last executing test programs:

3m11.444564915s ago: executing program 3 (id=771):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014"], 0x84}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="48010000040a0500000000000000000002000008680004801400030076657468315f6d6163767461700000000800014000000000140003"], 0x148}, 0x1, 0x0, 0x0, 0x24001005}, 0x2c77edc509eea7a8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="14000100ff010000000000000000000000000001140006"], 0x70}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)

3m11.360558166s ago: executing program 3 (id=774):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x11)
sendmmsg$inet(r2, &(0x7f0000000a40)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f00000002c0)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000780)="5825be57aff9352b356be67ca2746357d1787b35", 0x14}], 0x1}}], 0x2, 0x4004040)

3m11.333763667s ago: executing program 3 (id=775):
r0 = io_uring_setup(0x4d42, &(0x7f0000000240)={0x0, 0xcb6c, 0x40, 0x3, 0x12d})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000480), 0x66)

3m11.290554708s ago: executing program 3 (id=777):
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r1 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000007c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd=r0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1})
io_uring_enter(r1, 0x4d10, 0x2, 0x2, 0x0, 0x0)

3m11.19939693s ago: executing program 3 (id=779):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xc0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000640)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x402f, 0x8, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47bc, 0x20, 0x0, 0x0, 0x0)

3m10.548435623s ago: executing program 3 (id=800):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x67, 0x54f, &(0x7f00000009c0)="$eJzs3c9vHFcdAPDvrHeTOHFqFzhAJUqhRUkE2Y1r2locSpAQnCoBRVyLsTeW5bXX8q7b2KrIRvwBSAgBEie4cEHiD0BClbhwREiV4AwCBEKQwoFD6aDZnXUde3+1WXuN/flI43nz5s37vrf2jOftjGYCOLeeiojbEfFOmqY3ImI2zy/kU7Q6U1burQevL2dTEmn68j+SSPK8bl1JPr+Sb3YpIr76pYhvJkfjNnb31pdqtep2vlxpbmxVGrt7N9c2llarq9XNhYX55xdfWHxu8dZY+nk1Il78wl++/52ffvHFX376tT++8rfr38qaNZOvP9iP96g4aGWn66X2Z3Fwg+33Gew0KrZ7mJvuVWLqSM79Y24TAAC9Zef4H4iIT0TEjZiNqaOns618iAAAAAD8n0o/NxNvJxFpbxcOZ9yOvmUBAACAU6rQvgc2KZTzewFmolAolzv38H4oLhdq9UbzU3fqO5srnXtl56JUuLNWq97K7xWei1KSLc+30+8uP3toeSEiHo+I781Ot5fLy/XayqS//AAAAIBz4sqh8f+/Zzvj/66Lk2wcAAAAMD5zk24AAAAAcOxGHf9fPuZ2AAAAAMfH9X8AAAA407780kvZlHbff73y6u7Oev3VmyvVxnp5Y2e5vFzf3iqv1uur7Wf2bQyrr1avb30mNnfuVprVRrPS2L0UG/WdzeYraw+9AhsAAAA4QY9/7I3fJxHR+ux0e8pcGG3TEYsBp1VxP5Xk8x679R8e68z/fEKNAk7E1KQbAExMcdINACamNOkGABOXDFnf9+ad3+Tzj4+3PQAAwPhd+0j/6/+FgVu2Bq8GTj07MZxfrv/D+dW+/n/glr+B5wNOFuBMKQ07Axi4z98bc2uASXjk6/9Dpel7ahAAADB2M+0pKZSL3eVCoVyOuNp+LUApubNWq96KiMci4nezpYvZ8ny7ZDJ0zAAAAAAAAAAAAAAAAAAAAAAAAAAAdKRpEikAAABwpkUU/pr8qvMs/2uzz8wc/n7gQvKf2chfEfraj17+wd2lZnN7Psv/535+84d5/rOT+AYDAAAAzoUhL/B/WHec3h3HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA4vfXg9eXudJJx//75iJjrFb8Yl9rzS1GKiMv/SqJ4YLskIqbGEH86+/HhXvGTrFn7IXvFnx5D/Nb9gfGjlX8KveJfGUN8OM/eyI4/t3vtf4V4qj3vvf8VIx5afr/6H/9i//g31Wf/vzpijCfe/Hmlb/z7EU8Uj8S/l0Xoxk/6xH96xPjf+NreXr916Y8jrvX8/5N0i2RHyKg0N7Yqjd29m2sbS6vV1ermwsL884svLD63eKtyZ61WzX/2jPHdj/7inUH9v9wn/tyQ/j9zpLYL+fztwsHc/75598EHO8lSr/jXn+4R/9c/yUscjV/I//d9Mk9n6691061O+qAnf/bbJwf1f6VP/4f9/q/3q/SQG1/59p96rkiTEWsAAMapsbu3vlSrVbfPbCIbpY9YODs7G73mbPh9Gjp4HImL+Z/HSQWdbie+ftI9vTfWCtM0TbMP7RHqSU7PX9Rkj0sAAMD4vXvSP+mWAAAAAAAAAAAAAAAAAAAAwPl1Eo8TOxyztZ9KxvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAsfhfAAAA//9ftdIK")
fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)

3m10.522752023s ago: executing program 32 (id=800):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x67, 0x54f, &(0x7f00000009c0)="$eJzs3c9vHFcdAPDvrHeTOHFqFzhAJUqhRUkE2Y1r2locSpAQnCoBRVyLsTeW5bXX8q7b2KrIRvwBSAgBEie4cEHiD0BClbhwREiV4AwCBEKQwoFD6aDZnXUde3+1WXuN/flI43nz5s37vrf2jOftjGYCOLeeiojbEfFOmqY3ImI2zy/kU7Q6U1burQevL2dTEmn68j+SSPK8bl1JPr+Sb3YpIr76pYhvJkfjNnb31pdqtep2vlxpbmxVGrt7N9c2llarq9XNhYX55xdfWHxu8dZY+nk1Il78wl++/52ffvHFX376tT++8rfr38qaNZOvP9iP96g4aGWn66X2Z3Fwg+33Gew0KrZ7mJvuVWLqSM79Y24TAAC9Zef4H4iIT0TEjZiNqaOns618iAAAAAD8n0o/NxNvJxFpbxcOZ9yOvmUBAACAU6rQvgc2KZTzewFmolAolzv38H4oLhdq9UbzU3fqO5srnXtl56JUuLNWq97K7xWei1KSLc+30+8uP3toeSEiHo+I781Ot5fLy/XayqS//AAAAIBz4sqh8f+/Zzvj/66Lk2wcAAAAMD5zk24AAAAAcOxGHf9fPuZ2AAAAAMfH9X8AAAA407780kvZlHbff73y6u7Oev3VmyvVxnp5Y2e5vFzf3iqv1uur7Wf2bQyrr1avb30mNnfuVprVRrPS2L0UG/WdzeYraw+9AhsAAAA4QY9/7I3fJxHR+ux0e8pcGG3TEYsBp1VxP5Xk8x679R8e68z/fEKNAk7E1KQbAExMcdINACamNOkGABOXDFnf9+ad3+Tzj4+3PQAAwPhd+0j/6/+FgVu2Bq8GTj07MZxfrv/D+dW+/n/glr+B5wNOFuBMKQ07Axi4z98bc2uASXjk6/9Dpel7ahAAADB2M+0pKZSL3eVCoVyOuNp+LUApubNWq96KiMci4nezpYvZ8ny7ZDJ0zAAAAAAAAAAAAAAAAAAAAAAAAAAAdKRpEikAAABwpkUU/pr8qvMs/2uzz8wc/n7gQvKf2chfEfraj17+wd2lZnN7Psv/535+84d5/rOT+AYDAAAAzoUhL/B/WHec3h3HAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA4vfXg9eXudJJx//75iJjrFb8Yl9rzS1GKiMv/SqJ4YLskIqbGEH86+/HhXvGTrFn7IXvFnx5D/Nb9gfGjlX8KveJfGUN8OM/eyI4/t3vtf4V4qj3vvf8VIx5afr/6H/9i//g31Wf/vzpijCfe/Hmlb/z7EU8Uj8S/l0Xoxk/6xH96xPjf+NreXr916Y8jrvX8/5N0i2RHyKg0N7Yqjd29m2sbS6vV1ermwsL884svLD63eKtyZ61WzX/2jPHdj/7inUH9v9wn/tyQ/j9zpLYL+fztwsHc/75598EHO8lSr/jXn+4R/9c/yUscjV/I//d9Mk9n6691061O+qAnf/bbJwf1f6VP/4f9/q/3q/SQG1/59p96rkiTEWsAAMapsbu3vlSrVbfPbCIbpY9YODs7G73mbPh9Gjp4HImL+Z/HSQWdbie+ftI9vTfWCtM0TbMP7RHqSU7PX9Rkj0sAAMD4vXvSP+mWAAAAAAAAAAAAAAAAAAAAwPl1Eo8TOxyztZ9KxvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAsfhfAAAA//9ftdIK")
fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)

3m6.120994588s ago: executing program 5 (id=940):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x73)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xf6c447fee59241f0})
close(r2)

3m6.040521899s ago: executing program 5 (id=944):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={<r2=>0x0, <r3=>0x0, <r4=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)="aa", 0x1}], 0x1, &(0x7f00000000c0)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, r4}}}], 0x20, 0x40044}}], 0x1, 0x4)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r0, 0x0, r5, 0x0, 0x39000, 0x0)

3m6.02505554s ago: executing program 5 (id=945):
r0 = socket$netlink(0x10, 0x3, 0x0)
close(0x3)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7ffe, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00')
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x1, 0x1, r0, 0x0}])

3m5.894706642s ago: executing program 5 (id=951):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

3m5.863091863s ago: executing program 5 (id=953):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

3m4.707410765s ago: executing program 5 (id=994):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_CONTROL(r2, 0x8008551c, &(0x7f0000000180)={0x1, 0x18, 0x0, 0x1, 0x0, 0x0, 0x0})

3m4.680361496s ago: executing program 33 (id=994):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_CONTROL(r2, 0x8008551c, &(0x7f0000000180)={0x1, 0x18, 0x0, 0x1, 0x0, 0x0, 0x0})

1m5.639571265s ago: executing program 6 (id=4171):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

1m5.496067098s ago: executing program 6 (id=4163):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r1)
getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0x437, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r2, 0x704c3, 0xc4a48b7f26bf141b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$inet(r0, &(0x7f00000018c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

1m5.443007319s ago: executing program 6 (id=4172):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)

1m5.359193281s ago: executing program 6 (id=4186):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18000, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES16=0x0, @ANYRES32, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec00000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b37a120", @ANYRESOCT], 0x8, 0x2f6, &(0x7f0000000880)="$eJzs3M9PE1sUwPHTH5S2BMri5b08E8ONbnQzgepaaQwkxiYSpMYfickAU206tqTTQGqM6Mqt8Y9wQViyI1H+ATbudOPGHRsTF7Iwjul0htIyUCmljfT7Scgceu+ZObct5EzTmZ17b57ms5aW1csSjCoJiIjsioxKUDwBdxt04ojs91IuD33/dP7O/Qe3Uun01KxS06m5K0ml1MjY+5XnMXfa5qBsjz7a+Zb8uv3v9v87v+ae5CyVs1ShWFa6mi9+KevzpqEWc1ZeU2rGNHTLULmCZZRq48XaeNYsLi1VlF5YHI4vlQzLUnqhovJGRZWLqlyqqNBjPVdQmqap4biglcza7KyeajN5ocPF4JSUSik9JCKxAyOZtZ4UBAAAeqq5/w+K6mT/v35hqzx0d2PE7f83I379/9XPtX019P9REfHt/73j+/b/+vH6/4MdUX85Uf9fFe1gMWjPWOTAQ4F6WB0spfS4+/frePVwfdwJ6P8BAAAAAAAAAAAAAAAAAAAAAPgb7Np2wrbthLf1fgbdizu8331SQyJyvQclo4NO8PrjDKhfuBceETFfL2eWM7WtO2FLREwxZFwS8tN5P7iqsXflkaoalQ/mqpu/upwJOSOprOSc/AlJDEhzvm1P30xPTaiaxvwBie/PT0pC/vHPT/rmR+TSxX35miTk44IUxZRFp456/osJpW7cTjflx5x5AAAAAACcBZra43v+rmmHjdfy986vmz8fCNXPr8d9z8/Dci7c27UDAAAAANAvrMqzvG6aRumIICat57QfhE9pz94K/zTL+y7D6a30iMA7eMOQd3Pdjj8tgWM8LYcEwYZSV7xKW2SNVeeok67C+9josDkyM9n9V9AJ/nv77kfndnhtI9pipe0HoaPfAANd+ecDAAAAoKvqTb/3yGRvCwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoA914+5ojUfkpv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoX78DAAD//0WxAls=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_clone(0x25888200, 0x0, 0x0, 0x0, 0x0, 0x0)
fdatasync(r0)

1m5.178397764s ago: executing program 6 (id=4193):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r3, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x6, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800)

1m4.836357121s ago: executing program 6 (id=4190):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x78, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r1})

1m4.773814962s ago: executing program 34 (id=4190):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x78, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r0}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r1})

30.750881487s ago: executing program 0 (id=5186):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

30.726846238s ago: executing program 0 (id=5189):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x600, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)

30.677721089s ago: executing program 0 (id=5192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa00000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

30.658527669s ago: executing program 0 (id=5193):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

