] veth1_to_bond: left allmulticast mode
[  157.826522][ T9023] loop7: detected capacity change from 0 to 164
[  157.884618][ T9023] Unable to read rock-ridge attributes
[  157.937122][ T9032] Set syz1 is full, maxelem 65536 reached
[  157.948798][ T9023] Unable to read rock-ridge attributes
[  158.055676][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.195229][ T9057] loop5: detected capacity change from 0 to 512
[  158.228204][ T9056] FAULT_INJECTION: forcing a failure.
[  158.228204][ T9056] name failslab, interval 1, probability 0, space 0, times 0
[  158.240963][ T9056] CPU: 0 UID: 0 PID: 9056 Comm: syz.7.1514 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  158.240993][ T9056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.241008][ T9056] Call Trace:
[  158.241017][ T9056]  <TASK>
[  158.241028][ T9056]  __dump_stack+0x1d/0x30
[  158.241051][ T9056]  dump_stack_lvl+0xe8/0x140
[  158.241124][ T9056]  dump_stack+0x15/0x1b
[  158.241148][ T9056]  should_fail_ex+0x265/0x280
[  158.241192][ T9056]  should_failslab+0x8c/0xb0
[  158.241270][ T9056]  kmem_cache_alloc_node_noprof+0x57/0x320
[  158.241309][ T9056]  ? __alloc_skb+0x101/0x320
[  158.241409][ T9056]  __alloc_skb+0x101/0x320
[  158.241524][ T9056]  fdb_notify+0x6e/0x120
[  158.241555][ T9056]  fdb_delete+0x686/0x820
[  158.241593][ T9056]  fdb_delete_local+0x230/0x2f0
[  158.241639][ T9056]  br_fdb_changeaddr+0xf3/0x260
[  158.241676][ T9056]  br_device_event+0x3f8/0x5f0
[  158.241742][ T9056]  ? __pfx_br_device_event+0x10/0x10
[  158.241769][ T9056]  raw_notifier_call_chain+0x6c/0x1b0
[  158.241795][ T9056]  ? call_netdevice_notifiers_info+0x9c/0x100
[  158.241825][ T9056]  call_netdevice_notifiers_info+0xae/0x100
[  158.241858][ T9056]  netif_set_mac_address+0x204/0x260
[  158.241952][ T9056]  dev_set_mac_address_user+0xd7/0x190
[  158.241988][ T9056]  dev_ifsioc+0x9b3/0xaa0
[  158.242009][ T9056]  ? __rcu_read_unlock+0x4f/0x70
[  158.242057][ T9056]  dev_ioctl+0x70a/0x960
[  158.242082][ T9056]  sock_do_ioctl+0x197/0x220
[  158.242130][ T9056]  sock_ioctl+0x41b/0x610
[  158.242160][ T9056]  ? __pfx_sock_ioctl+0x10/0x10
[  158.242266][ T9056]  __se_sys_ioctl+0xce/0x140
[  158.242330][ T9056]  __x64_sys_ioctl+0x43/0x50
[  158.242363][ T9056]  x64_sys_call+0x19a8/0x2fb0
[  158.242387][ T9056]  do_syscall_64+0xd2/0x200
[  158.242409][ T9056]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  158.242438][ T9056]  ? clear_bhb_loop+0x40/0x90
[  158.242500][ T9056]  ? clear_bhb_loop+0x40/0x90
[  158.242522][ T9056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.242548][ T9056] RIP: 0033:0x7fef9bbee9a9
[  158.242566][ T9056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.242588][ T9056] RSP: 002b:00007fef9a24f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  158.242611][ T9056] RAX: ffffffffffffffda RBX: 00007fef9be15fa0 RCX: 00007fef9bbee9a9
[  158.242652][ T9056] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000007
[  158.242667][ T9056] RBP: 00007fef9a24f090 R08: 0000000000000000 R09: 0000000000000000
[  158.242685][ T9056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.242700][ T9056] R13: 0000000000000000 R14: 00007fef9be15fa0 R15: 00007ffc178f7ec8
[  158.242763][ T9056]  </TASK>
[  158.562968][ T9057] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.569542][ T9060] loop6: detected capacity change from 0 to 128
[  158.649000][ T9057] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.707063][   T29] kauditd_printk_skb: 148 callbacks suppressed
[  158.707077][   T29] audit: type=1326 audit(1753680312.832:6149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9075 comm="syz.6.1519" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7d966ce9a9 code=0x0
[  158.776079][ T9057] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1515: corrupted xattr block 19: overlapping e_value 
[  158.792727][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.803287][ T9057] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  158.832513][ T9057] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1515: corrupted xattr block 19: overlapping e_value 
[  158.846741][ T9087] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1515: corrupted xattr block 19: overlapping e_value 
[  158.883852][ T9088] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1520'.
