last executing test programs:

7.343152629s ago: executing program 3 (id=733):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xa}, {}, {0xffff}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x2c, 0x2, [@TCA_CGROUP_EMATCHES={0x28, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x2, 0x1, 0xfff}, {0x3, 0x1, 0x332e, 0x0, 0x8, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8080}, 0x4800)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001640)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r5 = socket$inet6(0xa, 0x3, 0xff)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001700)={'pim6reg\x00'})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000feffffffffffa498", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000001740), 0x460000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000f7000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000bdb200b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffe, 0x0, 0x1)

6.251172507s ago: executing program 3 (id=742):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r2 = dup3(r1, r0, 0x0)
recvmmsg(r2, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)

5.982911348s ago: executing program 1 (id=745):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=")
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523a", 0x39}], 0x1}}, {{0x0, 0x0, &(0x7f0000000840)=[{0x0}, {&(0x7f0000000340)="c86d573ac19fb682d1911dfb13d5d0a616279230f2052742399d2244ceb7e4b0158ffb4912c2f3bb9b033f0f8c57871e66173fb794c68ea09f70f6f438a7f8f091ab27adda7b1de7196cff3dc7d8ccaf8f8cb06d861abb", 0x57}], 0x2}}], 0x2, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$msr(r0, &(0x7f0000000d40)=""/43, 0x2b)

5.914131514s ago: executing program 4 (id=746):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x259fdbfd, {0x0, 0x0, 0x0, r4, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0x100, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

5.857958548s ago: executing program 1 (id=747):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
sendto$inet6(r0, &(0x7f0000000700)='3', 0x1, 0x20000805, 0x0, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)

5.845601489s ago: executing program 0 (id=748):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000001f)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f0000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

5.654148255s ago: executing program 4 (id=750):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x3c, 0x0, 0x1b, 0x0, 0x3, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3ff}, @ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x3c}}, 0x0)

5.633466757s ago: executing program 0 (id=751):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f0000000300)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@sysvgroups}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000001f00)=ANY=[], 0xe00f, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0)

5.573058311s ago: executing program 1 (id=752):
syz_open_dev$sg(0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xa0142, 0x0)
r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r1, r0, 0x0, 0x3a)

5.450031601s ago: executing program 2 (id=753):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e24, 0xffff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}}, 0x1139, 0x2, 0xfffffffb, 0x2, 0x10, 0x6, 0x9}, 0x9c)

5.439002382s ago: executing program 4 (id=754):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, &(0x7f0000fcb000)=0xfffffffc, 0x4)
fspick(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4000000000002a7}, 0x18)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, 0x0, 0x0)
connect$inet(r0, 0x0, 0x0)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10fea7, 0xa)
ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x34)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

5.34438156s ago: executing program 2 (id=755):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffc}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}], {0x14}}, 0x6c}}, 0x0)

5.33927635s ago: executing program 1 (id=756):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1ecc0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$usbfs(0x0, 0x205, 0x2581)
r5 = fcntl$dupfd(r4, 0x0, r4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xa0}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r7, 0x0, 0x0}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid9z3ndJ73zfC8nHnPOXMCyKyzyT+5iMGI+Dwijjaqm3c423hZu39zKllyUa9f/i6X7pfUW7u2/t+RiFiNiL6IePbJiJdy2+NWl1dmJ8vl0mKzXqzNLRSryysXrs1NzpRmSvMj4xcnJsaHx0Yn9qyvt9945falj57u/fCn1+/dffOTj3PN/saWfuylRtd74viGdYci4vGHEawLCs3+9He7Ifwhyef3t4g4l+b/0SiknyaQBfV6vf5r/XC7zat14MDKR3Lsn8sPRUSjnM8PDTWO4f8eA/lypVr7/9XK0vx04zvCsejJX71WLg03j52PRU8uqY+k5Qf10S31sYj0GPitQn9aH5qqlKf3d6gDtjiyJf9/LDTyH8gIX/khu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yHTHrm0qVkqbfuf5++vrw0W7l+YbpUnR2aW5oamqosLgzNVCoz6T07c7/3fuVKZWHkkVi6UayVqrVidXnlylxlab52Jb2v/0qpZ196BXTi+Jk7X+YiYvXR/nRJ9Da3yVU42Or1XHT7HmSgOwrdHoCArjH1B9nlOz6ww0/0btLXbsPC3rcF2B/5bjcA6Jrzp5z/g6wy/w/ZZf4fsssxPmD+H7LH/D9k12Cb53/9ZcOzu4Yj4q8R8UWh53DrWV/AQZD/Jtc8/j9/9N+DW7f25n5OTxH0RsSr711+58ZkrbY4kqz/fn197d3m+tFutB/oVCtPW3kMAGTX2v2bU61lP+N++0TjIoTt8Q815yb70nOUA2u5Tdcq5Pbo2oXVWxFxcqf4uebzzhtnPgbWCtvin2i+5hpvkbb3UPrc9P2Jf2pD/H9tiH/6T/9VIBvuJOPP8E75l09zOtbzb/P4M7hH1060H//y6+Nfoc34d6bDGC+//9rXbePfiji9Y/xWvL401tb4SdvOdxj/3gvP/aPdtvoHjffZKX5LUirW5haK1eWVC+nvyM2U5kfGL05MjA+PjU4U0znqYmumervHTn52d7f+D7SJv1v/k3X/7bD/v/zz0+fP7hL/P+d2/vxP7BK/PyL+12H8H0a/erHdtiT+dJv+53eJn6wb6zB+9e2nDne4KwCwD6rLK7OT5XJpUUFBQWG90O2RCXjYHiR9t1sCAAAAAAAAAAAAdGo/Lifudh8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6C3wIAAP//StvWXg==")

4.47451292s ago: executing program 3 (id=757):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=")
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523a", 0x39}], 0x1}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000180)}, {&(0x7f0000000340)="c86d573ac19fb682d1911dfb13d5d0a616279230f2052742399d2244ceb7e4b0158ffb4912c2f3bb9b033f0f8c57871e66173fb794c68ea09f70f6f438a7f8f091ab27adda7b1de7196cff3dc7d8ccaf8f8cb06d861abb", 0x57}], 0x2}}], 0x2, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$msr(r0, &(0x7f0000000d40)=""/43, 0x2b)