30.61038618s ago: executing program 0 (id=5197):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a5)
mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='mqueue\x00', 0x200011, 0x0)
r0 = inotify_init1(0x800)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x900)
mq_open(&(0x7f00000000c0)='ns\xbf\x12\xe1\v\xc8E\xe0\x80r\x917kj\x9cL\xceZ\x99\xf8Q%#-\xd3\xd2\x13\xe8\xdc\xe1\xfd\xde\xef\xf2\xa7\xd2\xab\x97\xc2e\'\xfc\x10\x85\x03\x00\x00\x002\xb80\x10_\\KA\x97\xb7.[O\xd56\xec^F\xdfT\xda\x9817\"\xf5h\xc0\xf8\a\x9e\xce\xa9&\xffq\xebA\x98\x96~\x17|\xc9xR\\z\x9a\x8cRJ\x85\\u\xb2\\\xedB4\xb5z\xbb\xee\xbd\x96\x19\xd1\x98\xeb\xe8\xc1u\x8b\xf8hc\x81#\r\xe8\xf8%\xd9\x7f\r\x12M\x00', 0x40, 0x0, 0x0)

30.430393214s ago: executing program 0 (id=5202):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_adjtime(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf250301"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

30.430329044s ago: executing program 35 (id=5202):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_adjtime(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf250301"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.01224916s ago: executing program 1 (id=6112):
r0 = socket$packet(0x11, 0x2, 0x300)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000014001a8010"], 0x34}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

752.457086ms ago: executing program 2 (id=6126):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003c80)="f50cb6", 0x3}], 0x1}}], 0x1, 0x8011)
recvmmsg(r0, &(0x7f000000a400)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001c80)=""/4096, 0x1000}], 0x1}, 0x40}], 0x1, 0x10120, 0x0)
shutdown(r0, 0x1)

749.788136ms ago: executing program 7 (id=6127):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r0}, 0x3d)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r1}, 0x3d)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0xa)

736.450206ms ago: executing program 8 (id=6128):
r0 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x7, 0x8, 0x5, 0x7, 0x0, 0x5, 0x4001, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x40001, 0x2, @perf_config_ext={0x7fff, 0x1}, 0x100997, 0x7ff, 0x7, 0x6, 0x800084, 0x2, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mm_page_alloc\x00', r2}, 0x18)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12011, r0, 0x0)

736.246806ms ago: executing program 2 (id=6129):
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0xe4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
dup2(r0, r0)

698.231247ms ago: executing program 7 (id=6130):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3ce, &(0x7f00000004c0)="$eJzs3M9rHFUcAPDvTH7UpjUbQVD0EvFgpJif1lbxYE5e9KR48bQk6Q9ME2lWsCVCBc8FQdCrR/8A8dKDgtW/wKtHkUKQJN5XZndmMybZtJtuHNl8PvDIe/M2+97MY2bfPN57AZxakxHxVkQMRcRsRNTy42ke4k47ZJ/b3d5cykISzeZ7fyWRRMTO9uZS8V1J/vdc/gVTaUT6RRLPH1Luxq3bH9VXV1du5umZxo2PZzZu3X7l+o361ZWrK2sLC/Pzly/OXnrtct/O9evNdz/84fe3d765M/5Mfbl2N6vv+TyvfB79MhmTnWuy3+v9LqxiT5TiyXCFFQEA4Ehp3vcfbvX/azEUe523Wtz9udLKAQAAAH3RbBZ/AQAAgMGVePcHAACAAVfMA9jZ3lwqQoXTEfiPbS1GxES7/Yv13e2c4c6a3pF963v7aTIi/p76/uUsxAmtwwYAAAA4zX5cbG/8d3D8L41nS587GxFjxd5+fTS5L31w/Cd90OciKdlajHiztLfjbqn9cxNDeerJ1lDhSHLl+urKbESMR8RUjJzJ0nNHlDH+xh/3uuWVx/+ykJVfjAXm9XgwfObf/7Ncb9Qf55zZs/V5xHPDh7V/0hnzLe+TeRyfXfvyWre8h7c/J6n5bcRLh97/ezuXJkfvzzrTeh7MFE+Fg9bu3X+hW/nav1rZ/T92dPtPJOX9ejd6L+OD++d/65Z33Of/aPJ+q4Kj+bFP643GzbmI0eSdg8fne6/zoCquR3G9svafevHw3/+i/5fkv/3jpf2he/HTL7uXuuW5/6uVtf9yT/d/75GLv353oVv5j3b/v9qqzFR+RP/v4R61gaquJwAAAAAAAAD9kbbm9iXpdCeeptPT7Xm+T8dYurq+0bhwZf2TteX2HMCJGEmLmV610nzQufYy8k56fl96ISKeioivamdb6eml9dXlqk8eAAAATolzXd7/M38eZ7EHAAAA8P80UXUFAAAAgBPn/R8AAAAG2uPs6y8iIjKokaqfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn2z8BAAD//yly2dE=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

636.807848ms ago: executing program 2 (id=6132):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc010}, 0x4044040)

636.607138ms ago: executing program 8 (id=6133):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000100), 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

636.434748ms ago: executing program 8 (id=6134):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
getpgrp(0xffffffffffffffff)

636.322778ms ago: executing program 1 (id=6135):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800008, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cache=fscache,aname=@,'])

618.139038ms ago: executing program 2 (id=6136):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0xb, 0x100005, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0x4002}, 0x50)

616.193249ms ago: executing program 8 (id=6137):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xffffdffffffffffe}, 0x18)
acct(&(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

536.35977ms ago: executing program 7 (id=6138):
r0 = socket(0x2b, 0x1, 0x1)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x20040000)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r0)

535.81832ms ago: executing program 8 (id=6148):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x20, 0x8}, {0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1d}, {0x0, 0x0, 0x0, 0x2dd}, 0x0, 0x0, 0x1}}, 0xb4}}, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x2f)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)

535.57693ms ago: executing program 2 (id=6140):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x1}}, './file0\x00'})

495.355621ms ago: executing program 4 (id=6141):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x32801, 0x0, 0x0, 0x0, &(0x7f0000000040))
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

486.919941ms ago: executing program 1 (id=6142):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1804000000000000000000000000040018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)

465.295151ms ago: executing program 8 (id=6143):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0x58, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0)

464.941381ms ago: executing program 4 (id=6144):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
close(r0)

433.302052ms ago: executing program 7 (id=6145):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfff9}, 0xe)
listen(r0, 0x800)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100}, &(0x7f0000020940)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r1, 0x2ded, 0x4000, 0x0, 0x0, 0x0)

419.785152ms ago: executing program 2 (id=6146):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f", 0xe)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7fffeffd)

419.372982ms ago: executing program 1 (id=6147):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
r1 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x95f5, 0x10100, 0x0, 0x89}, &(0x7f0000000280)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r1, 0x207a98, 0x363, 0x4, 0x0, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x2)

403.989512ms ago: executing program 4 (id=6149):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file3\x00', 0x4)

393.919453ms ago: executing program 7 (id=6150):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x2, 0x0)

264.354095ms ago: executing program 4 (id=6151):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
rt_sigaction(0x19, 0x0, 0x0, 0x8, &(0x7f0000000440))

164.099927ms ago: executing program 1 (id=6152):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20)

123.522188ms ago: executing program 4 (id=6153):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x2, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x100, 0x10000, 0x5, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b55081f0000000000009bc400", "dc5d3f00", "46b0e072b7b1d30e"}, 0x38)

402.101碌s ago: executing program 1 (id=6154):
unshare(0x22020600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4}, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="0082010105000000852000000400000000000000000300000000000000000000184100000004000000000000000000009500000000000000950000000000000014583000ffffffff18160000", @ANYRES32=r0, @ANYBLOB="000000000000000045abffff00000000183800000400"/32], &(0x7f0000000580)='syzkaller\x00', 0xa, 0x5, &(0x7f0000000140)=""/5, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x7, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[r0, r0, r0, r0, 0xffffffffffffffff, r0], 0x0, 0x10, 0xfffffffe}, 0xc3)

191.53碌s ago: executing program 7 (id=6155):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001080)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000380)=0x2)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x20, 0x0})

0s ago: executing program 4 (id=6156):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = getpgrp(0x0)
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x34020000)

kernel console output (not intermixed with test programs):