[  158.899670][ T9057] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  158.911661][ T9087] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  158.934861][ T9057] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1515: corrupted xattr block 19: overlapping e_value 
[  158.964602][ T9057] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop5 ino=15
[  158.975004][ T9087] EXT4-fs error (device loop5): ext4_xattr_block_find:1869: inode #15: comm syz.5.1515: corrupted xattr block 19: overlapping e_value 
[  158.979053][ T9099] loop8: detected capacity change from 0 to 512
[  159.005500][ T9099] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  159.023976][   T29] audit: type=1400 audit(1753680313.152:6150): avc:  denied  { read write } for  pid=9100 comm="syz.7.1523" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  159.048695][   T29] audit: type=1400 audit(1753680313.152:6151): avc:  denied  { open } for  pid=9100 comm="syz.7.1523" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  159.075045][ T9099] EXT4-fs (loop8): 1 truncate cleaned up
[  159.086061][ T9101] netlink: 44 bytes leftover after parsing attributes in process `syz.7.1523'.
[  159.087558][ T9099] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.096822][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.158933][   T29] audit: type=1400 audit(1753680313.252:6152): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.211017][ T9101] loop7: detected capacity change from 0 to 8192
[  159.275011][ T9101]  loop7: p1 p2 < > p3 p4 < p5 >
[  159.280056][ T9101] loop7: partition table partially beyond EOD, truncated
[  159.289174][ T9101] loop7: p1 size 100663296 extends beyond EOD, truncated
[  159.317083][ T9101] loop7: p2 start 591104 is beyond EOD, truncated
[  159.323819][ T9101] loop7: p3 start 33572980 is beyond EOD, truncated
[  159.332202][ T9101] loop7: p5 size 100663296 extends beyond EOD, truncated
[  159.342070][   T29] audit: type=1400 audit(1753680313.462:6153): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.364278][   T29] audit: type=1400 audit(1753680313.462:6154): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.389772][   T29] audit: type=1400 audit(1753680313.512:6155): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.412105][   T29] audit: type=1400 audit(1753680313.512:6156): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.434409][   T29] audit: type=1400 audit(1753680313.512:6157): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.456723][   T29] audit: type=1400 audit(1753680313.512:6158): avc:  denied  { search } for  pid=9100 comm="syz.7.1523" name="/" dev="configfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  159.723110][ T9126] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1528'.
[  159.900742][ T3296] udevd[3296]: inotify_add_watch(7, /dev/loop7p5, 10) failed: No such file or directory
[  159.912015][ T8751] udevd[8751]: inotify_add_watch(7, /dev/loop7p1, 10) failed: No such file or directory
[  159.935196][ T3875] udevd[3875]: inotify_add_watch(7, /dev/loop7p4, 10) failed: No such file or directory
[  159.956174][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.049224][ T9146] loop6: detected capacity change from 0 to 512
[  160.087009][ T9146] EXT4-fs (loop6): too many log groups per flexible block group
[  160.094960][ T9146] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  160.112006][ T9151] loop5: detected capacity change from 0 to 164
[  160.141041][ T9146] EXT4-fs (loop6): mount failed
[  160.159034][ T9151] Unable to read rock-ridge attributes
[  160.177731][ T9151] Unable to read rock-ridge attributes
[  160.265074][ T9167] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1536'.
[  160.286474][ T9168] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1535'.
[  160.302617][ T9167] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1536'.
[  160.316241][ T9176] loop5: detected capacity change from 0 to 128
[  160.348146][ T9167] netlink: 21228 bytes leftover after parsing attributes in process `syz.8.1536'.
[  160.359696][ T9176] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  160.381638][ T9182] netlink: 44 bytes leftover after parsing attributes in process `syz.7.1537'.
[  160.408737][ T9176] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  160.414772][ T9186] x_tables: duplicate underflow at hook 2
[  160.478610][ T9195] loop8: detected capacity change from 0 to 512
[  160.487919][ T9180] loop6: detected capacity change from 0 to 128
[  160.503230][ T9180] EXT4-fs: Ignoring removed mblk_io_submit option
[  160.530384][ T9180] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[  160.546618][ T9180] netlink: 'syz.6.1538': attribute type 58 has an invalid length.
[  160.554754][ T9180] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1538'.
[  160.610786][ T9202] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  160.785000][ T9218] loop6: detected capacity change from 0 to 164
[  160.810062][ T9218] Unable to read rock-ridge attributes
[  160.828297][ T9218] Unable to read rock-ridge attributes
[  160.940934][ T9230] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1547'.