4.22558618s ago: executing program 0 (id=758):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000800)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x3, 0x6, 0x6361, 0x5, 0x1, 0x6}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "6ad2"}, @TCA_NETEM_CORR={0x10, 0x1, {0x5, 0x5, 0x9}}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.659531465s ago: executing program 4 (id=759):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x1, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x40051}, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r4, &(0x7f0000000340)=ANY=[], 0xff2e)
r5 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
ioctl$TCXONC(r4, 0x540a, 0x3)

3.579348642s ago: executing program 2 (id=760):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='mm_page_alloc\x00', r1}, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6)

3.118013159s ago: executing program 3 (id=761):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4c000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x67709000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000000)={[{@noload}]}, 0x0, 0x5ae, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLLnHPPnZ5zgafn3HvPmQmgsMbSP0oReyLichIx0lZWiaxwrHHcnd/fP51uSdRqr/6WRJLtax6fZK/D2Zv/Hon4/pskdpdX1ju3cPX8dLU6eyXLT8xfuDwxt3D1wLkL02dnz85enHpu6uiRw0eOTh68r/MrtaVPXH/rnZGPTr7+xWd/JZNf/nQyiWPx65lGWft5bJaxGIs/arUPlu9P/16PbnZlOSm3/p/clSzfwZZVyWJkICIei5Eot/1rjsSHL+faOKCvaklEDSioRPxDQTXHAc1r+96ug0t9HpUAD8LS8ahf/a+M/0rj3mCM1u8N7F32vg639DYkreO7b09eT7fo0304oLPFazuy1PL4T+qxORo767ldd0r33OdNRwCnstd0/ysbrH9sWV78w4OzeC0iHu80/l87/t9oi/83N1i/+AcAAAAAAIDNc+t4RDzb6flfKXs2tzOeqj//SxrP/364u0Lw2CbUv/bzv9LtTagG6GDpeMRLHef/tub4jpaz3P8bswGTM+eqswcj4qGI2B8DO9L85Cp1HPh4941uZe3z/9Itrb85FzBrx+3KjnvfMzM9P30/5ww0LF2LeKLSff5P2v8n7f1/Jv19cLnHOnbvvXmqW9na8Q/0S+3ziH0d+/+kdUyy+udzTNTHAxPNUcFKT773yVfd6hf/kJ+0/9+1evyPJu2f1zO3vp8/GBGHFiq1buUbHf8PJq+Vmz8/9e70/PyVyYjB5MTK/VPrazNsV814aMZLGv/7n179/l9r/N8Wh0MRsdhjnY/+M/xztzL9P+Qnjf+ZdfX/609M3Rz9ulv9vfX/h+t9+v5sj/t/sLpeAzTvdgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf1EpIv4XSWm8lS6VxscjhiPikdhVql6am3/mzKW3L86kZfXv/y81v+l3pJFPmt//P9qWn1qWPxQRD0fEp+When789KXqTN4nDwAAAAAAAAAAAAAAAAAAAFvEcJf1/6lfynm3Dui7SvYq3qF4Knk3AMiN+IfiEv9QXOIfikv8Q3FtMP49LoBtQP8PRTXQ22E7+90OIA/6fwAAAAAA2FZuvfj8jSQiFl8Yqm+pways9WBwKK/WAf1UyrsBQG7M4YXiMvUHiqvHyb/ANpa0Un/WOpV3n/2f9KdBAAAAAAAAAAAAAMAK+/bc+nHN9f/AtmT9PxSX9f9QXNb/Q3G5xgfWWsVv/T8AAAAAAAAAAAAA5G9u4er56Wp19oqExFZLDETEFmhGDonB/MMz519MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAy78BAAD//1KbJPw=")

2.908407286s ago: executing program 2 (id=762):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432})
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)

1.815676734s ago: executing program 1 (id=763):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x160, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x130, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x49}]}]}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0xe4, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x3000000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xc00}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xff}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5ac}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x19d}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xe7}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x2c, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x46}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x11a8}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x81}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xb5}]}]}, @TCA_FLOWER_KEY_ARP_THA={0xa, 0x41, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}]}}]}, 0x160}, 0x1, 0x0, 0x0, 0x80}, 0x800)

1.708790952s ago: executing program 0 (id=764):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)

1.708535632s ago: executing program 4 (id=765):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
sendto$inet6(r0, &(0x7f0000000700)='3', 0x1, 0x20000805, 0x0, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)

1.514124138s ago: executing program 2 (id=766):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01"], 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="24002d801a0001"], 0x64}}, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.512386778s ago: executing program 3 (id=767):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
rseq(0x0, 0x0, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)=0xffffffffffffffff)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x6, 0x0, 0x4, 0x7fc00100}, {0xff, 0x4, 0x1, 0x5}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={0x0, 0x3, 0xffffffffffffffff, 0x5})
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
getpid()
socket$nl_generic(0x10, 0x3, 0x10)

1.394983378s ago: executing program 4 (id=768):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f0000000300)={[{@i_version}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@sysvgroups}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000001f00)=ANY=[], 0xe00f, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0)

1.190441324s ago: executing program 0 (id=769):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r0 = inotify_init1(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff0200"], 0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
close(r0)
futex(&(0x7f000000cffc), 0xd, 0x0, &(0x7f0000fd7ff0), &(0x7f0000048000), 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/44)

1.189570595s ago: executing program 2 (id=770):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = memfd_create(&(0x7f0000000000)='\x00\xc2\xea\x99\xbb\x1c\xdfjw\x97\x05\xa3\xa2\'\xdd\xe4q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3?\xdfH\x8c\xe4V\xe2\xfe\v8\x04\xa5\xb9\xc4:\xf3\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\xec\x12\xa015\xc2\xb3u|K\x111\xd4\f8\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa7\xfe\xdd,_D\xe5|\xb1j^\xaec}\x1a\xb4\x17\xafP\x85I\xd5\xa0I\xb0\xaf\xb5\x8b\\\x05\xd7g\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7%\xdd+\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00'/204, 0xa)
fchmod(r0, 0x1a8)
fchmodat(0xffffffffffffffff, &(0x7f0000000a00)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc2)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x500)
r2 = geteuid()
r3 = socket(0x1, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f0000000200)=0x4, 0x0, 0x4)
getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, &(0x7f0000cab000))
setresuid(0x0, 0x0, 0x0)
setresuid(r1, r2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xe4}}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x110, 0xffffffffffffffff, 0x8000000)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000240)='ext4_fc_track_inode\x00', 0xffffffffffffffff, 0x0, 0x7ffd}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB="000000000000000000000000000000f0ff000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000020000000000000000000000020000000000000000"], 0x50)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x6000)
close(r5)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r7 = dup(r6)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000440)={0x80, 0x6, 0xf00, 0x1, 0x0, 0x5, 0x0})