183.367576][ T5794] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.399284][T13719] netlink: 830 bytes leftover after parsing attributes in process `syz.1.4091'.
[  183.412040][T13714] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4089'.
[  183.446026][T13717] openvswitch: netlink: Message has 6 unknown bytes.
[  183.534216][T13736] loop2: detected capacity change from 0 to 512
[  183.534883][T13739] loop4: detected capacity change from 0 to 512
[  183.558466][T13741] rdma_op ffff888104792980 conn xmit_rdma 0000000000000000
[  183.569003][T13739] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  183.584670][T13746] loop1: detected capacity change from 0 to 128
[  183.619600][T13739] EXT4-fs (loop4): 1 truncate cleaned up
[  183.684823][T13753] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4104'.
[  183.700400][T13753] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  183.768337][T13760] netlink: 830 bytes leftover after parsing attributes in process `syz.2.4106'.
[  183.832948][   T23] tipc: Node number set to 2824484798
[  184.073851][T13789] loop6: detected capacity change from 0 to 512
[  184.085625][T13787] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4117'.
[  184.147965][T13794] loop1: detected capacity change from 0 to 512
[  184.207756][T13794] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  184.276421][T13794] EXT4-fs (loop1): 1 truncate cleaned up
[  184.343950][T13817] loop0: detected capacity change from 0 to 128
[  184.360256][T13819] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  184.514057][T13845] openvswitch: netlink: Message has 6 unknown bytes.
[  184.578017][T13851] loop1: detected capacity change from 0 to 256
[  184.586585][T13851] msdos: Bad value for 'fmask'
[  184.598518][T13856] loop6: detected capacity change from 0 to 128
[  184.672242][T13863] netlink: 'syz.1.4152': attribute type 10 has an invalid length.
[  184.712060][T13863] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  184.736758][T13867] loop2: detected capacity change from 0 to 2048
[  184.761366][T13867] EXT4-fs (loop2): shut down requested (0)
[  184.840667][T13884] loop4: detected capacity change from 0 to 128
[  184.851370][T13886] netlink: 'syz.6.4171': attribute type 10 has an invalid length.
[  184.864312][T13886] dummy0: entered promiscuous mode
[  184.924361][T13889] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  185.111233][T13916] loop6: detected capacity change from 0 to 128
[  185.238511][T13926] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  185.266249][T13928] netlink: 'syz.2.4179': attribute type 10 has an invalid length.
[  185.290926][T13928] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  185.478635][T13948] netlink: 'syz.0.4200': attribute type 10 has an invalid length.
[  185.495522][T13948] dummy0: entered promiscuous mode
[  185.506054][T13948] $H�: (slave dummy0): Enslaving as an active interface with an up link
[  185.659043][T13951] loop1: detected capacity change from 0 to 512
[  185.670266][T13952] loop4: detected capacity change from 0 to 164
[  185.691476][T13952] iso9660: Unknown parameter '18446744073709551615�)-囚�粦�'
[  185.716108][T10741] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.726705][T10741] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.763599][T13951] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #18: comm syz.1.4192: corrupted inode contents
[  185.797006][T13951] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #18: comm syz.1.4192: mark_inode_dirty error
[  185.836970][T10741] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.847423][T10741] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.859879][T13951] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #18: comm syz.1.4192: corrupted inode contents
[  185.872134][T13951] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #18: comm syz.1.4192: mark_inode_dirty error
[  185.898527][T13951] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #18: comm syz.1.4192: mark inode dirty (error -117)
[  185.922248][T13951] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[  185.935817][T10741] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.946769][T10741] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.986162][T10741] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  185.996555][T10741] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.093239][T10741] bond0 (unregistering): (slave geneve2): Releasing active interface
[  186.184702][T10741] $H� (unregistering): Released all slaves
[  186.193396][T10741] bond0 (unregistering): Released all slaves
[  186.225717][T10741] tipc: Disabling bearer <udp:syz2>
[  186.230999][T10741] tipc: Left network mode
[  186.257862][T10741] veth1_macvtap: left promiscuous mode
[  186.263445][T10741] veth0_macvtap: left promiscuous mode
[  186.269145][T10741] veth1_vlan: left promiscuous mode
[  186.274547][T10741] veth0_vlan: left promiscuous mode
[  186.351589][T13962] chnl_net:caif_netlink_parms(): no params data found
[  186.387840][T13962] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.395006][T13962] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.402293][T13962] bridge_slave_0: entered allmulticast mode
[  186.408856][T13962] bridge_slave_0: entered promiscuous mode
[  186.415652][T13962] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.422764][T13962] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.430184][T13962] bridge_slave_1: entered allmulticast mode
[  186.436993][T13962] bridge_slave_1: entered promiscuous mode
[  186.454775][T13962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.465265][T13962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.484732][T13962] team0: Port device team_slave_0 added
[  186.491417][T13962] team0: Port device team_slave_1 added
[  186.507207][T13962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.514265][T13962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.540320][T13962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  186.551836][T13962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  186.558880][T13962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  186.584959][T13962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.612184][T13962] hsr_slave_0: entered promiscuous mode
[  186.618385][T13962] hsr_slave_1: entered promiscuous mode
[  186.624432][T13962] debugfs: 'hsr0' already exists in 'hsr'
[  186.630163][T13962] Cannot create hsr debugfs directory
[  186.704194][T13962] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  186.713225][T13962] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  186.721853][T13962] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  186.731430][T13962] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  186.746077][T13962] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.753155][T13962] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.760579][T13962] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.767953][T13962] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.794694][T13962] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.806748][T10733] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.815777][T10733] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.829209][T13962] 8021q: adding VLAN 0 to HW filter on device team0
[  186.840005][T10733] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.847563][T10733] bridge0: port 1(bridge_slave_0) entered forwarding state
[  186.858210][T10733] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.865327][T10733] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.927565][T13962] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.033120][T13962] veth0_vlan: entered promiscuous mode
[  187.040673][T13962] veth1_vlan: entered promiscuous mode
[  187.055142][T13962] veth0_macvtap: entered promiscuous mode
[  187.062330][T13962] veth1_macvtap: entered promiscuous mode
[  187.073117][T13962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.082218][T13962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.094829][T10733] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.103820][T10733] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.112526][T10733] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.121450][T10733] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.161762][T14003] loop2: detected capacity change from 0 to 512
[  187.190842][T14003] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  187.203676][T14013] loop7: detected capacity change from 0 to 128
[  187.205330][T14003] EXT4-fs (loop2): 1 truncate cleaned up
[  187.364257][T10741] bio_check_eod: 695 callbacks suppressed
[  187.364334][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.364334][T10741] loop7: rw=1, sector=753, nr_sectors = 8 limit=128
[  187.423454][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.423454][T10741] loop7: rw=1, sector=785, nr_sectors = 8 limit=128
[  187.451526][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.451526][T10741] loop7: rw=1, sector=817, nr_sectors = 8 limit=128
[  187.465136][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.465136][T10741] loop7: rw=1, sector=849, nr_sectors = 8 limit=128
[  187.478815][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.478815][T10741] loop7: rw=1, sector=881, nr_sectors = 8 limit=128
[  187.492526][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.492526][T10741] loop7: rw=1, sector=913, nr_sectors = 8 limit=128
[  187.506400][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.506400][T10741] loop7: rw=1, sector=945, nr_sectors = 8 limit=128
[  187.520022][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.520022][T10741] loop7: rw=1, sector=977, nr_sectors = 8 limit=128
[  187.533723][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.533723][T10741] loop7: rw=1, sector=1009, nr_sectors = 8 limit=128
[  187.547674][T10741] kworker/u8:59: attempt to access beyond end of device
[  187.547674][T10741] loop7: rw=1, sector=177, nr_sectors = 8 limit=128
[  187.634096][T14039] netlink: 'syz.7.4204': attribute type 10 has an invalid length.
[  187.657291][T14039] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  187.730103][T14051] loop7: detected capacity change from 0 to 2048
[  187.746611][T14055] 9pnet: Could not find request transport: 0xffffffffffffffff
[  187.776531][T14060] macvtap0: refused to change device tx_queue_len
[  187.799418][T14051] EXT4-fs (loop7): shut down requested (0)
[  187.860421][T14077] netlink: 'syz.4.4231': attribute type 10 has an invalid length.
[  187.877665][T14077] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  187.935911][T14084] vhci_hcd: invalid port number 96
[  187.941172][T14084] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  187.995633][   T29] kauditd_printk_skb: 162 callbacks suppressed
[  187.995651][   T29] audit: type=1326 audit(188.003:4480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.074092][   T29] audit: type=1326 audit(188.033:4481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.097844][   T29] audit: type=1326 audit(188.033:4482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.121564][   T29] audit: type=1326 audit(188.033:4483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.144724][   T29] audit: type=1326 audit(188.043:4484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.167761][   T29] audit: type=1326 audit(188.043:4485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.190954][   T29] audit: type=1326 audit(188.043:4486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.214748][   T29] audit: type=1326 audit(188.043:4487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.237714][   T29] audit: type=1326 audit(188.053:4488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.260668][   T29] audit: type=1326 audit(188.053:4489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14093 comm="syz.0.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  188.307742][T14110] netlink: 'syz.1.4247': attribute type 10 has an invalid length.
[  188.364172][T14117] vhci_hcd: invalid port number 96
[  188.369440][T14117] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  188.397535][T14123] netlink: 'syz.4.4262': attribute type 10 has an invalid length.
[  188.482924][T14132] loop7: detected capacity change from 0 to 164
[  188.495254][T14132] iso9660: Unknown parameter '18446744073709551615�)-囚�粦�'
[  188.544960][T14139] macvtap0: refused to change device tx_queue_len
[  188.609028][T14145] 9pnet: Could not find request transport: 0xffffffffffffffff
[  188.624423][T14148] vhci_hcd: invalid port number 96
[  188.629585][T14148] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  188.784399][T14171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.800931][T14171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.871284][T14176] netlink: 'syz.4.4275': attribute type 1 has an invalid length.
[  188.879205][T14176] netlink: 'syz.4.4275': attribute type 2 has an invalid length.
[  188.921806][T14179] @: renamed from vlan0 (while UP)
[  188.935408][T14183] loop4: detected capacity change from 0 to 512
[  188.942528][T14183] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  188.955432][T14181] vhci_hcd: invalid port number 96
[  188.960689][T14181] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  188.980743][T14183] EXT4-fs (loop4): 1 orphan inode deleted
[  188.986565][T14183] EXT4-fs (loop4): 1 truncate cleaned up
[  188.995012][T14183] EXT4-fs error (device loop4): ext4_lookup:1787: inode #16: comm syz.4.4281: iget: bad extra_isize 46 (inode size 256)
[  189.014323][T14183] EXT4-fs (loop4): Remounting filesystem read-only
[  189.028526][T14188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4283'.
[  189.039006][T14188] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4283'.
[  189.287692][T14215] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4295'.
[  189.299273][T14215] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4295'.
[  189.713852][T14251] netlink: 'syz.7.4310': attribute type 1 has an invalid length.
[  189.721652][T14251] netlink: 'syz.7.4310': attribute type 2 has an invalid length.
[  189.952198][T14264] loop7: detected capacity change from 0 to 128
[  189.969521][T14264] msdos: Unknown parameter 'dot�'
[  190.011050][T14267] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4319'.
[  190.034310][T14267] netlink: 104 bytes leftover after parsing attributes in process `syz.7.4319'.
[  190.138633][T14274] @: renamed from vlan0 (while UP)
[  190.641368][T14307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.663057][T14307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.766343][T14316] 9pnet_fd: Insufficient options for proto=fd
[  191.081704][T14337] loop2: detected capacity change from 0 to 1024
[  191.099166][T14337] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  191.110137][T14337] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  191.141302][T14337] JBD2: no valid journal superblock found
[  191.147151][T14337] EXT4-fs (loop2): Could not load journal inode
[  191.298214][T14345] ALSA: seq fatal error: cannot create timer (-22)
[  191.314231][T14349] loop2: detected capacity change from 0 to 1024
[  191.320895][T14349] EXT4-fs: Ignoring removed oldalloc option
[  191.332839][T14349] EXT4-fs: Ignoring removed orlov option
[  191.342971][T14349] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  191.425071][T14349] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.4353: Allocating blocks 497-513 which overlap fs metadata
[  191.742384][T14372] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4363'.
[  192.047723][T14393] ALSA: seq fatal error: cannot create timer (-22)
[  192.067251][T14391] hub 9-0:1.0: USB hub found
[  192.092828][T14391] hub 9-0:1.0: 8 ports detected
[  193.644317][   T29] kauditd_printk_skb: 138 callbacks suppressed
[  193.644377][   T29] audit: type=1400 audit(193.653:4628): avc:  denied  { connect } for  pid=14436 comm="syz.0.4404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  193.977977][   T29] audit: type=1400 audit(193.983:4629): avc:  denied  { bpf } for  pid=14452 comm="syz.1.4401" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  193.998120][   T29] audit: type=1400 audit(193.983:4630): avc:  denied  { perfmon } for  pid=14452 comm="syz.1.4401" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  194.107781][   T29] audit: type=1400 audit(193.983:4631): avc:  denied  { prog_run } for  pid=14452 comm="syz.1.4401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  194.126422][   T29] audit: type=1400 audit(194.053:4632): avc:  denied  { create } for  pid=14452 comm="syz.1.4401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  194.145802][   T29] audit: type=1400 audit(194.053:4633): avc:  denied  { read write } for  pid=8728 comm="syz-executor" name="loop2" dev="devtmpfs" ino=669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  194.168946][   T29] audit: type=1400 audit(194.053:4634): avc:  denied  { open } for  pid=8728 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  194.191621][   T29] audit: type=1400 audit(194.053:4635): avc:  denied  { ioctl } for  pid=8728 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=669 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  194.215808][   T29] audit: type=1400 audit(194.063:4636): avc:  denied  { setopt } for  pid=14452 comm="syz.1.4401" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  194.236063][   T29] audit: type=1400 audit(194.083:4637): avc:  denied  { map_create } for  pid=14456 comm="syz.2.4405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  194.333882][T14473] rdma_op ffff88814577f980 conn xmit_rdma 0000000000000000
[  194.436167][T14482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.462893][T14482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.714900][T14500] rdma_op ffff88814b98c980 conn xmit_rdma 0000000000000000