[  161.035992][ T9236] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1548'.
[  161.048302][ T9233] netlink: 5448 bytes leftover after parsing attributes in process `syz.6.1547'.
[  161.120681][ T9238] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[  161.129129][ T9238] tipc: Enabled bearer <udp:syz0>, priority 10
[  161.187214][ T9247] x_tables: duplicate underflow at hook 2
[  161.230978][ T9251] loop7: detected capacity change from 0 to 512
[  161.285227][ T9251] EXT4-fs (loop7): too many log groups per flexible block group
[  161.289153][ T9257] loop5: detected capacity change from 0 to 164
[  161.293076][ T9251] EXT4-fs (loop7): failed to initialize mballoc (-12)
[  161.320131][ T9257] Unable to read rock-ridge attributes
[  161.327340][ T9261] loop6: detected capacity change from 0 to 512
[  161.339740][ T9251] EXT4-fs (loop7): mount failed
[  161.363449][ T9257] Unable to read rock-ridge attributes
[  161.478094][ T9265] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1559'.
[  161.693917][ T9297] x_tables: duplicate underflow at hook 2
[  161.701208][ T9299] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9299 comm=syz.7.1569
[  161.752765][ T9303] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9303 comm=syz.7.1570
[  161.765387][ T9303] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9303 comm=syz.7.1570
[  161.767645][ T9304] loop5: detected capacity change from 0 to 512
[  161.813696][ T9304] EXT4-fs (loop5): too many log groups per flexible block group
[  161.821546][ T9304] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  161.855828][ T9304] EXT4-fs (loop5): mount failed
[  162.016514][ T9319] loop5: detected capacity change from 0 to 128
[  162.034572][ T9319] ext4: Unknown parameter 'noacl'
[  162.471506][ T8548] tipc: Node number set to 3741548174
[  162.500745][ T9319] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1576'.
[  162.599216][ T9331] loop5: detected capacity change from 0 to 1024
[  162.611042][ T9331] EXT4-fs: Ignoring removed nobh option
[  162.616710][ T9331] EXT4-fs: Ignoring removed bh option
[  162.745931][ T9341] loop5: detected capacity change from 0 to 512
[  162.791331][ T9341] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.934486][ T9352] x_tables: duplicate underflow at hook 2
[  162.999677][ T9360] loop2: detected capacity change from 0 to 164
[  163.012537][ T9358] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1592'.
[  163.035321][ T9360] Unable to read rock-ridge attributes
[  163.049881][ T9360] Unable to read rock-ridge attributes
[  163.688853][ T9385] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  163.727612][ T9385] SELinux: failed to load policy
[  163.880984][ T9388] loop5: detected capacity change from 0 to 512
[  163.921181][ T9388] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  163.978844][ T9397] x_tables: duplicate underflow at hook 2
[  164.051039][ T9402] loop6: detected capacity change from 0 to 164
[  164.062925][ T9402] Unable to read rock-ridge attributes
[  164.104536][ T9402] Unable to read rock-ridge attributes
[  164.127979][ T9408] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1604'.
[  164.160512][   T29] kauditd_printk_skb: 215 callbacks suppressed
[  164.160527][   T29] audit: type=1326 audit(1753680318.282:6374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.231480][   T29] audit: type=1326 audit(1753680318.302:6375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.255161][   T29] audit: type=1326 audit(1753680318.302:6376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.278795][   T29] audit: type=1326 audit(1753680318.302:6377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.302474][   T29] audit: type=1326 audit(1753680318.302:6378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.325998][   T29] audit: type=1326 audit(1753680318.302:6379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.349755][   T29] audit: type=1326 audit(1753680318.302:6380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.373210][   T29] audit: type=1326 audit(1753680318.302:6381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.389763][ T9423] loop7: detected capacity change from 0 to 512
[  164.396846][   T29] audit: type=1326 audit(1753680318.302:6382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.426505][   T29] audit: type=1326 audit(1753680318.302:6383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9409 comm="syz.6.1608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  164.489122][ T9423] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.536714][ T9432] x_tables: duplicate underflow at hook 2
[  164.624563][ T9436] loop2: detected capacity change from 0 to 128
[  164.745376][ T9441] loop5: detected capacity change from 0 to 512
[  165.126831][ T9449] bridge0: port 3(syz_tun) entered disabled state
[  165.133634][ T9449] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.140850][ T9449] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.198368][ T9449] usb usb7: usbfs: process 9449 (syz.2.1622) did not claim interface 0 before use
[  165.203404][ T9441] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  165.208535][ T9449] syz_tun: left allmulticast mode
[  165.222720][ T9449] syz_tun: left promiscuous mode
[  165.227865][ T9449] bridge0: port 3(syz_tun) entered disabled state
[  165.244421][ T9449] bridge_slave_1: left allmulticast mode
[  165.244448][ T9441] EXT4-fs (loop5): 1 truncate cleaned up
[  165.250111][ T9449] bridge_slave_1: left promiscuous mode
[  165.250234][ T9449] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.265725][ T9441] EXT4-fs mount: 13 callbacks suppressed
[  165.265747][ T9441] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.297489][ T9449] bridge_slave_0: left allmulticast mode
[  165.304078][ T9449] bridge_slave_0: left promiscuous mode
[  165.309834][ T9449] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.368857][ T9457] __nla_validate_parse: 1 callbacks suppressed
[  165.368876][ T9457] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1625'.