262.837899ms ago: executing program 1 (id=771):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=")
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523a", 0x39}], 0x1}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000180)}, {&(0x7f0000000340)="c86d573ac19fb682d1911dfb13d5d0a616279230f2052742399d2244ceb7e4b0158ffb4912c2f3bb9b033f0f8c57871e66173fb794c68ea09f70f6f438a7f8f091ab27adda7b1de7196cff3dc7d8ccaf8f8cb06d861abb", 0x57}], 0x2}}], 0x2, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$msr(r0, &(0x7f0000000d40)=""/43, 0x2b)

27.719538ms ago: executing program 3 (id=772):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='cdg\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000004c0)=0x1, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='dctcp\x00', 0x6)

0s ago: executing program 0 (id=773):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000001, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x2}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

kernel console output (not intermixed with test programs):

d promiscuous mode
[   85.360635][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.368040][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.376664][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.385259][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.407208][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   85.425686][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   85.436040][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   85.455577][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.488758][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   85.497008][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   85.508765][ T4271] device veth0_vlan entered promiscuous mode
[   85.520137][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.535459][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.549763][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.560532][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.570725][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.581589][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.594902][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.610990][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.637420][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.647308][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.665498][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.710982][ T4267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.722246][ T4267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.759047][ T4268] Bluetooth: hci2: command 0x0419 tx timeout
[   85.759096][ T4283] Bluetooth: hci4: command 0x0419 tx timeout
[   85.792958][ T4267] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.837656][ T4283] Bluetooth: hci3: command 0x0419 tx timeout
[   85.844716][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.846574][ T4271] device veth1_vlan entered promiscuous mode
[   85.861238][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   85.869248][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.880102][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.895175][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.905147][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   85.924950][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   85.937010][ T4283] Bluetooth: hci1: command 0x0419 tx timeout
[   85.962041][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.096783][ T4267] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.109995][ T4267] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.117483][ T4281] Bluetooth: hci0: command 0x0419 tx timeout
[   86.119850][ T4267] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.135147][ T4267] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.411291][ T4394] loop1: detected capacity change from 0 to 512
[   86.426261][ T4394] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.432971][ T4394] EXT4-fs: Ignoring removed bh option
[   86.473061][ T4394] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   86.485404][ T4394] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   86.499088][ T4394] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   86.794658][ T4394] EXT4-fs (loop1): 1 truncate cleaned up
[   86.800952][ T4394] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   86.922542][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   87.040734][   T14] cfg80211: failed to load regulatory.db
[   87.172783][ T4271] device veth0_macvtap entered promiscuous mode
[   87.187950][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   87.197060][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   87.219244][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   87.234050][ T4266] EXT4-fs (loop1): unmounting filesystem.
[   87.256294][ T4391] loop2: detected capacity change from 0 to 4096
[   87.284930][ T4271] device veth1_macvtap entered promiscuous mode
[   87.372636][ T4391] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   87.391383][ T4403] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'.
[   87.497775][   T27] audit: type=1326 audit(1753860657.489:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.532145][ T4403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'.
[   87.566789][   T27] audit: type=1326 audit(1753860657.539:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675147][   T27] audit: type=1326 audit(1753860657.539:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675195][   T27] audit: type=1326 audit(1753860657.539:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675234][   T27] audit: type=1326 audit(1753860657.539:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675271][   T27] audit: type=1326 audit(1753860657.539:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675308][   T27] audit: type=1326 audit(1753860657.539:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675345][   T27] audit: type=1326 audit(1753860657.549:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675382][   T27] audit: type=1326 audit(1753860657.549:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.675420][   T27] audit: type=1326 audit(1753860657.549:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4406 comm="syz.1.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[   87.794630][ T4276] EXT4-fs (loop2): unmounting filesystem.
[   87.904729][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.189153][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.199641][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.211469][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.226046][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.256132][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.272207][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.286458][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.306390][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.314862][ T4350] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.357198][ T4350] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.428376][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   88.438629][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   88.455985][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   88.465165][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   88.534722][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.556857][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.587839][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.605871][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.623470][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.653301][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.665366][ T4271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.681949][ T4271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.697171][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.751545][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.763911][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.873027][ T4418] device syzkaller0 entered promiscuous mode
[   88.908801][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   89.008022][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   89.023785][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   89.101552][ T4271] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.168139][ T4271] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.269075][ T4271] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.364387][ T4271] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.956132][ T4395] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.000284][ T4395] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.037013][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   90.054407][ T4395] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.068114][ T4395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.111844][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   90.395274][ T4447] loop2: detected capacity change from 0 to 512