[  194.853139][T14510] netlink: 'syz.0.4430': attribute type 10 has an invalid length.
[  194.861016][T14510] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4430'.
[  194.881314][T14510] $H�: (slave dummy0): Releasing backup interface
[  194.891416][T14511] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  194.904249][T14510] bridge0: port 3(dummy0) entered blocking state
[  194.910728][T14510] bridge0: port 3(dummy0) entered disabled state
[  194.914939][T14511] SELinux: failed to load policy
[  194.922823][T14510] dummy0: entered allmulticast mode
[  195.187324][T14533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4441'.
[  195.324784][T14538] SELinux: failed to load policy
[  195.454892][T14548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.506218][T14548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.517670][T14554] IPVS: stopping master sync thread 14557 ...
[  195.525236][T14557] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  195.545047][T14556] netlink: 340 bytes leftover after parsing attributes in process `syz.0.4450'.
[  195.562949][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.593371][T14548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.620045][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.666345][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4446'.
[  195.763454][T14579] pim6reg: entered allmulticast mode
[  195.770736][T14579] pim6reg: left allmulticast mode
[  195.798728][T14578] veth3: entered promiscuous mode
[  196.151341][T14602] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4469'.
[  196.318967][T14614] pim6reg: entered allmulticast mode
[  196.342591][T14614] pim6reg: left allmulticast mode
[  196.447044][T14627] veth3: entered promiscuous mode
[  196.475975][T14632] IPVS: stopping master sync thread 14634 ...
[  196.592994][T14646] SELinux: failed to load policy
[  196.680904][T14656] netlink: 'syz.1.4490': attribute type 13 has an invalid length.
[  196.706298][T14658] pim6reg: entered allmulticast mode
[  196.728662][T14656] gretap0: refused to change device tx_queue_len
[  196.743584][T14656] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  196.762795][T14658] pim6reg: left allmulticast mode
[  196.979431][T14669] IPVS: Error connecting to the multicast addr
[  197.061523][T14677] loop7: detected capacity change from 0 to 512
[  197.074562][T14677] EXT4-fs warning (device loop7): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  197.089640][T14677] EXT4-fs (loop7): mount failed
[  197.210414][T14684] SELinux: failed to load policy
[  198.222183][T14709] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  198.234123][T14707] IPVS: stopping master sync thread 14709 ...
[  198.280665][T14713] netlink: 'syz.2.4512': attribute type 13 has an invalid length.
[  198.306979][T14713] gretap0: refused to change device tx_queue_len
[  198.314238][T14713] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  198.351986][T14715] syzkaller0: entered promiscuous mode
[  198.357626][T14715] syzkaller0: entered allmulticast mode
[  198.771196][   T29] kauditd_printk_skb: 120 callbacks suppressed
[  198.771210][   T29] audit: type=1400 audit(198.773:4757): avc:  denied  { write } for  pid=14717 comm="syz.0.4526" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  198.845461][   T29] audit: type=1400 audit(198.843:4758): avc:  denied  { read } for  pid=14727 comm="syz.2.4521" dev="nsfs" ino=4026532463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  198.866348][   T29] audit: type=1400 audit(198.843:4759): avc:  denied  { open } for  pid=14727 comm="syz.2.4521" path="net:[4026532463]" dev="nsfs" ino=4026532463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  198.889425][   T29] audit: type=1400 audit(198.843:4760): avc:  denied  { create } for  pid=14727 comm="syz.2.4521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  198.909172][   T29] audit: type=1400 audit(198.853:4761): avc:  denied  { bind } for  pid=14727 comm="syz.2.4521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  198.910924][T14726] SELinux: failed to load policy
[  198.928566][   T29] audit: type=1400 audit(198.853:4762): avc:  denied  { write } for  pid=14727 comm="syz.2.4521" path="socket:[42326]" dev="sockfs" ino=42326 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  199.096769][   T29] audit: type=1400 audit(199.103:4763): avc:  denied  { write } for  pid=14754 comm="syz.2.4528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  199.195542][   T29] audit: type=1400 audit(199.123:4764): avc:  denied  { name_connect } for  pid=14754 comm="syz.2.4528" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  199.215346][   T29] audit: type=1400 audit(199.163:4765): avc:  denied  { append } for  pid=14757 comm="syz.7.4533" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  199.237955][   T29] audit: type=1400 audit(199.203:4766): avc:  denied  { read write } for  pid=14764 comm="syz.4.4534" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  199.368632][T14773] SELinux: failed to load policy
[  199.648267][T14801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.702808][T14801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  199.895820][T14817] netlink: 'syz.0.4555': attribute type 21 has an invalid length.
[  199.903845][T14817] __nla_validate_parse: 20 callbacks suppressed
[  199.903860][T14817] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4555'.
[  200.583086][T14855] syzkaller0: entered promiscuous mode
[  200.588656][T14855] syzkaller0: entered allmulticast mode
[  200.754585][T14870] loop2: detected capacity change from 0 to 512
[  200.761483][T14870] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  200.801109][T14870] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.4579: iget: bogus i_mode (5)
[  200.813045][T14871] Falling back ldisc for ttyS3.
[  200.854344][T14870] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.4579: couldn't read orphan inode 15 (err -117)
[  200.893231][T14882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  200.905269][T14880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.923726][T14870] EXT4-fs mount: 20 callbacks suppressed
[  200.923819][T14870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.946383][T14880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.960502][T14882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  200.991493][T14883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  201.007275][ T8728] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.037205][T14883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  201.050559][T14882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  201.080300][T14883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4583'.
[  201.912771][T14913] syzkaller0: entered promiscuous mode
[  201.918294][T14913] syzkaller0: entered allmulticast mode
[  202.233769][T14932] loop7: detected capacity change from 0 to 164
[  202.252026][T14932] bio_check_eod: 9 callbacks suppressed
[  202.252041][T14932] syz.7.4602: attempt to access beyond end of device
[  202.252041][T14932] loop7: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  202.272411][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4603'.
[  202.288722][T14935] netlink: 2 bytes leftover after parsing attributes in process `syz.4.4603'.
[  202.292542][T14932] syz.7.4602: attempt to access beyond end of device
[  202.292542][T14932] loop7: rw=0, sector=263328, nr_sectors = 4 limit=164
[  202.415535][T14945] syzkaller0: entered promiscuous mode
[  202.421196][T14945] syzkaller0: entered allmulticast mode
[  202.790704][T14975] IPv6: Can't replace route, no match found
[  202.822773][T14977] usb usb1: usbfs: process 14977 (syz.1.4624) did not claim interface 4 before use
[  203.066630][T15012] IPv6: Can't replace route, no match found
[  203.134162][T15014] usb usb1: usbfs: process 15014 (syz.2.4642) did not claim interface 4 before use
[  203.306920][T15028] netlink: 'syz.7.4648': attribute type 2 has an invalid length.
[  203.314817][T15028] netlink: 'syz.7.4648': attribute type 1 has an invalid length.
[  203.322596][T15028] netlink: 199820 bytes leftover after parsing attributes in process `syz.7.4648'.
[  203.504278][T15058] IPv6: Can't replace route, no match found
[  203.843521][   T29] kauditd_printk_skb: 61 callbacks suppressed
[  203.843540][   T29] audit: type=1326 audit(203.853:4828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  203.872835][   T29] audit: type=1326 audit(203.853:4829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  203.936609][   T29] audit: type=1326 audit(203.903:4830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  203.959691][   T29] audit: type=1326 audit(203.903:4831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  203.982865][   T29] audit: type=1326 audit(203.903:4832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.006064][   T29] audit: type=1326 audit(203.913:4833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.029014][   T29] audit: type=1326 audit(203.913:4834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.052071][   T29] audit: type=1326 audit(203.913:4835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.075061][   T29] audit: type=1326 audit(203.913:4836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.097993][   T29] audit: type=1326 audit(203.913:4837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15080 comm="syz.0.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbd42ebe9 code=0x7ffc0000
[  204.160858][T15094] IPv6: Can't replace route, no match found
[  204.449666][T15113] serio: Serial port ptm0
[  204.617518][T15126] vhci_hcd: invalid port number 96
[  204.622804][T15126] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[  204.716984][T15145] loop4: detected capacity change from 0 to 164
[  204.727594][T15145] syz.4.4701: attempt to access beyond end of device
[  204.727594][T15145] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  204.741740][T15145] syz.4.4701: attempt to access beyond end of device
[  204.741740][T15145] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[  205.257775][T15207] loop7: detected capacity change from 0 to 164
[  205.266990][T15207] syz.7.4731: attempt to access beyond end of device
[  205.266990][T15207] loop7: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  205.281347][T15207] syz.7.4731: attempt to access beyond end of device
[  205.281347][T15207] loop7: rw=0, sector=263328, nr_sectors = 4 limit=164
[  205.407594][T15230] loop2: detected capacity change from 0 to 164
[  205.425715][T15230] rock: directory entry would overflow storage
[  205.431997][T15230] rock: sig=0x66, size=4, remaining=3
[  206.049231][T15283] hub 6-0:1.0: USB hub found
[  206.062883][T15283] hub 6-0:1.0: 8 ports detected
[  207.197308][T15371] loop7: detected capacity change from 0 to 128
[  207.267251][T15377] syz.7.4804: attempt to access beyond end of device
[  207.267251][T15377] loop7: rw=2049, sector=145, nr_sectors = 16 limit=128
[  207.287538][T15377] syz.7.4804: attempt to access beyond end of device
[  207.287538][T15377] loop7: rw=2049, sector=169, nr_sectors = 8 limit=128
[  207.301541][T15377] syz.7.4804: attempt to access beyond end of device
[  207.301541][T15377] loop7: rw=2049, sector=185, nr_sectors = 8 limit=128
[  207.315227][T15377] syz.7.4804: attempt to access beyond end of device
[  207.315227][T15377] loop7: rw=2049, sector=201, nr_sectors = 8 limit=128
[  207.328948][T15377] syz.7.4804: attempt to access beyond end of device
[  207.328948][T15377] loop7: rw=2049, sector=217, nr_sectors = 8 limit=128
[  207.349932][T15377] syz.7.4804: attempt to access beyond end of device
[  207.349932][T15377] loop7: rw=2049, sector=233, nr_sectors = 8 limit=128
[  207.363754][T15377] syz.7.4804: attempt to access beyond end of device
[  207.363754][T15377] loop7: rw=2049, sector=249, nr_sectors = 8 limit=128
[  207.377356][T15377] syz.7.4804: attempt to access beyond end of device
[  207.377356][T15377] loop7: rw=2049, sector=265, nr_sectors = 8 limit=128
[  207.391160][T15377] syz.7.4804: attempt to access beyond end of device
[  207.391160][T15377] loop7: rw=2049, sector=281, nr_sectors = 8 limit=128
[  207.405336][T15377] syz.7.4804: attempt to access beyond end of device
[  207.405336][T15377] loop7: rw=2049, sector=297, nr_sectors = 8 limit=128
[  207.674987][T15398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4813'.
[  207.684077][T15398] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4813'.
[  207.711913][T15399] IPv6: Can't replace route, no match found
[  207.715323][T15398] bridge0: port 4(vlan0) entered blocking state
[  207.724165][T15398] bridge0: port 4(vlan0) entered disabled state
[  207.760909][T15398] vlan0: entered allmulticast mode
[  207.766132][T15398] bridge0: entered allmulticast mode
[  207.795769][T15398] vlan0: left allmulticast mode
[  207.800690][T15398] bridge0: left allmulticast mode
[  207.890061][T15409] hub 6-0:1.0: USB hub found
[  207.901793][T15409] hub 6-0:1.0: 8 ports detected
[  207.927322][T15411] SELinux: security policydb version 17 (MLS) not backwards compatible
[  207.960959][T15411] SELinux: failed to load policy
[  208.093155][T15422] netlink: 'syz.7.4824': attribute type 1 has an invalid length.
[  208.101075][T15422] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4824'.
[  208.124324][T15422] netlink: 'syz.7.4824': attribute type 1 has an invalid length.
[  208.132098][T15422] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4824'.
[  208.800490][T15462] IPv6: Can't replace route, no match found
[  208.822515][T15464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4841'.
[  208.850749][T15464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4841'.
[  208.876506][T15466] SELinux: security policydb version 17 (MLS) not backwards compatible
[  208.885042][T15466] SELinux: failed to load policy
[  208.997295][   T29] kauditd_printk_skb: 199 callbacks suppressed
[  208.997314][   T29] audit: type=1400 audit(209.003:5037): avc:  denied  { create } for  pid=15471 comm="syz.4.4845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.024514][   T29] audit: type=1400 audit(209.033:5038): avc:  denied  { bind } for  pid=15471 comm="syz.4.4845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.043676][   T29] audit: type=1400 audit(209.053:5039): avc:  denied  { write } for  pid=15471 comm="syz.4.4845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.043651][T15472] atomic_op ffff888133764928 conn xmit_atomic 0000000000000000
[  209.222424][T15480] netlink: 'syz.4.4849': attribute type 1 has an invalid length.
[  209.230253][T15480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4849'.
[  209.241063][T15480] netlink: 'syz.4.4849': attribute type 1 has an invalid length.
[  209.248872][T15480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4849'.
[  209.449028][T15498] netlink: 'syz.4.4854': attribute type 10 has an invalid length.
[  209.449908][   T29] audit: type=1400 audit(209.453:5040): avc:  denied  { create } for  pid=15497 comm="syz.4.4854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  209.478874][T15498] team_slave_0: left promiscuous mode
[  209.484449][T15498] team_slave_1: left promiscuous mode
[  209.543467][T15498] team0 (unregistering): Port device team_slave_0 removed
[  209.562262][T15509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4859'.
[  209.571413][T15509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4859'.
[  209.586683][T15498] team0 (unregistering): Port device team_slave_1 removed
[  209.623552][T15507] bridge0: port 3(vlan0) entered blocking state
[  209.629906][T15507] bridge0: port 3(vlan0) entered disabled state
[  209.644396][T15507] vlan0: entered allmulticast mode
[  209.649637][T15507] bridge0: entered allmulticast mode
[  209.656364][T15507] vlan0: left allmulticast mode
[  209.661269][T15507] bridge0: left allmulticast mode
[  209.795068][   T29] audit: type=1400 audit(209.793:5041): avc:  denied  { firmware_load } for  pid=15531 comm="syz.1.4869" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  209.858434][   T29] audit: type=1400 audit(209.863:5042): avc:  denied  { ioctl } for  pid=15542 comm="syz.4.4873" path="socket:[44586]" dev="sockfs" ino=44586 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  209.896159][T15551] netlink: 'syz.1.4875': attribute type 10 has an invalid length.
[  209.905977][T15551] team_slave_0: left promiscuous mode
[  209.911512][T15551] team_slave_1: left promiscuous mode
[  209.936681][T15551] team0 (unregistering): Port device team_slave_0 removed
[  209.945853][T15551] team0 (unregistering): Port device team_slave_1 removed
[  209.960215][T15557] bridge0: port 3(vlan2) entered blocking state
[  209.966653][T15557] bridge0: port 3(vlan2) entered disabled state
[  209.973907][T15557] vlan2: entered allmulticast mode
[  209.979049][T15557] bridge0: entered allmulticast mode
[  209.985089][T15557] vlan2: left allmulticast mode
[  209.990041][T15557] bridge0: left allmulticast mode
[  210.404685][T15567] loop4: detected capacity change from 0 to 1024
[  210.412473][T15567] EXT4-fs: Ignoring removed i_version option
[  210.418868][T15567] EXT4-fs: Ignoring removed orlov option
[  210.437619][T15567] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  210.452685][   T29] audit: type=1326 audit(210.453:5043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15574 comm="syz.1.4887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  210.475815][   T29] audit: type=1326 audit(210.453:5044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15574 comm="syz.1.4887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  210.475927][   T29] audit: type=1326 audit(210.453:5045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15574 comm="syz.1.4887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  210.475959][   T29] audit: type=1326 audit(210.453:5046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15574 comm="syz.1.4887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  210.556821][T15567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.569733][T15579] atomic_op ffff88810368d128 conn xmit_atomic 0000000000000000