[  165.472865][ T9460] loop2: detected capacity change from 0 to 512
[  165.508346][ T9460] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.547419][ T9460] ext4 filesystem being mounted at /352/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.649646][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.685198][ T9473] loop8: detected capacity change from 0 to 512
[  165.698600][ T9473] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.747644][ T9476] x_tables: duplicate underflow at hook 2
[  165.791835][ T9462] infiniband syz!: set down
[  165.796467][ T9462] infiniband syz!: added team_slave_0
[  165.830612][ T9462] RDS/IB: syz!: added
[  165.839733][ T9480] loop2: detected capacity change from 0 to 128
[  165.847429][ T9462] smc: adding ib device syz! with port count 1
[  165.853831][ T9462] smc:    ib device syz! port 1 has pnetid 
[  166.612291][ T9493] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1637'.
[  166.663559][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.800820][ T9498] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1638'.
[  166.931948][ T9504] loop2: detected capacity change from 0 to 164
[  166.961344][ T9504] Unable to read rock-ridge attributes
[  166.978460][ T9508] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1643'.
[  167.002659][ T9504] Unable to read rock-ridge attributes
[  167.050387][ T9512] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1643'.
[  167.051489][ T9512] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1643'.
[  167.104056][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.203590][ T9520] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1647'.
[  167.235610][ T9522] loop2: detected capacity change from 0 to 512
[  167.244428][ T9518] bridge0: port 3(syz_tun) entered blocking state
[  167.250959][ T9518] bridge0: port 3(syz_tun) entered disabled state
[  167.257868][ T9518] syz_tun: entered allmulticast mode
[  167.265356][ T9522] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  167.279201][ T9522] EXT4-fs (loop2): 1 truncate cleaned up
[  167.280592][ T9518] syz_tun: entered promiscuous mode
[  167.286868][ T9522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.305588][ T9518] bridge0: port 3(syz_tun) entered blocking state
[  167.312228][ T9518] bridge0: port 3(syz_tun) entered forwarding state
[  167.636528][ T9528] loop7: detected capacity change from 0 to 8192
[  168.054549][ T9542] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1653'.
[  168.075788][ T9545] loop7: detected capacity change from 0 to 1024
[  168.150985][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.193419][ T9545] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.244808][ T9545] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4113: comm syz.7.1655: Allocating blocks 497-513 which overlap fs metadata
[  168.267038][ T9545] EXT4-fs (loop7): pa ffff888106a29b60: logic 256, phys. 369, len 9
[  168.275183][ T9545] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  168.287202][ T9545] EXT4-fs error (device loop7): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  168.304714][ T9554] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1656'.
[  168.336526][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.362087][ T9558] x_tables: duplicate underflow at hook 2
[  168.389184][ T9560] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1660'.
[  168.710016][ T9582] loop8: detected capacity change from 0 to 1024
[  168.733985][ T9582] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.762936][ T9582] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.1671: Allocating blocks 497-513 which overlap fs metadata
[  168.777819][ T9582] EXT4-fs (loop8): pa ffff888106a29b60: logic 256, phys. 369, len 9
[  168.785983][ T9582] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  168.798437][ T9582] EXT4-fs error (device loop8): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  168.833218][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.899641][ T9589] x_tables: duplicate underflow at hook 2
[  169.163839][ T9609] loop6: detected capacity change from 0 to 8192
[  169.326991][ T9622] x_tables: duplicate underflow at hook 2
[  169.344489][   T29] kauditd_printk_skb: 345 callbacks suppressed
[  169.344506][   T29] audit: type=1326 audit(1753680323.472:6729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.399899][   T29] audit: type=1326 audit(1753680323.472:6730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.423481][   T29] audit: type=1326 audit(1753680323.502:6731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.447025][   T29] audit: type=1326 audit(1753680323.502:6732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.470586][   T29] audit: type=1326 audit(1753680323.502:6733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.475980][ T9627] loop7: detected capacity change from 0 to 128
[  169.494144][   T29] audit: type=1326 audit(1753680323.502:6734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.494190][   T29] audit: type=1326 audit(1753680323.502:6735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.494226][   T29] audit: type=1326 audit(1753680323.502:6736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.494289][   T29] audit: type=1326 audit(1753680323.502:6737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.494350][   T29] audit: type=1326 audit(1753680323.512:6738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9623 comm="syz.6.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d966ce9a9 code=0x7ffc0000
[  169.836729][ T9638] loop6: detected capacity change from 0 to 8192
[  169.977001][ T9646] loop6: detected capacity change from 0 to 8192
[  170.001431][ T9653] x_tables: duplicate underflow at hook 2
[  170.280990][ T9666] loop6: detected capacity change from 0 to 128
[  170.734719][ T9678] loop2: detected capacity change from 0 to 1024
[  170.737077][ T9675] __nla_validate_parse: 11 callbacks suppressed
[  170.737096][ T9675] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1707'.