[   90.425174][ T4447] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   90.493604][ T4437] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   90.533856][ T4447] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   90.554557][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[   90.650248][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 12: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   90.679306][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 13: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   90.700385][    C0] vkms_vblank_simulate: vblank timer overrun
[   90.708742][ T4437] usb 4-1: Using ep0 maxpacket: 8
[   90.717202][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 14: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   90.747872][ T4437] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.766284][ T4437] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[   90.791465][ T4437] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[   90.814746][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 15: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   90.834866][    C0] vkms_vblank_simulate: vblank timer overrun
[   90.847746][ T4437] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   90.861584][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 16: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   90.885061][ T4437] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.890346][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 17: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   90.905537][ T4437] usb 4-1: Product: syz
[   90.928517][ T4447] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 18: comm syz.2.16: lblock 23 mapped to illegal pblock 18 (length 1)
[   90.942229][ T4437] usb 4-1: Manufacturer: syz
[   90.962137][ T4437] usb 4-1: SerialNumber: syz
[   90.968217][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 19: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   91.052863][ T4447] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 20: comm syz.2.16: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[   91.250795][ T4437] cdc_ncm 4-1:1.0: bind() failure
[   91.309444][ T4437] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[   91.316409][ T4437] cdc_ncm 4-1:1.1: bind() failure
[   91.341124][ T4276] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   91.393313][ T4437] usb 4-1: USB disconnect, device number 2
[   91.501013][ T4276] EXT4-fs (loop2): unmounting filesystem.
[   91.765664][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   91.774408][ T4470] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   92.404038][ T4470] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   92.812144][ T4483] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   92.898973][ T4487] Zero length message leads to an empty skb
[   94.074799][ T4505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.32'.
[   94.125645][ T4505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.32'.
[   94.171164][ T4505] netlink: 12 bytes leftover after parsing attributes in process `syz.3.32'.
[   94.215839][ T4505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.32'.
[   94.266913][ T4505] netlink: 'syz.3.32': attribute type 6 has an invalid length.
[   94.307255][ T4515] netlink: 'syz.3.32': attribute type 10 has an invalid length.
[   94.413948][ T4522] loop1: detected capacity change from 0 to 512
[   94.430766][ T4522] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   94.435874][ T4515] team0: Port device dummy0 added
[   94.464196][ T4517] netlink: 'syz.3.32': attribute type 10 has an invalid length.
[   94.563334][ T4522] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   94.606109][ T4517] team0: Port device dummy0 removed
[   94.614282][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 3: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[   94.651536][ T4517] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   94.652863][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 12: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   94.691144][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   94.769022][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 14: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   94.860106][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 15: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   94.916838][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 16: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   94.972505][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 17: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   94.999256][ T4522] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #2: block 18: comm syz.1.35: lblock 23 mapped to illegal pblock 18 (length 1)
[   95.021991][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 19: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   95.124651][ T4522] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 20: comm syz.1.35: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[   95.393439][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   95.402429][ T4540] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   96.577839][ T4540] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   96.605397][    T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.969451][ T4266] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   97.003818][ T4266] EXT4-fs (loop1): unmounting filesystem.
[   97.067645][    T7] usb 3-1: Using ep0 maxpacket: 8
[   97.084466][    T7] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.137555][    T7] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[   97.172048][    T7] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[   97.192811][ T4549] device syzkaller0 entered promiscuous mode
[   97.212344][    T7] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   97.227923][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.246613][    T7] usb 3-1: Product: syz
[   97.254528][    T7] usb 3-1: Manufacturer: syz
[   97.264896][    T7] usb 3-1: SerialNumber: syz
[   97.266627][ T4551] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   97.498907][    T7] cdc_ncm 3-1:1.0: bind() failure
[   97.543518][    T7] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[   97.581068][    T7] cdc_ncm 3-1:1.1: bind() failure
[   97.634517][    T7] usb 3-1: USB disconnect, device number 2
[   99.281374][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   99.297716][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   99.324332][ T4585] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.576824][ T4594] loop2: detected capacity change from 0 to 512
[   99.611852][ T4594] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   99.699120][ T4603] device syzkaller0 entered promiscuous mode
[   99.706724][ T4594] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   99.735035][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[   99.801735][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 12: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   99.911242][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 13: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   99.971450][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 14: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  100.074302][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 15: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  100.195475][ T4615] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  100.266658][ T4594] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 16: comm syz.2.55: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  100.592840][ T4276] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  100.623343][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  100.977629][ T4437] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  101.135561][ T4638] netlink: 24 bytes leftover after parsing attributes in process `syz.2.65'.
[  101.209424][ T4642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.67'.
[  101.217416][ T4437] usb 2-1: Using ep0 maxpacket: 8
[  101.226761][ T4437] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.228242][ T4642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.67'.
[  101.271748][ T4437] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[  101.292640][ T4437] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  101.331058][ T4437] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  101.415950][ T4437] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.439959][ T4437] usb 2-1: Product: syz
[  101.460888][ T4437] usb 2-1: Manufacturer: syz
[  101.489854][ T4437] usb 2-1: SerialNumber: syz
[  102.231224][ T4652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  102.244014][ T4437] cdc_ncm 2-1:1.0: bind() failure
[  102.267765][ T4652] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  102.281710][ T4437] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  102.298237][ T4437] cdc_ncm 2-1:1.1: bind() failure
[  102.314204][ T4437] usb 2-1: USB disconnect, device number 2
[  103.178215][ T4686] loop2: detected capacity change from 0 to 512