[  210.589212][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.654715][T15598] netlink: 'syz.0.4897': attribute type 10 has an invalid length.
[  210.708015][T15605] can0: slcan on ttyS3.
[  210.773121][T15605] can0 (unregistered): slcan off ttyS3.
[  210.850305][T15619] atomic_op ffff88810368ed28 conn xmit_atomic 0000000000000000
[  211.886056][T15700] syzkaller0: tun_chr_ioctl cmd 2147767520
[  211.914409][T15702] can0: slcan on ttyS3.
[  211.991248][T15702] can0 (unregistered): slcan off ttyS3.
[  212.774768][T15727] netdevsim netdevsim7: Direct firmware load for 0.� failed with error -2
[  212.871122][T15745] syzkaller0: tun_chr_ioctl cmd 2147767520
[  213.109695][T15775] netdevsim netdevsim0: Direct firmware load for 0.� failed with error -2
[  213.129901][T15777] loop2: detected capacity change from 0 to 512
[  213.144454][T15777] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  213.159359][T15777] EXT4-fs (loop2): mount failed
[  213.200369][T15787] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) !
[  213.523816][T15792] syzkaller0: tun_chr_ioctl cmd 2147767520
[  213.592333][T15805] can0: slcan on ttyS3.
[  213.607834][T15807] netdevsim netdevsim1: Direct firmware load for 0.� failed with error -2
[  213.652741][T15805] can0 (unregistered): slcan off ttyS3.
[  214.094688][   T29] kauditd_printk_skb: 73 callbacks suppressed
[  214.094706][   T29] audit: type=1326 audit(214.103:5119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.097828][T15838] loop7: detected capacity change from 0 to 512
[  214.100879][   T29] audit: type=1326 audit(214.103:5120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.124717][T15838] journal_path: Non-blockdev passed as './bus'
[  214.130172][   T29] audit: type=1326 audit(214.103:5121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.153165][T15838] EXT4-fs: error: could not find journal device path
[  214.159218][   T29] audit: type=1326 audit(214.103:5122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.211821][   T29] audit: type=1326 audit(214.103:5123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.234863][   T29] audit: type=1326 audit(214.103:5124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  214.257839][   T29] audit: type=1326 audit(214.103:5125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7feed880ec23 code=0x7ffc0000
[  214.281209][   T29] audit: type=1326 audit(214.103:5126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7feed880d69f code=0x7ffc0000
[  214.304066][   T29] audit: type=1326 audit(214.103:5127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7feed880ec77 code=0x7ffc0000
[  214.327064][   T29] audit: type=1326 audit(214.103:5128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15836 comm="syz.7.5009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feed880d550 code=0x7ffc0000
[  214.350682][T15843] netdevsim netdevsim2: Direct firmware load for 0.� failed with error -2
[  214.491059][T15854] can0: slcan on ttyS3.
[  214.553026][T15854] can0 (unregistered): slcan off ttyS3.
[  215.066001][T15883] loop2: detected capacity change from 0 to 512
[  215.074779][T15883] journal_path: Non-blockdev passed as './bus'
[  215.081178][T15883] EXT4-fs: error: could not find journal device path
[  215.090033][T15887] netdevsim netdevsim4: Direct firmware load for 0.� failed with error -2
[  215.103519][T15891] __nla_validate_parse: 18 callbacks suppressed
[  215.103536][T15891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5030'.
[  215.222121][T15906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5027'.
[  215.231185][T15906] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5027'.
[  215.351698][T15920] netdevsim netdevsim0: Direct firmware load for 0.� failed with error -2
[  215.434596][T15933] pim6reg1: entered promiscuous mode
[  215.439954][T15933] pim6reg1: entered allmulticast mode
[  216.037255][T15950] netdevsim netdevsim2: Direct firmware load for 0.� failed with error -2
[  216.069606][T15952] loop4: detected capacity change from 0 to 512
[  216.076578][T15952] journal_path: Non-blockdev passed as './bus'
[  216.082802][T15952] EXT4-fs: error: could not find journal device path
[  216.231275][T15981] netlink: 3 bytes leftover after parsing attributes in process `syz.4.5059'.
[  216.240751][T15983] pim6reg1: entered promiscuous mode
[  216.246128][T15983] pim6reg1: entered allmulticast mode
[  216.262371][T15981] 0猉功�: renamed from caif0
[  216.269908][T15981] 0猉功�: entered allmulticast mode
[  216.275250][T15981] A link change request failed with some changes committed already. Interface 
60猉功� may have been left with an inconsistent configuration, please check.
[  216.448335][T16008] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5069'.
[  216.457332][T16008] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5069'.
[  216.547980][T16020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5074'.
[  216.663521][T16024] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5076'.
[  216.672548][T16024] 0猉功�: renamed from caif0
[  216.680299][T16024] 0猉功�: entered allmulticast mode
[  216.685566][T16024] A link change request failed with some changes committed already. Interface 
60猉功� may have been left with an inconsistent configuration, please check.
[  216.745904][T16030] pim6reg1: entered promiscuous mode
[  216.751209][T16030] pim6reg1: entered allmulticast mode
[  216.782163][T16032] macvtap0: refused to change device tx_queue_len
[  217.308441][T16058] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5090'.
[  217.459962][T16075] macvtap0: refused to change device tx_queue_len
[  217.541191][T16086] netlink: 'syz.0.5117': attribute type 4 has an invalid length.
[  217.593581][T16092] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=25 sclass=netlink_audit_socket pid=16092 comm=syz.0.5109
[  217.618389][T16094] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5107'.
[  217.651106][T16096] loop4: detected capacity change from 0 to 512
[  217.670784][T16096] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.695507][T16096] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  217.724407][T16096] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  217.757324][T16096] EXT4-fs (loop4): Remounting filesystem read-only
[  217.778002][T16096] EXT4-fs (loop4): 1 truncate cleaned up
[  217.794896][T16096] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.902946][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.158503][T16160] netlink: 'syz.1.5148': attribute type 4 has an invalid length.
[  218.282371][T16180] loop2: detected capacity change from 0 to 512
[  218.298662][T16180] EXT4-fs: Ignoring removed nomblk_io_submit option
[  218.315802][T16180] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  218.339589][T16180] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  218.360247][T16180] EXT4-fs (loop2): Remounting filesystem read-only
[  218.367982][T16180] EXT4-fs (loop2): 1 truncate cleaned up
[  218.374171][T16180] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.423674][ T8728] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.270542][   T29] kauditd_printk_skb: 131 callbacks suppressed
[  219.270560][   T29] audit: type=1326 audit(219.273:5260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.305794][   T29] audit: type=1326 audit(219.273:5261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.328756][   T29] audit: type=1326 audit(219.313:5262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.351578][   T29] audit: type=1326 audit(219.313:5263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.375008][   T29] audit: type=1326 audit(219.313:5264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.410422][   T29] audit: type=1326 audit(219.313:5265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.433800][   T29] audit: type=1326 audit(219.313:5266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.456814][   T29] audit: type=1326 audit(219.313:5267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.479821][   T29] audit: type=1326 audit(219.403:5268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.502816][   T29] audit: type=1326 audit(219.403:5269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16234 comm="syz.7.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feed880ebe9 code=0x7ffc0000
[  219.790375][T10723] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.858586][T10723] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.947444][T10723] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.036718][T10723] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.122343][T10723] bridge_slave_1: left allmulticast mode
[  220.128126][T10723] bridge_slave_1: left promiscuous mode
[  220.133969][T10723] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.157630][T10723] bridge_slave_0: left allmulticast mode
[  220.163436][T10723] bridge_slave_0: left promiscuous mode
[  220.169133][T10723] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.257568][T10723] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.267651][T10723] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.278959][T10723] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  220.289351][T10723] bond0 (unregistering): Released all slaves
[  220.410671][T10723] hsr_slave_0: left promiscuous mode
[  220.416895][T10723] hsr_slave_1: left promiscuous mode
[  220.422606][T10723] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  220.430079][T10723] batman_adv: batadv0: Removing interface: batadv_slave_0
[  220.438464][T10723] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.445971][T10723] batman_adv: batadv0: Removing interface: batadv_slave_1
[  220.456329][T10723] veth1_macvtap: left promiscuous mode
[  220.461859][T10723] veth0_macvtap: left promiscuous mode
[  220.467571][T10723] veth1_vlan: left promiscuous mode
[  220.472982][T10723] veth0_vlan: left promiscuous mode
[  220.534971][T10723] team0 (unregistering): Port device team_slave_1 removed
[  220.544662][T10723] team0 (unregistering): Port device team_slave_0 removed
[  220.646271][T16281] chnl_net:caif_netlink_parms(): no params data found
[  220.691994][T16281] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.699437][T16281] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.706640][T16281] bridge_slave_0: entered allmulticast mode
[  220.713230][T16281] bridge_slave_0: entered promiscuous mode
[  220.724627][T16281] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.731835][T16281] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.739682][T16281] bridge_slave_1: entered allmulticast mode
[  220.746202][T16281] bridge_slave_1: entered promiscuous mode
[  220.770681][T16281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  220.781171][T16281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  220.797780][T16303] chnl_net:caif_netlink_parms(): no params data found
[  220.816362][T16281] team0: Port device team_slave_0 added
[  220.825506][T16281] team0: Port device team_slave_1 added
[  220.851786][T16281] batman_adv: batadv0: Adding interface: batadv_slave_0
[  220.858802][T16281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.884898][T16281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  220.898657][T16281] batman_adv: batadv0: Adding interface: batadv_slave_1
[  220.905790][T16281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  220.931878][T16281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.956910][T16303] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.964039][T16303] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.971200][T16303] bridge_slave_0: entered allmulticast mode
[  220.977880][T16303] bridge_slave_0: entered promiscuous mode
[  220.984671][T16303] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.991752][T16303] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.999278][T16303] bridge_slave_1: entered allmulticast mode
[  221.005763][T16303] bridge_slave_1: entered promiscuous mode
[  221.029071][T16281] hsr_slave_0: entered promiscuous mode
[  221.035155][T16281] hsr_slave_1: entered promiscuous mode
[  221.041099][T16281] debugfs: 'hsr0' already exists in 'hsr'
[  221.046864][T16281] Cannot create hsr debugfs directory
[  221.058835][T16303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.069635][T16303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.096533][T16303] team0: Port device team_slave_0 added
[  221.108436][T16303] team0: Port device team_slave_1 added
[  221.117555][T10729] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.148387][T16303] batman_adv: batadv0: Adding interface: batadv_slave_0
[  221.155394][T16303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.181889][T16303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  221.193898][T10729] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.207892][T16303] batman_adv: batadv0: Adding interface: batadv_slave_1
[  221.214920][T16303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  221.240877][T16303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  221.264247][T10729] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.295936][T16303] hsr_slave_0: entered promiscuous mode
[  221.301901][T16303] hsr_slave_1: entered promiscuous mode
[  221.308132][T16303] debugfs: 'hsr0' already exists in 'hsr'
[  221.313923][T16303] Cannot create hsr debugfs directory
[  221.322518][T10729] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.394081][T10729] dummy0: left allmulticast mode
[  221.399109][T10729] bridge0: port 3(dummy0) entered disabled state
[  221.406205][T10729] bridge_slave_1: left allmulticast mode
[  221.411858][T10729] bridge_slave_1: left promiscuous mode
[  221.417601][T10729] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.425462][T10729] bridge_slave_0: left allmulticast mode
[  221.431142][T10729] bridge_slave_0: left promiscuous mode
[  221.436828][T10729] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.464907][T10729] bond0 (unregistering): (slave geneve2): Releasing active interface
[  221.474837][T10729] team0: Port device geneve1 removed
[  221.514610][T10729] $H� (unregistering): (slave bond_slave_0): Releasing backup interface
[  221.523467][T10729] bond_slave_0: left promiscuous mode
[  221.529432][T10729] $H� (unregistering): (slave bond_slave_1): Releasing backup interface
[  221.538579][T10729] bond_slave_1: left promiscuous mode
[  221.544312][T10729] $H� (unregistering): Released all slaves
[  221.553033][T10729] bond1 (unregistering): (slave vxcan3): Releasing backup interface
[  221.561096][T10729] vxcan3: left promiscuous mode
[  221.566831][T10729] bond1 (unregistering): Released all slaves
[  221.574958][T10729] bond0 (unregistering): Released all slaves
[  221.583156][T10729] bond2 (unregistering): Released all slaves
[  221.615840][T10729] tipc: Left network mode
[  221.637248][T10729] hsr_slave_0: left promiscuous mode
[  221.643840][T10729] hsr_slave_1: left promiscuous mode
[  221.649440][T10729] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.681293][T10729] team0 (unregistering): Port device team_slave_1 removed
[  221.691496][T10729] team0 (unregistering): Port device team_slave_0 removed
[  221.788598][T16281] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  221.797434][T16281] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  221.806600][T16281] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  221.817861][T16281] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  221.838519][T16303] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  221.847248][T16303] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  221.857176][T16303] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  221.866613][T16303] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  221.916548][T16281] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.927324][T10729] IPVS: stop unused estimator thread 0...
[  221.929376][T16281] 8021q: adding VLAN 0 to HW filter on device team0
[  221.949836][T10741] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.956968][T10741] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.974642][T16303] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.985492][T10737] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.992584][T10737] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.011327][T16303] 8021q: adding VLAN 0 to HW filter on device team0
[  222.028335][T10733] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.035431][T10733] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.044500][T10733] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.051553][T10733] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.132076][T16281] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.141774][T16303] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.261521][T16281] veth0_vlan: entered promiscuous mode
[  222.274614][T16281] veth1_vlan: entered promiscuous mode
[  222.292577][T16303] veth0_vlan: entered promiscuous mode
[  222.303872][T16303] veth1_vlan: entered promiscuous mode
[  222.310368][T16281] veth0_macvtap: entered promiscuous mode
[  222.323725][T16303] veth0_macvtap: entered promiscuous mode
[  222.333895][T16281] veth1_macvtap: entered promiscuous mode
[  222.342276][T16303] veth1_macvtap: entered promiscuous mode
[  222.356031][T16281] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.366781][T16281] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.376634][T16303] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.387838][T10741] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.400338][T10741] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.409560][T10741] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.419697][T10741] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.430654][T16303] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.445920][T10733] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.456853][T10733] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.470176][T10733] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.482635][T10733] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.697751][T16418] __nla_validate_parse: 1 callbacks suppressed