[  170.758705][ T9678] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.775317][ T9678] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1709: Allocating blocks 497-513 which overlap fs metadata
[  170.790674][ T9678] EXT4-fs (loop2): pa ffff888106a6c620: logic 256, phys. 369, len 9
[  170.798852][ T9678] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  170.811375][ T9678] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  170.844702][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.961872][ T9698] loop6: detected capacity change from 0 to 164
[  170.975218][ T9698] Unable to read rock-ridge attributes
[  170.996610][ T9698] Unable to read rock-ridge attributes
[  171.009665][ T9699] loop5: detected capacity change from 0 to 512
[  171.017271][ T9691] loop2: detected capacity change from 0 to 8192
[  171.049141][ T9699] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.076072][ T9701] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1716'.
[  171.212096][ T9708] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1716'.
[  171.325405][ T9714] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1720'.
[  171.497441][ T9720] loop2: detected capacity change from 0 to 1024
[  171.525071][ T9720] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.547635][ T9720] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.1722: Allocating blocks 497-513 which overlap fs metadata
[  171.564904][ T9720] EXT4-fs (loop2): pa ffff888106a6c620: logic 256, phys. 369, len 9
[  171.573004][ T9720] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  171.584764][ T9720] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  171.629381][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.629475][ T9724] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1723'.
[  171.825432][ T9733] loop7: detected capacity change from 0 to 512
[  171.855258][ T9733] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.889964][ T9733] ext4 filesystem being mounted at /135/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.947486][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.997606][ T9742] loop8: detected capacity change from 0 to 512
[  172.020364][ T9742] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  172.048149][ T9742] EXT4-fs (loop8): 1 truncate cleaned up
[  172.061781][ T9742] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.209130][ T9752] loop6: detected capacity change from 0 to 128
[  172.657107][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.741509][ T9764] loop5: detected capacity change from 0 to 1024
[  172.769230][ T9764] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.808212][ T9764] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1735: Allocating blocks 497-513 which overlap fs metadata
[  172.828419][ T9764] EXT4-fs (loop5): pa ffff888106a29b60: logic 256, phys. 369, len 9
[  172.834367][ T9769] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1737'.
[  172.836853][ T9764] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  172.875363][ T9764] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  172.909096][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.921017][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.944138][ T9773] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1740'.
[  172.976572][ T9775] loop5: detected capacity change from 0 to 512
[  173.012493][ T9775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.029991][ T9781] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1740'.
[  173.044402][ T9779] loop6: detected capacity change from 0 to 512
[  173.071180][ T9783] loop2: detected capacity change from 0 to 512
[  173.079803][ T9779] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.098475][ T9779] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.118723][ T9787] loop7: detected capacity change from 0 to 164
[  173.123433][ T9783] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.138402][ T9783] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.162550][ T9783] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1743: corrupted xattr block 19: overlapping e_value 
[  173.182901][ T9787] Unable to read rock-ridge attributes
[  173.184050][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.190485][ T9787] Unable to read rock-ridge attributes
[  173.218242][ T9783] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  173.248209][ T9793] loop6: detected capacity change from 0 to 512
[  173.263430][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.275359][ T9793] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  173.289975][ T9793] EXT4-fs (loop6): 1 truncate cleaned up
[  173.299802][ T9795] x_tables: duplicate underflow at hook 2
[  173.309722][ T9793] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.432829][ T9799] loop2: detected capacity change from 0 to 128
[  173.681134][ T9811] loop2: detected capacity change from 0 to 512
[  173.691078][ T9811] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  174.014013][ T9815] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1753'.