[  103.222871][ T4686] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  103.293783][ T4686] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  103.319837][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  103.364715][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 12: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  103.414200][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 13: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  103.448856][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 14: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  103.484528][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 15: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  103.523189][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 16: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  103.553313][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 17: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  103.587804][ T4686] EXT4-fs error (device loop2): ext4_map_blocks:635: inode #2: block 18: comm syz.2.74: lblock 23 mapped to illegal pblock 18 (length 1)
[  103.611333][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 19: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  103.633836][ T4686] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 20: comm syz.2.74: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  104.046528][ T4276] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  104.078586][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  105.670736][ T4712] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  105.785510][ T4722] netlink: 24 bytes leftover after parsing attributes in process `syz.3.80'.
[  106.588526][ T4743] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  106.596825][ T4743] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  106.805682][ T4743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  107.667528][    T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  107.784321][ T4763] device syzkaller0 entered promiscuous mode
[  107.887758][    T7] usb 1-1: Using ep0 maxpacket: 8
[  107.898612][    T7] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.921328][    T7] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[  107.952224][    T7] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  107.973957][    T7] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  107.993629][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.035304][    T7] usb 1-1: Product: syz
[  108.047344][    T7] usb 1-1: Manufacturer: syz
[  108.056220][    T7] usb 1-1: SerialNumber: syz
[  108.171216][ T4774] netlink: 24 bytes leftover after parsing attributes in process `syz.3.94'.
[  108.203647][ T4776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.95'.
[  108.216660][ T4776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.95'.
[  108.238467][ T4776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.95'.
[  108.259452][ T4776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.95'.
[  108.280644][ T4776] netlink: 'syz.4.95': attribute type 6 has an invalid length.
[  108.289990][    T7] cdc_ncm 1-1:1.0: bind() failure
[  108.302514][    T7] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  108.317688][ T4778] netlink: 'syz.4.95': attribute type 10 has an invalid length.
[  108.343584][    T7] cdc_ncm 1-1:1.1: bind() failure
[  108.387644][ T4778] team0: Port device dummy0 added
[  108.407160][    T7] usb 1-1: USB disconnect, device number 2
[  108.415168][ T4776] netlink: 'syz.4.95': attribute type 10 has an invalid length.
[  108.539269][ T4776] team0: Port device dummy0 removed
[  108.582737][ T4776] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  108.807600][ T4791] tipc: Started in network mode
[  108.812591][ T4791] tipc: Node identity 1a877543e922, cluster identity 4711
[  108.820448][ T4791] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  108.834274][ T4791] tipc: Resetting bearer <eth:syzkaller0>
[  108.928716][ T4792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  108.986885][ T4792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  109.524419][ T4789] tipc: Disabling bearer <eth:syzkaller0>
[  109.904530][ T4807] loop3: detected capacity change from 0 to 512
[  109.964061][ T4807] =======================================================
[  109.964061][ T4807] WARNING: The mand mount option has been deprecated and
[  109.964061][ T4807]          and is ignored by this kernel. Remove the mand
[  109.964061][ T4807]          option from the mount to silence this warning.
[  109.964061][ T4807] =======================================================
[  110.119497][ T4807] ext4: Unknown parameter 'subj_user'
[  110.173819][ T4811] device syzkaller0 entered promiscuous mode
[  110.226837][   T27] kauditd_printk_skb: 44 callbacks suppressed
[  110.226853][   T27] audit: type=1326 audit(1753860680.219:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.337166][   T27] audit: type=1326 audit(1753860680.259:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.453286][   T27] audit: type=1326 audit(1753860680.259:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.514216][ T4821] loop2: detected capacity change from 0 to 512
[  110.533937][ T4807] ALSA: seq fatal error: cannot create timer (-19)
[  110.550050][ T4821] EXT4-fs: Ignoring removed mblk_io_submit option
[  110.582571][   T27] audit: type=1326 audit(1753860680.259:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.617007][ T4821] EXT4-fs: Ignoring removed bh option
[  110.648799][ T4821] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  110.675197][ T4821] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  110.695637][   T27] audit: type=1326 audit(1753860680.259:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.741452][ T4821] EXT4-fs (loop2): 1 truncate cleaned up
[  110.747208][ T4821] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  110.787404][   T27] audit: type=1326 audit(1753860680.259:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.811426][   T27] audit: type=1326 audit(1753860680.259:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.835453][   T27] audit: type=1326 audit(1753860680.259:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=324 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.858083][   T27] audit: type=1326 audit(1753860680.279:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.880863][   T27] audit: type=1326 audit(1753860680.279:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4806 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  110.933972][ T4830] loop3: detected capacity change from 0 to 164
[  111.011494][ T4830] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  111.041285][ T4830] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  111.056343][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  111.153461][ T4830] Symlink component flag not implemented
[  111.197461][ T4830] Symlink component flag not implemented
[  111.203623][ T4830] Symlink component flag not implemented (7)
[  111.280404][ T4830] Symlink component flag not implemented (116)
[  111.541365][ T4840] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  111.695465][ T4840] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  112.230347][ T4437] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  112.354483][ T4850] loop0: detected capacity change from 0 to 1024
[  112.427533][ T4437] usb 2-1: Using ep0 maxpacket: 8
[  112.454814][ T4850] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  112.466785][ T4437] usb 2-1: unable to get BOS descriptor or descriptor too short
[  112.523816][ T4437] usb 2-1: unable to read config index 0 descriptor/start: -71
[  112.570912][ T4437] usb 2-1: can't read configurations, error -71
[  112.674662][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  112.824931][ T4863] serio: Serial port ptm0
[  112.962641][ T4867] loop3: detected capacity change from 0 to 512
[  112.978305][ T4867] EXT4-fs: Ignoring removed mblk_io_submit option
[  112.992867][ T4867] EXT4-fs: Ignoring removed bh option
[  113.017766][ T4867] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  113.079702][ T4867] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  113.177609][ T4867] EXT4-fs (loop3): 1 truncate cleaned up
[  113.200694][ T4867] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  113.293260][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  113.519369][ T4882] device syzkaller0 entered promiscuous mode
[  114.065047][ T4892] netlink: 12 bytes leftover after parsing attributes in process `syz.1.135'.
[  114.115147][ T4892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.135'.
[  114.155479][ T4892] netlink: 12 bytes leftover after parsing attributes in process `syz.1.135'.
[  114.194308][ T4892] netlink: 28 bytes leftover after parsing attributes in process `syz.1.135'.
[  114.217715][ T4892] netlink: 'syz.1.135': attribute type 6 has an invalid length.
[  114.252186][ T4892] netlink: 'syz.1.135': attribute type 10 has an invalid length.
[  114.311469][ T4892] team0: Port device dummy0 added
[  114.337716][ T4893] netlink: 'syz.1.135': attribute type 10 has an invalid length.
[  114.392914][ T4893] team0: Port device dummy0 removed
[  114.429534][ T4893] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  114.511068][ T4899] device syzkaller0 entered promiscuous mode
[  114.517758][ T4347] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  114.602402][ T4901] loop4: detected capacity change from 0 to 512
[  114.610854][ T4901] EXT4-fs: Ignoring removed mblk_io_submit option
[  114.622594][ T4901] EXT4-fs: Ignoring removed bh option