[  222.697765][T16418] netlink: 256 bytes leftover after parsing attributes in process `syz.7.5220'.
[  222.903135][T16400] chnl_net:caif_netlink_parms(): no params data found
[  223.003362][T16400] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.010480][T16400] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.033747][T16400] bridge_slave_0: entered allmulticast mode
[  223.047025][T16400] bridge_slave_0: entered promiscuous mode
[  223.062071][T16400] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.069255][T16400] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.159234][T16400] bridge_slave_1: entered allmulticast mode
[  223.166064][T16400] bridge_slave_1: entered promiscuous mode
[  223.191794][T16400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  223.206482][T16400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  223.245435][T16400] team0: Port device team_slave_0 added
[  223.252083][T16400] team0: Port device team_slave_1 added
[  223.283626][T16400] batman_adv: batadv0: Adding interface: batadv_slave_0
[  223.290613][T16400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.316677][T16400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.330969][T16400] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.338148][T16400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.366829][T16400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.405048][T16400] hsr_slave_0: entered promiscuous mode
[  223.411569][T16400] hsr_slave_1: entered promiscuous mode
[  223.520605][T16400] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  223.531059][T16400] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.589763][T16455] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5236'.
[  223.608698][T16400] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  223.619129][T16400] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.685751][T16400] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  223.696219][T16400] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.765834][T16400] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  223.776294][T16400] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.837584][T16473] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  223.837584][T16473]    program syz.1.5244 not setting count and/or reply_len properly
[  223.861622][T16475] IPv6: Can't replace route, no match found
[  223.912433][T16458] loop4: detected capacity change from 0 to 32768
[  223.923954][T16481] program syz.7.5248 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  223.929679][T16400] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  223.935573][T16481] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  223.950952][T16400] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  223.961580][T16400] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  223.972961][T16458]  loop4: p1 p3 < >
[  223.979406][T16400] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  224.089705][T16400] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.113887][T16400] 8021q: adding VLAN 0 to HW filter on device team0
[  224.122033][T16502] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5256'.
[  224.136553][T16502] 0{X功: renamed from gretap0 (while UP)
[  224.154883][T16502] 0{X功: entered allmulticast mode
[  224.166584][T16502] A link change request failed with some changes committed already. Interface 
30{X功 may have been left with an inconsistent configuration, please check.
[  224.183322][T10723] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.190457][T10723] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.207114][T16506] loop4: detected capacity change from 0 to 8192
[  224.214704][T10723] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.221927][T10723] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.235573][T16506] bio_check_eod: 101 callbacks suppressed
[  224.235593][T16506] syz.4.5251: attempt to access beyond end of device
[  224.235593][T16506] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  224.260612][T16506] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  224.268586][T16506] FAT-fs (loop4): Filesystem has been set read-only
[  224.277209][T16510] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  224.287032][T16510] block device autoloading is deprecated and will be removed.
[  224.296003][T16506] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  224.305993][T16506] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  224.370860][T16400] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.387129][T16524] loop7: detected capacity change from 0 to 512
[  224.403921][T16524] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  224.431325][T16524] EXT4-fs (loop7): 1 truncate cleaned up
[  224.445323][T16524] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.460350][   T29] kauditd_printk_skb: 46 callbacks suppressed
[  224.460366][   T29] audit: type=1400 audit(224.463:5316): avc:  denied  { add_name } for  pid=16521 comm="syz.7.5263" name="blkio.bfq.io_wait_time_recursive" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  224.494817][   T29] audit: type=1400 audit(224.463:5317): avc:  denied  { create } for  pid=16521 comm="syz.7.5263" name="blkio.bfq.io_wait_time_recursive" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  224.517038][   T29] audit: type=1400 audit(224.463:5318): avc:  denied  { read append open } for  pid=16521 comm="syz.7.5263" path="/26/file1/blkio.bfq.io_wait_time_recursive" dev="loop7" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  224.542630][   T29] audit: type=1400 audit(224.463:5319): avc:  denied  { map } for  pid=16521 comm="syz.7.5263" path="/26/file1/blkio.bfq.io_wait_time_recursive" dev="loop7" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  224.546139][T16281] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.567076][   T29] audit: type=1400 audit(224.463:5320): avc:  denied  { write } for  pid=16521 comm="syz.7.5263" path="/26/file1/blkio.bfq.io_wait_time_recursive" dev="loop7" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  224.604128][T16400] veth0_vlan: entered promiscuous mode
[  224.616721][   T29] audit: type=1400 audit(224.623:5321): avc:  denied  { read write } for  pid=16303 comm="syz-executor" name="loop8" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.640597][   T29] audit: type=1400 audit(224.623:5322): avc:  denied  { open } for  pid=16303 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.664432][   T29] audit: type=1400 audit(224.623:5323): avc:  denied  { ioctl } for  pid=16303 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=108 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  224.702877][T16400] veth1_vlan: entered promiscuous mode
[  224.719788][T16400] veth0_macvtap: entered promiscuous mode
[  224.725903][   T29] audit: type=1400 audit(224.713:5324): avc:  denied  { read write } for  pid=11250 comm="syz-executor" name="loop4" dev="devtmpfs" ino=668 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  224.748757][   T29] audit: type=1400 audit(224.713:5325): avc:  denied  { open } for  pid=11250 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=668 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  224.780287][T16400] veth1_macvtap: entered promiscuous mode
[  224.817822][T16400] batman_adv: batadv0: Interface activated: batadv_slave_0
[  224.841148][T16400] batman_adv: batadv0: Interface activated: batadv_slave_1
[  224.860850][T10733] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  224.870400][T10733] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  224.882253][T16550] program syz.8.5271 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  224.901834][T10733] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  224.904909][T16550] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  224.916501][T10733] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  224.974600][T16554] IPv6: Can't replace route, no match found
[  225.066995][T16570] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  225.066995][T16570]    program syz.7.5281 not setting count and/or reply_len properly
[  225.104430][T16571] loop2: detected capacity change from 0 to 8192
[  225.122558][T16571] syz.2.5280: attempt to access beyond end of device
[  225.122558][T16571] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  225.138279][T16571] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  225.146259][T16571] FAT-fs (loop2): Filesystem has been set read-only
[  225.155442][T16571] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  225.163913][T16571] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1)
[  225.216838][T16578] loop2: detected capacity change from 0 to 512
[  225.224040][T16578] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  225.246660][T16578] EXT4-fs (loop2): 1 truncate cleaned up
[  225.257679][T16578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.294329][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.309907][T16590] netlink: 5 bytes leftover after parsing attributes in process `syz.8.5288'.
[  225.319092][T16590] 0{X功: renamed from gretap0 (while UP)
[  225.326452][T16592] program syz.2.5287 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.327118][T16590] 0{X功: entered allmulticast mode
[  225.341183][T16592] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  225.341950][T16590] A link change request failed with some changes committed already. Interface 
30{X功 may have been left with an inconsistent configuration, please check.
[  225.440488][T16605] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  225.440488][T16605]    program syz.2.5295 not setting count and/or reply_len properly
[  225.473514][T16600] loop8: detected capacity change from 0 to 8192
[  225.484955][T16600] syz.8.5294: attempt to access beyond end of device
[  225.484955][T16600] loop8: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  225.498801][T16600] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  225.506736][T16600] FAT-fs (loop8): Filesystem has been set read-only
[  225.516926][T16600] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  225.524991][T16600] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1)
[  225.817042][T16619] program syz.1.5301 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.827140][T16619] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  225.917412][T16628] netlink: 5 bytes leftover after parsing attributes in process `syz.7.5303'.
[  225.928773][T16628] 0{X功: renamed from gretap0 (while UP)
[  225.950508][T16628] 0{X功: entered allmulticast mode
[  225.970455][T16628] A link change request failed with some changes committed already. Interface 
30{X功 may have been left with an inconsistent configuration, please check.
[  226.105404][T16636] netlink: 256 bytes leftover after parsing attributes in process `syz.1.5306'.
[  226.292067][T16645] loop7: detected capacity change from 0 to 8192
[  226.345987][T16645] syz.7.5310: attempt to access beyond end of device
[  226.345987][T16645] loop7: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  226.363726][T16655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5315'.
[  226.372239][T16645] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  226.380646][T16645] FAT-fs (loop7): Filesystem has been set read-only
[  226.394983][T16655] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5315'.
[  226.406927][T16645] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  226.426560][T16645] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  226.651728][T16670] loop7: detected capacity change from 0 to 32768
[  226.692977][T16670]  loop7: p1 p3 < >
[  227.305232][T16684] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5324'.
[  227.685088][T16731] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  227.876822][T16728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.891111][T16728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.520035][T16778] loop8: detected capacity change from 0 to 512
[  228.538630][T16778] EXT4-fs error (device loop8): ext4_iget_extra_inode:5104: inode #15: comm syz.8.5370: corrupted in-inode xattr: invalid ea_ino
[  228.555661][T16778] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.5370: couldn't read orphan inode 15 (err -117)
[  228.572133][T16778] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.605209][T16303] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.971729][T16818] loop2: detected capacity change from 0 to 512
[  228.985011][T16818] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.5387: corrupted in-inode xattr: invalid ea_ino
[  228.999954][T16818] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.5387: couldn't read orphan inode 15 (err -117)
[  229.012594][T16818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.037717][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.087460][T16827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.096596][T16827] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.281715][T16834] loop4: detected capacity change from 0 to 128
[  229.290679][T16834] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  229.306597][T16834] SELinux: security_context_str_to_sid (麖$i彧��qr沭镥煁A�?U繁<{讟'�5?}}觲踔�z氙-&阶揬k稯�裴齱v7�婉误c鴹��?5羸'Qo濅恿黶m渣S娑醶酎�=�薵羰痗�) failed with errno=-22
[  229.527277][T16857] loop4: detected capacity change from 0 to 512
[  229.536551][T16857] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.5401: corrupted in-inode xattr: invalid ea_ino
[  229.550551][   T29] kauditd_printk_skb: 249 callbacks suppressed
[  229.550568][   T29] audit: type=1326 audit(229.553:5575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16804 comm="syz.7.5381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06bed1ebe9 code=0x7fc00000
[  229.580529][T16857] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.5401: couldn't read orphan inode 15 (err -117)
[  229.598548][T16857] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.628596][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.652701][   T29] audit: type=1400 audit(229.653:5576): avc:  denied  { create } for  pid=16861 comm="syz.1.5403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  229.671991][   T29] audit: type=1400 audit(229.653:5577): avc:  denied  { ioctl } for  pid=16861 comm="syz.1.5403" path="socket:[50499]" dev="sockfs" ino=50499 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  229.962768][   T29] audit: type=1400 audit(229.963:5578): avc:  denied  { compute_member } for  pid=16883 comm="syz.7.5413" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  230.031013][   T29] audit: type=1400 audit(230.033:5579): avc:  denied  { read write } for  pid=16281 comm="syz-executor" name="loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  230.054806][   T29] audit: type=1400 audit(230.033:5580): avc:  denied  { open } for  pid=16281 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  230.078570][   T29] audit: type=1400 audit(230.033:5581): avc:  denied  { ioctl } for  pid=16281 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=107 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  230.104517][   T29] audit: type=1400 audit(230.033:5582): avc:  denied  { map_create } for  pid=16889 comm="syz.7.5416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  230.123350][   T29] audit: type=1400 audit(230.033:5583): avc:  denied  { bpf } for  pid=16889 comm="syz.7.5416" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  230.143373][   T29] audit: type=1400 audit(230.033:5584): avc:  denied  { map_read map_write } for  pid=16889 comm="syz.7.5416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  230.165752][T16882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.184207][T16882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.215298][T16894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.229269][T16894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.345560][T16913] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5426'.
[  230.354703][T16913] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5426'.
[  230.363758][T16913] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5426'.
[  230.375160][T16913] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5426'.
[  230.384287][T16913] netlink: 'syz.8.5426': attribute type 6 has an invalid length.
[  230.956627][T16968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.965223][T16968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.330741][T16980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.340315][T16980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.394063][T16990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.402704][T16990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.134915][T17049] netlink: 276 bytes leftover after parsing attributes in process `syz.2.5482'.
[  232.148597][T17048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5483'.
[  232.157863][T17048] netlink: 348 bytes leftover after parsing attributes in process `syz.1.5483'.
[  232.167052][T17048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5483'.
[  232.175984][T17048] netlink: 348 bytes leftover after parsing attributes in process `syz.1.5483'.
[  232.194120][T17049] netlink: 276 bytes leftover after parsing attributes in process `syz.2.5482'.
[  232.393005][T17068] ref_ctr_offset mismatch. inode: 0x7ff offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6
[  232.545975][T17082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.569624][T17082] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.354609][T17156] usb usb1: usbfs: process 17156 (syz.1.5525) did not claim interface 4 before use