[  174.030146][ T9811] EXT4-fs (loop2): 1 truncate cleaned up
[  174.038877][ T9811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.198063][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.366016][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.594615][ T9830] x_tables: duplicate underflow at hook 2
[  174.624252][ T9832] x_tables: duplicate underflow at hook 2
[  174.713897][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.761465][ T9839] loop6: detected capacity change from 0 to 512
[  174.778509][ T9843] loop7: detected capacity change from 0 to 128
[  174.791513][ T9839] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.804251][ T9841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1760'.
[  175.380714][ T9867] x_tables: duplicate underflow at hook 2
[  175.575870][ T9871] loop7: detected capacity change from 0 to 8192
[  175.735606][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.765374][ T9880] loop7: detected capacity change from 0 to 128
[  175.871016][ T9889] __nla_validate_parse: 5 callbacks suppressed
[  175.871039][ T9889] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1777'.
[  175.957639][ T9894] x_tables: duplicate underflow at hook 2
[  176.016056][ T9898] loop8: detected capacity change from 0 to 512
[  176.049578][ T9903] loop5: detected capacity change from 0 to 164
[  176.070058][ T9898] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.108988][ T9903] Unable to read rock-ridge attributes
[  176.120393][ T9903] Unable to read rock-ridge attributes
[  176.125006][ T9909] loop6: detected capacity change from 0 to 512
[  176.137492][ T9898] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.171591][ T9909] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.185595][ T9898] EXT4-fs error (device loop8): ext4_xattr_block_get:593: inode #15: comm syz.8.1781: corrupted xattr block 19: overlapping e_value 
[  176.225817][ T9898] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=15
[  176.237815][ T9914] loop5: detected capacity change from 0 to 512
[  176.267133][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.288197][ T9914] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.305546][ T9919] loop7: detected capacity change from 0 to 128
[  176.477113][ T9930] loop2: detected capacity change from 0 to 512
[  176.494253][ T9930] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.516436][ T9932] x_tables: duplicate underflow at hook 2
[  176.626985][ T9938] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1793'.
[  177.276558][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.286069][ T6020] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.544157][ T9970] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1804'.
[  178.106554][ T9977] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1806'.
[  178.178569][ T9984] loop6: detected capacity change from 0 to 512
[  178.191858][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.195103][ T9984] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.258109][ T9990] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1812'.
[  178.377732][ T9998] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1812'.
[  178.386910][T10003] loop2: detected capacity change from 0 to 512
[  178.397027][T10005] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1816'.
[  178.443818][T10003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.473403][T10003] ext4 filesystem being mounted at /388/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.510385][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.584289][T10015] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1820'.
[  178.620344][T10013] loop7: detected capacity change from 0 to 8192
[  178.711606][T10017] x_tables: duplicate underflow at hook 2
[  178.934514][T10032] loop7: detected capacity change from 0 to 512
[  178.954473][T10032] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  178.976551][T10032] ext4 filesystem being mounted at /173/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.989182][T10032] EXT4-fs error (device loop7): ext4_xattr_block_get:593: inode #15: comm syz.7.1828: corrupted xattr block 19: overlapping e_value 
[  179.119027][T10032] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop7 ino=15
[  179.487087][T10040] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1829'.
[  179.500726][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.523838][T10042] x_tables: duplicate underflow at hook 2
[  179.553205][T10046] loop5: detected capacity change from 0 to 164
[  179.573807][T10046] Unable to read rock-ridge attributes
[  179.599543][T10046] Unable to read rock-ridge attributes
[  179.600545][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.629396][T10045] loop7: detected capacity change from 0 to 8192
[  179.839596][   T29] kauditd_printk_skb: 295 callbacks suppressed
[  179.839628][   T29] audit: type=1326 audit(1753680333.962:7034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.855277][T10065] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1841'.