[  114.633321][ T4901] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  114.652543][ T4901] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  114.678114][ T4901] EXT4-fs (loop4): 1 truncate cleaned up
[  114.694302][ T4901] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  114.709942][ T4347] usb 4-1: Using ep0 maxpacket: 8
[  114.725952][ T4904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.139'.
[  114.760792][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  114.784668][ T4347] usb 4-1: unable to get BOS descriptor or descriptor too short
[  114.812971][ T4908] loop1: detected capacity change from 0 to 512
[  114.861535][ T4347] usb 4-1: unable to read config index 0 descriptor/start: -71
[  114.872266][ T4400] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  114.907010][ T4347] usb 4-1: can't read configurations, error -71
[  115.654074][ T4929] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  115.662707][ T4929] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  115.906937][ T4929] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  116.528235][ T4938] device syzkaller0 entered promiscuous mode
[  116.581042][ T4943] netlink: 'syz.1.152': attribute type 10 has an invalid length.
[  116.849876][ T4948] device veth1_macvtap left promiscuous mode
[  116.877005][ T4948] device macsec0 entered promiscuous mode
[  117.063571][ T4952] netlink: 'syz.0.158': attribute type 1 has an invalid length.
[  117.391600][ T4964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.163'.
[  117.402484][ T4964] IPVS: Error joining to the multicast group
[  117.427571][ T4358] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  117.647419][ T4358] usb 4-1: Using ep0 maxpacket: 8
[  117.664820][ T4358] usb 4-1: unable to get BOS descriptor or descriptor too short
[  117.734477][ T4358] usb 4-1: unable to read config index 0 descriptor/start: -71
[  117.822731][ T4974] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  117.840559][ T4974] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  118.971666][ T4977] loop4: detected capacity change from 0 to 512
[  118.979000][ T4977] EXT4-fs: Ignoring removed mblk_io_submit option
[  118.985480][ T4977] EXT4-fs: Ignoring removed bh option
[  118.999601][ T4977] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  119.011505][ T4977] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  119.172842][ T4358] usb 4-1: can't read configurations, error -71
[  119.407545][ T4977] EXT4-fs (loop4): 1 truncate cleaned up
[  119.413443][ T4977] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  119.850767][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  119.935155][   T27] kauditd_printk_skb: 14 callbacks suppressed
[  119.935172][   T27] audit: type=1326 audit(1753860689.929:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  120.009758][   T27] audit: type=1326 audit(1753860689.969:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  120.276168][   T27] audit: type=1326 audit(1753860689.969:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  120.298881][   T27] audit: type=1326 audit(1753860689.969:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  120.489093][ T5002] loop4: detected capacity change from 0 to 512
[  120.659645][ T5002] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c01c, mo2=0002]
[  120.668352][ T5002] System zones: 1-3, 19-19, 35-38
[  120.693022][ T5002] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  120.702600][ T5002] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  120.782216][ T5002] EXT4-fs warning (device loop4): ext4_group_extend:1899: can't read last block, resize aborted
[  120.802050][   T27] audit: type=1326 audit(1753860689.969:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  121.203418][   T27] audit: type=1326 audit(1753860689.969:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  121.297336][    C1] sched: RT throttling activated
[  121.313870][   T27] audit: type=1326 audit(1753860689.969:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  121.637664][   T27] audit: type=1326 audit(1753860689.969:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  121.660882][   T27] audit: type=1326 audit(1753860689.969:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  121.682992][   T27] audit: type=1326 audit(1753860689.969:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4988 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  122.328531][ T5014] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  122.610114][ T5014] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  122.630450][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  122.705359][ T5017] tipc: MTU too low for tipc bearer
[  122.736211][ T5018] loop1: detected capacity change from 0 to 512
[  122.812864][ T5018] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  122.998007][ T5018] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  123.038290][ T5018] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 3: comm syz.1.180: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  123.167602][ T5019] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  123.180644][ T5029] syz.4.182[5029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.180758][ T5029] syz.4.182[5029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  123.198964][ T5018] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 12: comm syz.1.180: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  123.362671][ T5018] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz.1.180: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  123.438303][ T5018] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 14: comm syz.1.180: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  123.699327][ T4266] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  123.744611][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  124.415016][ T5055] netlink: 20 bytes leftover after parsing attributes in process `syz.2.195'.
[  124.452882][ T5055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'.
[  124.690389][ T5060] loop3: detected capacity change from 0 to 512
[  124.723710][ T5060] EXT4-fs: Ignoring removed nobh option
[  124.744636][ T5058] lo speed is unknown, defaulting to 1000
[  124.752384][ T5058] lo speed is unknown, defaulting to 1000
[  124.777170][ T5060] EXT4-fs: Ignoring removed mblk_io_submit option
[  124.809978][ T5058] lo speed is unknown, defaulting to 1000
[  124.837417][ T5060] ext4: Unknown parameter 'measure'
[  124.838866][ T5058] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  124.931146][ T5058] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  125.101972][ T5058] lo speed is unknown, defaulting to 1000
[  125.119609][ T5067] netlink: 'syz.1.200': attribute type 10 has an invalid length.
[  125.148230][ T5067] bond0: (slave dummy0): Releasing backup interface
[  125.176641][ T5067] team0: Port device dummy0 added
[  125.195111][ T5058] lo speed is unknown, defaulting to 1000
[  125.205427][ T5068] netlink: 'syz.1.200': attribute type 10 has an invalid length.
[  125.275509][ T5068] team0: Port device dummy0 removed
[  125.284330][ T5068] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  125.294392][ T5058] lo speed is unknown, defaulting to 1000
[  125.301732][ T5058] lo speed is unknown, defaulting to 1000
[  125.312202][ T5058] lo speed is unknown, defaulting to 1000
[  125.388083][ T5070] loop4: detected capacity change from 0 to 512
[  125.416625][ T5070] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  125.504094][ T5070] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  125.745505][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  125.862276][ T5083] syz.2.205 uses obsolete (PF_INET,SOCK_PACKET)
[  125.908275][ T5083] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40
[  126.026952][ T5089] loop1: detected capacity change from 0 to 256
[  126.744379][   T27] kauditd_printk_skb: 32 callbacks suppressed
[  126.744395][   T27] audit: type=1326 audit(1753860696.739:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  126.773627][ T4319] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  126.848510][   T27] audit: type=1326 audit(1753860696.739:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  126.885083][   T27] audit: type=1326 audit(1753860696.739:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  126.913613][   T27] audit: type=1326 audit(1753860696.739:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  126.952577][   T27] audit: type=1326 audit(1753860696.739:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  126.967481][ T4319] usb 4-1: Using ep0 maxpacket: 8
[  126.985015][   T27] audit: type=1326 audit(1753860696.739:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  127.008244][ T5120] loop1: detected capacity change from 0 to 256
[  127.013642][   T27] audit: type=1326 audit(1753860696.739:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  127.017271][ T4319] usb 4-1: unable to get BOS descriptor or descriptor too short