[  234.566019][   T29] kauditd_printk_skb: 262 callbacks suppressed
[  234.566037][   T29] audit: type=1400 audit(234.573:5847): avc:  denied  { write } for  pid=17256 comm="syz.2.5569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  235.002968][   T29] audit: type=1326 audit(235.003:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.026066][   T29] audit: type=1326 audit(235.003:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.049137][   T29] audit: type=1326 audit(235.003:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.072293][   T29] audit: type=1326 audit(235.003:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.095385][   T29] audit: type=1326 audit(235.003:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.118352][   T29] audit: type=1326 audit(235.003:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.141538][   T29] audit: type=1326 audit(235.003:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.164569][   T29] audit: type=1326 audit(235.003:5855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.187603][   T29] audit: type=1326 audit(235.003:5856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17292 comm="syz.8.5585" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa84944ebe9 code=0x7ffc0000
[  235.321614][T17310] loop7: detected capacity change from 0 to 512
[  235.348674][T17310] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.376671][T17310] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #4: comm syz.7.5592: corrupted inode contents
[  235.403857][T17310] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #4: comm syz.7.5592: mark_inode_dirty error
[  235.405142][T17317] netlink: 'syz.8.5594': attribute type 21 has an invalid length.
[  235.423171][T17317] __nla_validate_parse: 38 callbacks suppressed
[  235.423190][T17317] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5594'.
[  235.471912][T17310] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #4: comm syz.7.5592: corrupted inode contents
[  235.498224][T17310] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #4: comm syz.7.5592: mark_inode_dirty error
[  235.516681][T17317] netlink: 'syz.8.5594': attribute type 21 has an invalid length.
[  235.524639][T17317] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5594'.
[  235.535508][T10733] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  235.544757][T17310] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.5592: Failed to acquire dquot type 1
[  235.557635][T10733] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  235.569081][T10733] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  235.580375][T10733] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  235.612982][T16281] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.314316][T17369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5613'.
[  236.323340][T17369] netlink: 'syz.4.5613': attribute type 30 has an invalid length.
[  236.395521][T17381] loop2: detected capacity change from 0 to 512
[  236.414914][T17381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.443795][T17381] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.5622: corrupted inode contents
[  236.457570][T17381] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #4: comm syz.2.5622: mark_inode_dirty error
[  236.469377][T17381] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.5622: corrupted inode contents
[  236.483558][T17381] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #4: comm syz.2.5622: mark_inode_dirty error
[  236.496171][T17381] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.5622: Failed to acquire dquot type 1
[  236.543876][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.689571][T17424] loop4: detected capacity change from 0 to 512
[  236.707771][T17424] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.743638][T17424] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #4: comm syz.4.5641: corrupted inode contents
[  236.756578][T17424] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #4: comm syz.4.5641: mark_inode_dirty error
[  236.771039][T17424] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #4: comm syz.4.5641: corrupted inode contents
[  236.820393][T17424] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #4: comm syz.4.5641: mark_inode_dirty error
[  236.837166][T17424] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.5641: Failed to acquire dquot type 1
[  236.890088][T17441] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5646'.
[  236.899180][T17441] netlink: 'syz.7.5646': attribute type 30 has an invalid length.
[  236.931421][T10737] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  236.953327][T10741] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  236.963428][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.977039][T10741] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  237.001688][T10741] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  237.376007][T17474] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5672'.
[  237.534077][T17481] loop4: detected capacity change from 0 to 512
[  237.565601][T17481] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.633199][T17493] 9pnet_fd: Insufficient options for proto=fd
[  237.664403][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.795144][T17518] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5682'.
[  238.091574][T17565] 9pnet_fd: Insufficient options for proto=fd
[  238.372216][T17588] vhci_hcd: invalid port number 23
[  238.427630][T17595] 9pnet: Could not find request transport: f
[  238.493460][T17603] bridge0: entered promiscuous mode
[  238.500593][T17603] bridge0: port 3(macsec1) entered blocking state
[  238.507159][T17603] bridge0: port 3(macsec1) entered disabled state
[  238.514485][T17603] macsec1: entered allmulticast mode
[  238.519815][T17603] bridge0: entered allmulticast mode
[  238.543931][T17603] macsec1: left allmulticast mode
[  238.549074][T17603] bridge0: left allmulticast mode
[  238.565439][T17603] bridge0: left promiscuous mode
[  238.580624][T17609] 9pnet_fd: Insufficient options for proto=fd
[  238.670555][T17620] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5729'.
[  238.679729][T17620] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5729'.
[  238.691358][T17620] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5729'.
[  238.700896][T17620] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5729'.
[  239.929815][   T29] kauditd_printk_skb: 215 callbacks suppressed
[  239.929834][   T29] audit: type=1400 audit(239.933:6063): avc:  denied  { create } for  pid=17718 comm="syz.2.5776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  239.958932][   T29] audit: type=1400 audit(239.943:6064): avc:  denied  { connect } for  pid=17718 comm="syz.2.5776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  239.978142][   T29] audit: type=1400 audit(239.963:6065): avc:  denied  { write } for  pid=17718 comm="syz.2.5776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  240.064240][   T29] audit: type=1400 audit(240.053:6066): avc:  denied  { create } for  pid=17730 comm="syz.2.5781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  240.083394][   T29] audit: type=1400 audit(240.053:6067): avc:  denied  { connect } for  pid=17730 comm="syz.2.5781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  240.106237][   T29] audit: type=1400 audit(240.093:6068): avc:  denied  { name_bind } for  pid=17724 comm="syz.1.5777" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  240.119742][T17735] netlink: 'syz.8.5778': attribute type 5 has an invalid length.
[  240.166532][T17742] bridge0: entered promiscuous mode
[  240.173252][T17742] bridge0: port 3(macsec1) entered blocking state
[  240.179761][T17742] bridge0: port 3(macsec1) entered disabled state
[  240.187552][T17742] macsec1: entered allmulticast mode
[  240.192912][T17742] bridge0: entered allmulticast mode
[  240.210525][T17742] macsec1: left allmulticast mode
[  240.215632][T17742] bridge0: left allmulticast mode
[  240.221924][T17742] bridge0: left promiscuous mode
[  240.459047][T17768] smc: net device bond0 applied user defined pnetid SYZ0
[  240.467981][T17768] smc: net device bond0 erased user defined pnetid SYZ0
[  240.511284][T17776] netlink: 'syz.7.5797': attribute type 5 has an invalid length.
[  240.615321][T17785] bridge0: entered promiscuous mode
[  240.634657][T17785] bridge0: port 3(macsec1) entered blocking state
[  240.641134][T17785] bridge0: port 3(macsec1) entered disabled state
[  240.671092][T17785] macsec1: entered allmulticast mode
[  240.676474][T17785] bridge0: entered allmulticast mode
[  240.692188][T17785] macsec1: left allmulticast mode
[  240.697317][T17785] bridge0: left allmulticast mode
[  240.713735][T17785] bridge0: left promiscuous mode
[  240.799468][   T29] audit: type=1400 audit(240.803:6069): avc:  denied  { read } for  pid=17791 comm="syz.8.5801" name="mISDNtimer" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  240.822145][   T29] audit: type=1400 audit(240.803:6070): avc:  denied  { open } for  pid=17791 comm="syz.8.5801" path="/dev/mISDNtimer" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  240.846759][T17792] loop7: detected capacity change from 0 to 512
[  240.876650][T17792] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.892425][   T29] audit: type=1400 audit(240.903:6071): avc:  denied  { map } for  pid=17789 comm="syz.7.5814" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  240.916173][T17802] loop8: detected capacity change from 0 to 256
[  240.925886][   T29] audit: type=1400 audit(240.903:6072): avc:  denied  { ioctl } for  pid=17801 comm="syz.8.5805" path="socket:[52134]" dev="sockfs" ino=52134 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  240.984344][T16281] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.022278][T17813] netlink: 'syz.2.5812': attribute type 5 has an invalid length.
[  241.048859][T17814] __nla_validate_parse: 6 callbacks suppressed
[  241.048877][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5822'.
[  241.064239][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5822'.
[  241.182596][T17829] bridge0: entered promiscuous mode
[  241.202298][T17829] bridge0: port 3(macsec1) entered blocking state
[  241.208864][T17829] bridge0: port 3(macsec1) entered disabled state
[  241.218451][T17829] macsec1: entered allmulticast mode
[  241.223981][T17829] bridge0: entered allmulticast mode
[  241.240068][T17829] macsec1: left allmulticast mode
[  241.245221][T17829] bridge0: left allmulticast mode
[  241.272964][T17829] bridge0: left promiscuous mode
[  241.390494][T17848] loop2: detected capacity change from 0 to 2048
[  241.404931][T17846] bridge0: entered promiscuous mode
[  241.411728][T17846] bridge0: port 3(macsec1) entered blocking state
[  241.412625][T17848] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.418356][T17846] bridge0: port 3(macsec1) entered disabled state
[  241.437273][T17848] EXT4-fs (loop2): shut down requested (0)
[  241.443417][T17846] macsec1: entered allmulticast mode
[  241.448752][T17846] bridge0: entered allmulticast mode
[  241.454923][T17846] macsec1: left allmulticast mode
[  241.460011][T17846] bridge0: left allmulticast mode
[  241.473416][T17846] bridge0: left promiscuous mode
[  241.480341][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.708494][T17890] bridge0: entered promiscuous mode
[  241.715583][T17890] bridge0: port 3(macsec1) entered blocking state
[  241.722074][T17890] bridge0: port 3(macsec1) entered disabled state
[  241.728945][T17890] macsec1: entered allmulticast mode
[  241.734343][T17890] bridge0: entered allmulticast mode
[  241.740507][T17890] macsec1: left allmulticast mode
[  241.745598][T17890] bridge0: left allmulticast mode
[  241.775228][T17890] bridge0: left promiscuous mode
[  241.897589][T17916] loop8: detected capacity change from 0 to 512
[  241.910948][T17916] EXT4-fs warning (device loop8): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  241.922526][T17916] EXT4-fs warning (device loop8): dx_probe:849: Enable large directory feature to access it
[  241.932709][T17916] EXT4-fs warning (device loop8): dx_probe:934: inode #2: comm syz.8.5852: Corrupt directory, running e2fsck is recommended
[  241.949038][T17916] EXT4-fs (loop8): Cannot turn on journaled quota: type 1: error -117
[  241.958207][T17920] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in;
[  241.958207][T17920]    program syz.1.5853 not setting count and/or reply_len properly
[  241.975996][T17916] EXT4-fs error (device loop8): ext4_iget_extra_inode:5104: inode #15: comm syz.8.5852: corrupted in-inode xattr: invalid ea_ino
[  241.989607][T17916] EXT4-fs error (device loop8): ext4_orphan_get:1397: comm syz.8.5852: couldn't read orphan inode 15 (err -117)
[  242.002344][T17916] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.018298][T17916] EXT4-fs warning (device loop8): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  242.029976][T17916] EXT4-fs warning (device loop8): dx_probe:849: Enable large directory feature to access it
[  242.040099][T17916] EXT4-fs warning (device loop8): dx_probe:934: inode #2: comm syz.8.5852: Corrupt directory, running e2fsck is recommended
[  242.054670][T17916] EXT4-fs warning (device loop8): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  242.066232][T17916] EXT4-fs warning (device loop8): dx_probe:849: Enable large directory feature to access it
[  242.076453][T17916] EXT4-fs warning (device loop8): dx_probe:934: inode #2: comm syz.8.5852: Corrupt directory, running e2fsck is recommended
[  242.102889][T17916] EXT4-fs warning (device loop8): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  242.114437][T17916] EXT4-fs warning (device loop8): dx_probe:849: Enable large directory feature to access it
[  242.124572][T17916] EXT4-fs warning (device loop8): dx_probe:934: inode #2: comm syz.8.5852: Corrupt directory, running e2fsck is recommended
[  242.138044][T17924] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5855'.
[  242.146958][T17924] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5855'.
[  242.156542][T17929] EXT4-fs warning (device loop8): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  242.235108][T16303] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.263141][T17942] bridge0: entered promiscuous mode
[  242.269922][T17942] bridge0: port 3(macsec1) entered blocking state
[  242.276458][T17942] bridge0: port 3(macsec1) entered disabled state
[  242.283321][T17942] macsec1: entered allmulticast mode
[  242.288648][T17942] bridge0: entered allmulticast mode
[  242.309158][T17942] macsec1: left allmulticast mode
[  242.314360][T17942] bridge0: left allmulticast mode
[  242.333838][T17942] bridge0: left promiscuous mode
[  242.368273][T17947] loop7: detected capacity change from 0 to 128
[  242.421795][T17936] syz.7.5860: attempt to access beyond end of device
[  242.421795][T17936] loop7: rw=2049, sector=145, nr_sectors = 896 limit=128
[  242.699160][T17972] loop2: detected capacity change from 0 to 512
[  242.712070][T17972] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  242.749598][T17978] bridge0: entered promiscuous mode
[  242.757693][T17978] bridge0: port 3(macsec1) entered blocking state
[  242.764349][T17978] bridge0: port 3(macsec1) entered disabled state
[  242.773787][T17972] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.788410][T17978] macsec1: entered allmulticast mode
[  242.793822][T17978] bridge0: entered allmulticast mode
[  242.800105][T17978] macsec1: left allmulticast mode
[  242.805218][T17978] bridge0: left allmulticast mode
[  242.813822][T17978] bridge0: left promiscuous mode
[  242.820294][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.922986][T17996] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5885'.
[  243.392800][T18021] bridge0: entered promiscuous mode
[  243.399818][T18021] bridge0: port 3(macsec1) entered blocking state
[  243.406544][T18021] bridge0: port 3(macsec1) entered disabled state
[  243.413380][T18021] macsec1: entered allmulticast mode
[  243.418828][T18021] bridge0: entered allmulticast mode
[  243.425393][T18021] macsec1: left allmulticast mode
[  243.430442][T18021] bridge0: left allmulticast mode
[  243.437000][T18021] bridge0: left promiscuous mode
[  243.532409][T18034] loop8: detected capacity change from 0 to 1024
[  243.540557][T18034] EXT4-fs: Ignoring removed bh option
[  243.547497][T18034] EXT4-fs: inline encryption not supported
[  243.556866][T18034] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  243.569512][T18034] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  243.585067][T18034] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 2: comm syz.8.5900: lblock 2 mapped to illegal pblock 2 (length 1)
[  243.601805][T18034] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 48: comm syz.8.5900: lblock 0 mapped to illegal pblock 48 (length 1)
[  243.621073][T18034] EXT4-fs error (device loop8): ext4_acquire_dquot:6937: comm syz.8.5900: Failed to acquire dquot type 0
[  243.637525][T18034] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  243.650068][T18034] EXT4-fs error (device loop8): ext4_evict_inode:254: inode #11: comm syz.8.5900: mark_inode_dirty error
[  243.662515][T18034] EXT4-fs warning (device loop8): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  243.675523][T18034] EXT4-fs (loop8): 1 orphan inode deleted
[  243.681831][T18034] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.694638][T10700] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:21: lblock 1 mapped to illegal pblock 1 (length 1)
[  243.712538][T10700] EXT4-fs error (device loop8): ext4_release_dquot:6973: comm kworker/u8:21: Failed to release dquot type 0
[  243.727866][T18034] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.738514][T18034] EXT4-fs error (device loop8): __ext4_get_inode_loc:4861: comm syz.8.5900: Invalid inode table block 1 in block_group 0