[  179.869581][   T29] audit: type=1326 audit(1753680333.962:7035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869679][   T29] audit: type=1326 audit(1753680333.962:7036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869716][   T29] audit: type=1326 audit(1753680333.962:7037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869752][   T29] audit: type=1326 audit(1753680333.962:7038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869839][   T29] audit: type=1326 audit(1753680333.962:7039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869895][   T29] audit: type=1326 audit(1753680333.962:7040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.869933][   T29] audit: type=1326 audit(1753680333.962:7041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.870012][   T29] audit: type=1326 audit(1753680333.962:7042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  179.870109][   T29] audit: type=1326 audit(1753680333.962:7043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10059 comm="syz.7.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9bbee9a9 code=0x7ffc0000
[  180.128674][T10070] x_tables: duplicate underflow at hook 2
[  180.169729][T10071] loop8: detected capacity change from 0 to 512
[  180.173427][T10074] loop7: detected capacity change from 0 to 512
[  180.254769][T10071] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.278261][T10074] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.291135][T10071] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.309298][T10071] EXT4-fs error (device loop8): ext4_xattr_block_get:593: inode #15: comm syz.8.1842: corrupted xattr block 19: overlapping e_value 
[  180.331479][T10071] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop8 ino=15
[  180.353285][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.495817][T10086] loop8: detected capacity change from 0 to 512
[  180.514259][T10086] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  180.539298][T10086] EXT4-fs (loop8): 1 truncate cleaned up
[  180.550327][T10086] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.652415][T10095] x_tables: duplicate underflow at hook 2
[  181.444993][ T8196] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.613721][T10110] loop8: detected capacity change from 0 to 128
[  181.746756][T10115] loop8: detected capacity change from 0 to 164
[  181.796509][T10115] Unable to read rock-ridge attributes
[  181.825631][T10115] Unable to read rock-ridge attributes
[  181.857316][ T6434] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.896981][T10125] x_tables: duplicate underflow at hook 2
[  181.981470][T10134] loop6: detected capacity change from 0 to 512
[  182.027057][T10142] __nla_validate_parse: 2 callbacks suppressed
[  182.027073][T10142] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1859'.
[  182.067889][T10134] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.099608][T10139] loop8: detected capacity change from 0 to 8192
[  182.106824][T10134] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.229904][T10134] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.1863: corrupted xattr block 19: overlapping e_value 
[  182.254147][T10134] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  182.267044][T10134] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.1863: corrupted xattr block 19: overlapping e_value 
[  182.286511][T10150] loop8: detected capacity change from 0 to 128
[  182.295979][T10153] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.1863: corrupted xattr block 19: overlapping e_value 
[  182.311163][T10134] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  182.327037][T10153] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  182.336652][T10134] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.1863: corrupted xattr block 19: overlapping e_value 
[  182.642178][T10134] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  182.662381][T10153] EXT4-fs error (device loop6): ext4_xattr_block_find:1869: inode #15: comm syz.6.1863: corrupted xattr block 19: overlapping e_value 
[  182.767281][T10156] loop2: detected capacity change from 0 to 8192
[  182.785863][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.870208][T10167] loop6: detected capacity change from 0 to 512
[  182.895749][T10172] x_tables: duplicate underflow at hook 2
[  182.903032][T10167] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.926648][T10170] x_tables: duplicate underflow at hook 2
[  183.016970][T10184] loop5: detected capacity change from 0 to 128
[  183.139198][T10192] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1881'.
[  183.171874][T10182] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1877'.
[  183.325815][T10199] loop2: detected capacity change from 0 to 8192
[  183.574843][T10221] loop5: detected capacity change from 0 to 128
[  183.583082][T10222] loop2: detected capacity change from 0 to 512
[  183.622699][T10222] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  183.636100][T10222] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.650102][T10222] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1891: corrupted xattr block 19: overlapping e_value 
[  183.666130][T10222] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  183.699769][T10226] netlink: 300 bytes leftover after parsing attributes in process `syz.5.1893'.
[  183.714590][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.746303][T10228] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1894'.
[  183.775954][T10229] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1893'.
[  183.786321][T10229] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1893'.
[  183.860018][ T6298] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.953348][T10241] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1900'.
[  184.015264][T10243] netlink: 44 bytes leftover after parsing attributes in process `syz.7.1900'.
[  184.399379][T10251] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1901'.