[  127.065705][   T27] audit: type=1326 audit(1753860696.739:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  127.115824][   T27] audit: type=1326 audit(1753860696.739:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  127.159141][ T4319] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.161602][   T27] audit: type=1326 audit(1753860696.739:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5113 comm="syz.4.219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  127.223649][ T5122] loop0: detected capacity change from 0 to 2048
[  127.247865][ T4319] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[  127.287723][ T4319] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  127.307707][ T4319] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  127.327224][ T4319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.339846][ T5122] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  127.342106][ T4319] usb 4-1: Product: syz
[  127.360342][ T4319] usb 4-1: Manufacturer: syz
[  127.394402][ T4319] usb 4-1: SerialNumber: syz
[  127.469201][ T4978] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  127.598299][ T4978] EXT4-fs (loop0): Remounting filesystem read-only
[  127.630361][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  127.724278][ T4319] cdc_ncm 4-1:1.0: bind() failure
[  127.748102][ T4319] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  127.785641][ T4319] cdc_ncm 4-1:1.1: bind() failure
[  127.803388][ T4319] usb 4-1: USB disconnect, device number 7
[  128.512200][ T5157] lo speed is unknown, defaulting to 1000
[  128.765622][ T5158] loop4: detected capacity change from 0 to 512
[  128.776719][ T5158] EXT4-fs: Ignoring removed mblk_io_submit option
[  128.783392][ T5158] EXT4-fs: Ignoring removed bh option
[  128.906781][ T5158] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  128.918476][ T5158] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  129.099199][ T5158] EXT4-fs (loop4): 1 truncate cleaned up
[  129.104939][ T5158] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  129.365308][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  129.396707][ T5164] loop3: detected capacity change from 0 to 256
[  129.599607][ T5173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.240'.
[  129.893625][ T5181] netlink: 100 bytes leftover after parsing attributes in process `syz.2.244'.
[  130.523166][ T5199] loop4: detected capacity change from 0 to 1024
[  130.634927][ T5199] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  130.714730][ T5199] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  130.887003][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  131.022639][ T5196] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  131.037560][ T5196] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  131.059192][ T5196] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  131.087161][ T5196] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  131.118034][ T5196] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  131.123020][ T5213] netlink: 12 bytes leftover after parsing attributes in process `syz.4.254'.
[  131.126248][ T5211] loop0: detected capacity change from 0 to 256
[  131.140710][ T5196] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  131.150060][ T5196] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  131.169169][ T5196] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  131.175263][ T5196] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  131.268693][ T5196] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  131.305542][ T5196] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  131.336823][ T5196] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  131.357195][ T5196] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  131.390334][ T5196] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  131.415775][ T5196] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  131.514619][ T5219] loop0: detected capacity change from 0 to 128
[  131.588363][ T5219] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  131.642051][ T5219] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  132.025493][ T5239] loop4: detected capacity change from 0 to 256
[  132.050951][ T5240] netlink: 12 bytes leftover after parsing attributes in process `syz.0.265'.
[  132.111883][ T5243] netlink: 256 bytes leftover after parsing attributes in process `syz.1.269'.
[  132.486951][ T4281] Bluetooth: hci0: command 0x0c1a tx timeout
[  132.688620][ T5256] lo speed is unknown, defaulting to 1000
[  132.921148][ T5257] loop3: detected capacity change from 0 to 512
[  132.933907][ T5257] EXT4-fs: Ignoring removed mblk_io_submit option
[  132.940563][ T5257] EXT4-fs: Ignoring removed bh option
[  133.018024][ T5257] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  133.030122][ T5257] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  133.043246][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  133.069802][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  133.117701][ T4281] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.198398][ T4281] Bluetooth: hci2: command 0x0c1a tx timeout
[  133.274041][ T5257] EXT4-fs (loop3): 1 truncate cleaned up
[  133.280011][ T5257] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  133.289790][ T4281] Bluetooth: hci4: command 0x0c1a tx timeout
[  133.367709][ T4281] Bluetooth: hci3: command 0x0c1a tx timeout
[  133.572981][ T5263] loop4: detected capacity change from 0 to 128
[  133.593044][ T5263] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  133.605683][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  133.648512][   T27] kauditd_printk_skb: 3 callbacks suppressed
[  133.648527][   T27] audit: type=1326 audit(1753860703.649:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  133.677634][ T5263] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  133.805357][   T27] audit: type=1326 audit(1753860703.709:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  133.966688][ T5277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.282'.
[  134.004298][   T27] audit: type=1326 audit(1753860703.719:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.043435][ T5276] loop1: detected capacity change from 0 to 512
[  134.051802][ T5278] netlink: 'syz.2.280': attribute type 21 has an invalid length.
[  134.067741][ T5278] netlink: 'syz.2.280': attribute type 4 has an invalid length.
[  134.109526][ T5278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.280'.
[  134.121001][   T27] audit: type=1326 audit(1753860703.719:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.144793][ T5276] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  134.173208][   T27] audit: type=1326 audit(1753860703.719:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.196269][ T5287] random: crng reseeded on system resumption
[  134.200001][   T27] audit: type=1326 audit(1753860703.719:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.208086][ T5276] EXT4-fs (loop1): orphan cleanup on readonly fs
[  134.224945][   T27] audit: type=1326 audit(1753860703.719:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.254742][   T27] audit: type=1326 audit(1753860703.719:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.278040][ T5272] lo speed is unknown, defaulting to 1000
[  134.292476][   T27] audit: type=1326 audit(1753860703.719:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.433175][   T27] audit: type=1326 audit(1753860703.719:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5265 comm="syz.1.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  134.491996][ T5276] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #16: comm syz.1.281: corrupted inode contents
[  134.542684][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.557699][ T4281] Bluetooth: hci0: command 0x0406 tx timeout
[  134.583149][ T5276] EXT4-fs error (device loop1): ext4_dirty_inode:6119: inode #16: comm syz.1.281: mark_inode_dirty error
[  134.676859][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.686313][ T5276] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #16: comm syz.1.281: corrupted inode contents
[  134.738355][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.772968][ T5276] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.281: mark_inode_dirty error
[  134.805279][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.825236][ T5276] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #16: comm syz.1.281: corrupted inode contents
[  134.902884][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.923161][ T5276] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  134.942768][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  134.965273][ T5276] EXT4-fs error (device loop1): ext4_do_update_inode:5254: inode #16: comm syz.1.281: corrupted inode contents
[  135.001457][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  135.017454][ T5276] EXT4-fs error (device loop1): ext4_truncate:4312: inode #16: comm syz.1.281: mark_inode_dirty error
[  135.041436][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  135.049329][ T5276] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  135.084881][ T5276] EXT4-fs (loop1): Remounting filesystem read-only
[  135.093189][ T5276] EXT4-fs (loop1): 1 truncate cleaned up
[  135.110646][ T4793] EXT4-fs error (device loop1): ext4_release_dquot:6850: comm kworker/u4:12: Failed to release dquot type 1
[  135.169668][ T4793] EXT4-fs (loop1): Remounting filesystem read-only
[  135.188126][ T5276] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  135.197798][ T4281] Bluetooth: hci1: command 0x0406 tx timeout