[  243.755498][T18034] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  243.766462][T18034] EXT4-fs error (device loop8): ext4_quota_off:7221: inode #3: comm syz.8.5900: mark_inode_dirty error
[  243.787745][T18034] loop8: detected capacity change from 0 to 512
[  243.796696][T18034] ext4: Unknown parameter 'nouser_xattr'
[  244.267756][T18060] bridge0: entered promiscuous mode
[  244.274678][T18060] bridge0: port 3(macsec1) entered blocking state
[  244.281316][T18060] bridge0: port 3(macsec1) entered disabled state
[  244.296374][T18060] macsec1: entered allmulticast mode
[  244.301761][T18060] bridge0: entered allmulticast mode
[  244.307881][T18060] macsec1: left allmulticast mode
[  244.313424][T18060] bridge0: left allmulticast mode
[  244.324823][T18060] bridge0: left promiscuous mode
[  244.335826][  T115] bridge_slave_1: left allmulticast mode
[  244.341495][  T115] bridge_slave_1: left promiscuous mode
[  244.347256][  T115] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.355119][  T115] bridge_slave_0: left allmulticast mode
[  244.360840][  T115] bridge_slave_0: left promiscuous mode
[  244.366704][  T115] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.426162][  T115] bond1 (unregistering): (slave geneve2): Releasing active interface
[  244.438264][T18067] option changes via remount are deprecated (pid=18066 comm=syz.2.5914)
[  244.485473][  T115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.502380][  T115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.524641][  T115] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  244.538716][  T115] bond0 (unregistering): Released all slaves
[  244.555262][  T115] bond1 (unregistering): Released all slaves
[  244.569778][  T115] bond2 (unregistering): Released all slaves
[  244.581174][  T115] bond3 (unregistering): Released all slaves
[  244.591392][T18063] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5912'.
[  244.630959][T18087] bridge0: entered promiscuous mode
[  244.639786][T18087] bridge0: port 3(macsec1) entered blocking state
[  244.646433][T18087] bridge0: port 3(macsec1) entered disabled state
[  244.655019][T18087] macsec1: entered allmulticast mode
[  244.660430][T18087] bridge0: entered allmulticast mode
[  244.666944][T18087] macsec1: left allmulticast mode
[  244.672001][T18087] bridge0: left allmulticast mode
[  244.678502][T18087] bridge0: left promiscuous mode
[  244.708200][  T115] hsr_slave_0: left promiscuous mode
[  244.715517][  T115] hsr_slave_1: left promiscuous mode
[  244.721337][  T115] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.728903][  T115] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.743747][  T115] team_slave_0: left promiscuous mode
[  244.749217][  T115] team_slave_1: left promiscuous mode
[  244.756342][  T115] veth1_macvtap: left promiscuous mode
[  244.761955][  T115] veth0_macvtap: left promiscuous mode
[  244.768752][  T115] veth1_vlan: left promiscuous mode
[  244.775208][  T115] veth0_vlan: left promiscuous mode
[  244.785255][T18099] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5930'.
[  244.840302][T18107] /dev/loop1: Can't lookup blockdev
[  244.931839][  T115] team0 (unregistering): Port device team_slave_1 removed
[  244.942053][  T115] team0 (unregistering): Port device team_slave_0 removed
[  244.969052][   T29] kauditd_printk_skb: 167 callbacks suppressed
[  244.969070][   T29] audit: type=1326 audit(244.973:6237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.008549][   T29] audit: type=1326 audit(244.973:6238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.031528][   T29] audit: type=1326 audit(244.973:6239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.054651][   T29] audit: type=1326 audit(244.973:6240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.077877][   T29] audit: type=1326 audit(244.973:6241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.101023][   T29] audit: type=1326 audit(244.973:6242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.123976][   T29] audit: type=1326 audit(245.013:6243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.146910][   T29] audit: type=1326 audit(245.013:6244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.149743][T18106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5933'.
[  245.169955][   T29] audit: type=1326 audit(245.013:6245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.170024][   T29] audit: type=1326 audit(245.013:6246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18120 comm="syz.1.5940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efec71debe9 code=0x7ffc0000
[  245.258082][T18129] bridge0: entered promiscuous mode
[  245.265587][T18129] bridge0: port 3(macsec1) entered blocking state
[  245.272113][T18129] bridge0: port 3(macsec1) entered disabled state
[  245.280370][T18129] macsec1: entered allmulticast mode
[  245.285744][T18129] bridge0: entered allmulticast mode
[  245.296346][T18129] macsec1: left allmulticast mode
[  245.301424][T18129] bridge0: left allmulticast mode
[  245.323925][T18129] bridge0: left promiscuous mode
[  245.349096][T18135] Failed to initialize the IGMP autojoin socket (err -2)
[  245.476318][T18146] loop7: detected capacity change from 0 to 512
[  245.494748][T18146] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2
[  245.503205][T18146] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #13: comm syz.7.5952: invalid indirect mapped block 2683928664 (level 1)
[  245.519779][T18146] EXT4-fs (loop7): Remounting filesystem read-only
[  245.528628][T18146] EXT4-fs (loop7): 1 truncate cleaned up
[  245.534764][T18146] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.547791][T18146] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.631401][T18164] bridge0: entered promiscuous mode
[  245.638710][T18164] bridge0: port 3(macsec1) entered blocking state
[  245.645424][T18164] bridge0: port 3(macsec1) entered disabled state
[  245.652252][T18164] macsec1: entered allmulticast mode
[  245.657628][T18164] bridge0: entered allmulticast mode
[  245.663759][T18164] macsec1: left allmulticast mode
[  245.664760][T18166] 9pnet_fd: Insufficient options for proto=fd
[  245.668890][T18164] bridge0: left allmulticast mode
[  245.680322][T18164] bridge0: left promiscuous mode
[  245.758180][T18172] sd 0:0:1:0: device reset
[  245.861614][T18183] bridge0: entered promiscuous mode
[  245.868474][T18183] bridge0: port 3(macsec1) entered blocking state
[  245.874988][T18183] bridge0: port 3(macsec1) entered disabled state
[  245.883110][T18183] macsec1: entered allmulticast mode
[  245.888504][T18183] bridge0: entered allmulticast mode
[  245.894473][T18183] macsec1: left allmulticast mode
[  245.899516][T18183] bridge0: left allmulticast mode
[  245.905226][T18183] bridge0: left promiscuous mode
[  245.996557][T18193] atomic_op ffff888114c5c928 conn xmit_atomic 0000000000000000
[  246.023081][T18195] bridge0: entered promiscuous mode
[  246.029712][T18195] bridge0: port 3(macsec1) entered blocking state
[  246.036542][T18195] bridge0: port 3(macsec1) entered disabled state
[  246.043634][T18195] macsec1: entered allmulticast mode
[  246.048956][T18195] bridge0: entered allmulticast mode
[  246.054906][T18195] macsec1: left allmulticast mode
[  246.059941][T18195] bridge0: left allmulticast mode
[  246.065605][T18195] bridge0: left promiscuous mode
[  246.135516][T18197] loop2: detected capacity change from 0 to 1024
[  246.155015][T18197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  246.210090][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  246.247255][T18204] netlink: 'syz.2.5977': attribute type 1 has an invalid length.
[  246.409188][ T6201] nci: nci_rsp_packet: unsupported rsp opcode 0xf21
[  246.921205][T18233] loop7: detected capacity change from 0 to 8192
[  247.152208][T18253] veth0_to_team: entered promiscuous mode
[  247.595757][T18293] can: request_module (can-proto-0) failed.
[  247.850117][T18314] loop7: detected capacity change from 0 to 164
[  247.890866][T18314] syz.7.6024: attempt to access beyond end of device
[  247.890866][T18314] loop7: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  247.924113][T18314] syz.7.6024: attempt to access beyond end of device
[  247.924113][T18314] loop7: rw=0, sector=263328, nr_sectors = 4 limit=164
[  248.024389][T10746] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  248.065944][T18336] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -2
[  248.085030][T18340] SELinux:  Context system_u:object_r:random_device_t:s0 is not valid (left unmapped).
[  248.260110][T18365] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[  248.268448][T18365] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[  248.477220][T18385] SELinux:  policydb version 0 does not match my version range 15-35
[  248.485461][T18385] SELinux: failed to load policy
[  248.509979][T18389] loop8: detected capacity change from 0 to 1024
[  248.524973][T18389] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  248.538107][T18389] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.628401][T18403] netlink: 'syz.8.6062': attribute type 10 has an invalid length.
[  248.641410][T18403] team0: Port device dummy0 added
[  248.649307][T18403] netlink: 'syz.8.6062': attribute type 10 has an invalid length.
[  248.661969][T18403] team0: Port device dummy0 removed
[  248.670949][T18403] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  248.732426][T18411] atomic_op ffff888114c5e528 conn xmit_atomic 0000000000000000
[  248.827708][T18420] loop2: detected capacity change from 0 to 512
[  248.846265][T18420] EXT4-fs (loop2): too many log groups per flexible block group
[  248.854106][T18420] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  248.861169][T18420] EXT4-fs (loop2): mount failed
[  248.870553][T18428] netlink: 96 bytes leftover after parsing attributes in process `syz.4.6071'.
[  248.930743][T18438] wireguard: wg0: Could not create IPv4 socket
[  249.017893][T18448] loop7: detected capacity change from 0 to 764
[  249.090276][ T3408] hid_parser_main: 46 callbacks suppressed
[  249.090300][ T3408] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x4
[  249.104060][ T3408] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x2
[  249.111998][ T3408] hid-generic 0000:3000000:0000.000C: unknown main item tag 0x3
[  249.156773][ T3408] hid-generic 0000:3000000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  249.226362][ T3401] kernel write not supported for file bpf-prog (pid: 3401 comm: kworker/1:4)
[  249.245460][T18488] loop4: detected capacity change from 0 to 512
[  249.280761][T18491] loop8: detected capacity change from 0 to 1024
[  249.288810][T18488] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  249.289376][T18491] EXT4-fs: Ignoring removed nomblk_io_submit option
[  249.315964][T18491] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  249.325865][T18491] System zones: 0-1, 3-36
[  249.332982][T18488] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  249.344133][T18491] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.392865][T16303] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.405619][T18488] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.6101: corrupted xattr block 19: overlapping e_value 
[  249.469958][T18488] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  249.490609][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.534671][T18526] loop4: detected capacity change from 0 to 512
[  249.560889][T18526] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  249.576003][  T115] bond0 (unregistering): (slave geneve2): Releasing active interface
[  249.590249][  T115] team0: Port device geneve1 removed
[  249.598622][T18526] EXT4-fs (loop4): 1 truncate cleaned up
[  249.620359][T18526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.661638][T11250] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.685917][  T115] $H� (unregistering): Released all slaves
[  249.711078][  T115] bond1 (unregistering): (slave vxcan3): Releasing backup interface
[  249.723766][  T115] vxcan3: left promiscuous mode
[  249.735046][  T115] bond1 (unregistering): Released all slaves
[  249.764711][  T115] bond0 (unregistering): Released all slaves
[  249.771547][T18553] loop7: detected capacity change from 0 to 512
[  249.778929][T18551] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=18551 comm=syz.4.6131
[  249.807097][T18553] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  249.840570][  T115] tipc: Left network mode
[  249.895120][  T115] veth1_vlan: left promiscuous mode
[  249.900414][  T115] veth0_vlan: left promiscuous mode
[  249.930731][T16281] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.997646][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  249.997661][   T29] audit: type=1400 audit(250.016:6419): avc:  denied  { create } for  pid=18579 comm="syz.7.6138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  250.063591][ T6201] smc: removing ib device syz!
[  250.065279][   T29] audit: type=1400 audit(250.046:6420): avc:  denied  { unlink } for  pid=16400 comm="syz-executor" name="file0" dev="tmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  250.091045][   T29] audit: type=1400 audit(250.056:6421): avc:  denied  { bind } for  pid=18583 comm="syz.7.6145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  250.110475][   T29] audit: type=1400 audit(250.056:6422): avc:  denied  { listen } for  pid=18583 comm="syz.7.6145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  250.115262][T18586] loop2: detected capacity change from 0 to 512
[  250.146983][T18586] EXT4-fs: Ignoring removed mblk_io_submit option
[  250.159045][T18586] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  250.173157][   T29] audit: type=1326 audit(250.176:6423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.196272][   T29] audit: type=1326 audit(250.176:6424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.219350][   T29] audit: type=1326 audit(250.176:6425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.242464][   T29] audit: type=1326 audit(250.176:6426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.265515][   T29] audit: type=1326 audit(250.176:6427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.288736][   T29] audit: type=1326 audit(250.176:6428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18594 comm="syz.4.6151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa82f47ebe9 code=0x7ffc0000
[  250.316919][T18578] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6143'.
[  250.325984][T18578] netlink: 108 bytes leftover after parsing attributes in process `syz.8.6143'.
[  250.347839][T18586] EXT4-fs (loop2): 1 truncate cleaned up
[  250.365030][T18578] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6143'.
[  250.396015][T18586] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  250.431277][T18578] netlink: 108 bytes leftover after parsing attributes in process `syz.8.6143'.
[  250.440515][T18578] netlink: 84 bytes leftover after parsing attributes in process `syz.8.6143'.
[  250.742549][T18608] ==================================================================
[  250.750703][T18608] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping
[  250.758558][T18608] 
[  250.760901][T18608] write to 0xffffea0005500e58 of 8 bytes by task 18586 on cpu 1:
[  250.768637][T18608]  __filemap_remove_folio+0x1a5/0x2a0
[  250.774047][T18608]  folio_unmap_invalidate+0x1dd/0x360
[  250.779454][T18608]  invalidate_inode_pages2_range+0x27c/0x3d0
[  250.785464][T18608]  filemap_invalidate_pages+0x16d/0x1a0
[  250.791031][T18608]  kiocb_invalidate_pages+0x6e/0x80
[  250.796256][T18608]  __iomap_dio_rw+0x5d4/0x1250
[  250.801044][T18608]  iomap_dio_rw+0x40/0x90
[  250.805400][T18608]  ext4_file_write_iter+0xad9/0xf00
[  250.810646][T18608]  iter_file_splice_write+0x663/0xa60
[  250.816050][T18608]  direct_splice_actor+0x153/0x2a0
[  250.821178][T18608]  splice_direct_to_actor+0x30f/0x680
[  250.826574][T18608]  do_splice_direct+0xda/0x150
[  250.831361][T18608]  do_sendfile+0x380/0x650
[  250.835812][T18608]  __x64_sys_sendfile64+0x105/0x150
[  250.841054][T18608]  x64_sys_call+0x2bb0/0x2ff0
[  250.845938][T18608]  do_syscall_64+0xd2/0x200
[  250.850470][T18608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.856409][T18608] 
[  250.858756][T18608] read to 0xffffea0005500e58 of 8 bytes by task 18608 on cpu 0:
[  250.866406][T18608]  folio_mapping+0xa1/0x120
[  250.870946][T18608]  folio_wait_writeback+0x43/0x140
[  250.876099][T18608]  file_write_and_wait_range+0x20b/0x2c0
[  250.881776][T18608]  generic_buffers_fsync_noflush+0x45/0x120
[  250.887702][T18608]  ext4_sync_file+0x1ab/0x690
[  250.892401][T18608]  vfs_fsync_range+0x10d/0x130
[  250.897194][T18608]  ext4_buffered_write_iter+0x34f/0x3c0
[  250.902795][T18608]  ext4_file_write_iter+0xdbf/0xf00
[  250.908029][T18608]  iter_file_splice_write+0x663/0xa60
[  250.913419][T18608]  direct_splice_actor+0x153/0x2a0
[  250.918647][T18608]  splice_direct_to_actor+0x30f/0x680
[  250.924047][T18608]  do_splice_direct+0xda/0x150
[  250.928835][T18608]  do_sendfile+0x380/0x650
[  250.933283][T18608]  __x64_sys_sendfile64+0x105/0x150
[  250.938525][T18608]  x64_sys_call+0x2bb0/0x2ff0
[  250.943325][T18608]  do_syscall_64+0xd2/0x200
[  250.947860][T18608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.953781][T18608] 
[  250.956115][T18608] value changed: 0xffff888119c80280 -> 0x0000000000000000
[  250.963236][T18608] 
[  250.965574][T18608] Reported by Kernel Concurrency Sanitizer on:
[  250.971750][T18608] CPU: 0 UID: 0 PID: 18608 Comm: syz.2.6146 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  250.981569][T18608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  250.991647][T18608] ==================================================================
[  251.023695][T16400] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.