[  184.500617][T10253] loop6: detected capacity change from 0 to 128
[  184.827813][T10275] loop5: detected capacity change from 0 to 512
[  184.850140][   T29] kauditd_printk_skb: 248 callbacks suppressed
[  184.850156][   T29] audit: type=1326 audit(1753680338.972:7292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  184.884647][   T29] audit: type=1326 audit(1753680338.992:7293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  184.908991][   T29] audit: type=1326 audit(1753680338.992:7294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  184.933633][   T29] audit: type=1326 audit(1753680338.992:7295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  184.957881][   T29] audit: type=1326 audit(1753680338.992:7296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  184.982186][   T29] audit: type=1326 audit(1753680338.992:7297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  185.006370][   T29] audit: type=1326 audit(1753680338.992:7298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  185.030403][   T29] audit: type=1326 audit(1753680338.992:7299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  185.037080][T10275] EXT4-fs (loop5): too many log groups per flexible block group
[  185.054659][   T29] audit: type=1326 audit(1753680338.992:7300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  185.061690][T10275] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  185.085962][   T29] audit: type=1326 audit(1753680338.992:7301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10276 comm="syz.2.1913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa386f6e9a9 code=0x7ffc0000
[  185.093365][T10275] EXT4-fs (loop5): mount failed
[  185.166089][T10288] loop7: detected capacity change from 0 to 512
[  185.195633][T10288] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.897669][T10314] vlan2: entered promiscuous mode
[  185.903624][T10314] veth3: entered promiscuous mode
[  185.908988][T10314] vlan2: entered allmulticast mode
[  185.914202][T10314] veth3: entered allmulticast mode
[  185.958405][T10319] loop6: detected capacity change from 0 to 512
[  185.979383][T10319] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.124669][T10326] loop5: detected capacity change from 0 to 128
[  186.177393][ T6229] kworker/u8:9: attempt to access beyond end of device
[  186.177393][ T6229] loop5: rw=2049, sector=633, nr_sectors = 32 limit=128
[  186.227342][ T6229] kworker/u8:9: attempt to access beyond end of device
[  186.227342][ T6229] loop5: rw=1, sector=665, nr_sectors = 376 limit=128
[  186.237965][T10333] loop8: detected capacity change from 0 to 512
[  186.284118][T10333] EXT4-fs (loop8): too many log groups per flexible block group
[  186.292530][T10333] EXT4-fs (loop8): failed to initialize mballoc (-12)
[  186.329405][T10333] EXT4-fs (loop8): mount failed
[  186.425090][T10342] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10342 comm=syz.5.1932
[  186.608282][T10361] loop5: detected capacity change from 0 to 128
[  186.791736][T10377] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10377 comm=syz.7.1947
[  186.935076][T10319] ==================================================================
[  186.943321][T10319] BUG: KCSAN: data-race in __xa_clear_mark / filemap_write_and_wait_range
[  186.951870][T10319] 
[  186.954220][T10319] write to 0xffff888115b669a4 of 4 bytes by interrupt on cpu 0:
[  186.961883][T10319]  __xa_clear_mark+0x1c6/0x1e0
[  186.966685][T10319]  __folio_end_writeback+0x177/0x470
[  186.972036][T10319]  folio_end_writeback+0x71/0x3d0
[  186.977112][T10319]  ext4_finish_bio+0x459/0x8c0
[  186.981916][T10319]  ext4_end_bio+0x22a/0x330
[  186.986440][T10319]  bio_endio+0x374/0x410
[  186.990713][T10319]  blk_update_request+0x336/0x730
[  186.995760][T10319]  blk_mq_end_request+0x26/0x50
[  187.000632][T10319]  lo_complete_rq+0x98/0x140
[  187.005258][T10319]  blk_done_softirq+0x77/0xb0
[  187.009950][T10319]  handle_softirqs+0xb7/0x290
[  187.014643][T10319]  run_ksoftirqd+0x1c/0x30
[  187.019085][T10319]  smpboot_thread_fn+0x32b/0x530
[  187.024057][T10319]  kthread+0x486/0x510
[  187.028142][T10319]  ret_from_fork+0xda/0x150
[  187.032658][T10319]  ret_from_fork_asm+0x1a/0x30
[  187.037440][T10319] 
[  187.039772][T10319] read to 0xffff888115b669a4 of 4 bytes by task 10319 on cpu 1:
[  187.047432][T10319]  filemap_write_and_wait_range+0xfc/0x340
[  187.053270][T10319]  filemap_invalidate_pages+0xa4/0x1a0
[  187.058769][T10319]  kiocb_invalidate_pages+0x6e/0x80
[  187.064010][T10319]  __iomap_dio_rw+0x5d4/0x1250
[  187.068803][T10319]  iomap_dio_rw+0x40/0x90
[  187.073158][T10319]  ext4_file_write_iter+0xad9/0xf00
[  187.078377][T10319]  iter_file_splice_write+0x5ef/0x970
[  187.083777][T10319]  direct_splice_actor+0x153/0x2a0
[  187.088910][T10319]  splice_direct_to_actor+0x30f/0x680
[  187.094308][T10319]  do_splice_direct+0xda/0x150
[  187.099093][T10319]  do_sendfile+0x380/0x650
[  187.103530][T10319]  __x64_sys_sendfile64+0x105/0x150
[  187.108747][T10319]  x64_sys_call+0xb39/0x2fb0
[  187.113354][T10319]  do_syscall_64+0xd2/0x200
[  187.117875][T10319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.123784][T10319] 
[  187.126114][T10319] value changed: 0x0e000021 -> 0x04000021
[  187.131942][T10319] 
[  187.134382][T10319] Reported by Kernel Concurrency Sanitizer on:
[  187.140570][T10319] CPU: 1 UID: 0 PID: 10319 Comm: syz.6.1925 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  187.153087][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.163177][T10319] ==================================================================