[  135.203722][ T5276] EXT4-fs (loop1): unmounting filesystem.
[  135.277539][ T4281] Bluetooth: hci2: command 0x0406 tx timeout
[  135.357637][ T4281] Bluetooth: hci4: command 0x0406 tx timeout
[  135.437688][ T4281] Bluetooth: hci3: command 0x0406 tx timeout
[  135.613917][ T5320] loop2: detected capacity change from 0 to 128
[  135.645954][ T5320] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  135.696068][ T5320] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  135.801081][ T5322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.294'.
[  135.810381][ T5322] netlink: 28 bytes leftover after parsing attributes in process `syz.1.294'.
[  135.819664][ T5322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.294'.
[  135.830250][ T5326] netlink: 12 bytes leftover after parsing attributes in process `syz.0.295'.
[  135.910874][ T5326] 8021q: adding VLAN 0 to HW filter on device bond1
[  135.951559][ T5327] netlink: 'syz.1.294': attribute type 10 has an invalid length.
[  136.003588][ T5327] bond0: (slave dummy0): Releasing backup interface
[  136.021945][ T5327] team0: Port device dummy0 added
[  136.028224][ T5329] netlink: 'syz.1.294': attribute type 10 has an invalid length.
[  136.104117][ T5329] team0: Port device dummy0 removed
[  136.115687][ T5329] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  136.475670][ T5350] syz.1.303[5350] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  136.475776][ T5350] syz.1.303[5350] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  136.515244][ T5350] loop1: detected capacity change from 0 to 512
[  136.616523][ T5350] EXT4-fs: Ignoring removed mblk_io_submit option
[  136.650235][ T5350] ext4: Unknown parameter 'seclabel'
[  136.884969][ T5357] loop3: detected capacity change from 0 to 128
[  136.895207][ T5357] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  136.927270][ T5357] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  137.552284][ T5369] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  137.686971][ T5374] device syzkaller0 entered promiscuous mode
[  137.707860][ T5374] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  137.998759][ T5380] loop2: detected capacity change from 0 to 512
[  138.009153][ T5380] EXT4-fs: Ignoring removed mblk_io_submit option
[  138.015806][ T5380] EXT4-fs: Ignoring removed bh option
[  138.038314][ T5380] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  138.050618][ T5380] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  138.189989][ T5379] lo speed is unknown, defaulting to 1000
[  138.382408][ T5380] EXT4-fs (loop2): 1 truncate cleaned up
[  138.388618][ T5380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  138.739243][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  138.753404][ T5384] loop4: detected capacity change from 0 to 512
[  138.808752][ T5388] loop1: detected capacity change from 0 to 128
[  138.840986][ T5388] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  138.864915][ T5384] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  138.892214][ T5384] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  138.934645][ T5388] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  139.086055][ T5393] loop0: detected capacity change from 0 to 4096
[  139.136562][ T5393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  139.199904][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  139.659969][ T5410] loop1: detected capacity change from 0 to 256
[  139.777087][ T5412] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  139.826412][ T5412] device syzkaller0 entered promiscuous mode
[  140.019633][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  140.286260][ T5423] loop2: detected capacity change from 0 to 1024
[  140.436267][ T5422] loop4: detected capacity change from 0 to 512
[  140.472905][ T5423] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  140.484583][ T5423] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  140.510376][ T5423] EXT4-fs (loop2): invalid journal inode
[  140.517423][ T5423] EXT4-fs (loop2): can't get journal size
[  140.609508][ T5423] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  140.968835][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  141.043407][   T27] kauditd_printk_skb: 9 callbacks suppressed
[  141.043425][   T27] audit: type=1326 audit(1753860711.039:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  141.120270][   T27] audit: type=1326 audit(1753860711.039:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  141.147804][   T27] audit: type=1326 audit(1753860711.039:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5428 comm="syz.3.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  141.265024][ T5436] 9pnet_fd: Insufficient options for proto=fd
[  141.371397][ T5442] netlink: 20 bytes leftover after parsing attributes in process `syz.3.339'.
[  141.391429][ T5443] 9pnet_fd: Insufficient options for proto=fd
[  141.424334][ T5442] netlink: 20 bytes leftover after parsing attributes in process `syz.3.339'.
[  141.680780][   T27] audit: type=1326 audit(1753860711.679:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  141.758443][ T5451] loop3: detected capacity change from 0 to 256
[  141.764428][   T27] audit: type=1326 audit(1753860711.689:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  141.936970][   T27] audit: type=1326 audit(1753860711.689:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  142.028790][ T5458] netlink: 24 bytes leftover after parsing attributes in process `syz.0.343'.
[  142.050571][   T27] audit: type=1326 audit(1753860711.689:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  142.106786][ T5460] netlink: 24 bytes leftover after parsing attributes in process `syz.0.343'.
[  142.163188][   T27] audit: type=1326 audit(1753860711.689:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  142.270345][   T27] audit: type=1326 audit(1753860711.689:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  142.348133][   T27] audit: type=1326 audit(1753860711.709:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5446 comm="syz.4.340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  142.381927][ T5469] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  142.384918][ T5468] loop0: detected capacity change from 0 to 128
[  142.454303][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.476330][ T5469] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  142.476658][ T5468] FAT-fs (loop0): Filesystem has been set read-only
[  142.533105][ T5468] syz.0.347: attempt to access beyond end of device
[  142.533105][ T5468] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  142.561515][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.576364][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.598280][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.615725][ T5468] syz.0.347: attempt to access beyond end of device
[  142.615725][ T5468] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  142.670625][ T5472] syz.0.347: attempt to access beyond end of device
[  142.670625][ T5472] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.686146][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.703712][ T5472] syz.0.347: attempt to access beyond end of device
[  142.703712][ T5472] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.725153][ T5468] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  142.759166][ T5468] syz.0.347: attempt to access beyond end of device
[  142.759166][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.784279][ T5468] syz.0.347: attempt to access beyond end of device
[  142.784279][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.812890][ T5468] syz.0.347: attempt to access beyond end of device
[  142.812890][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.842156][ T5468] syz.0.347: attempt to access beyond end of device
[  142.842156][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.882408][ T5468] syz.0.347: attempt to access beyond end of device
[  142.882408][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  142.993020][ T5468] syz.0.347: attempt to access beyond end of device
[  142.993020][ T5468] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  143.314549][ T5494] netlink: 4 bytes leftover after parsing attributes in process `syz.4.353'.
[  143.385456][ T5496] Driver unsupported XDP return value 0 on prog  (id 100) dev N/A, expect packet loss!
[  143.572405][ T5502] loop0: detected capacity change from 0 to 256
[  143.877058][ T5507] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  144.047243][ T5514] netlink: 'syz.0.359': attribute type 10 has an invalid length.
[  144.092547][ T5514] team0: Port device dummy0 added
[  144.130291][ T5518] netlink: 'syz.0.359': attribute type 10 has an invalid length.
[  144.238968][ T5518] team0: Port device dummy0 removed
[  144.307858][ T5518] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  145.252816][ T5563] loop4: detected capacity change from 0 to 256
[  145.351518][ T5569] netlink: 80 bytes leftover after parsing attributes in process `syz.3.369'.
[  145.365639][ T5567] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'.
[  145.541701][ T5572] capability: warning: `syz.1.370' uses 32-bit capabilities (legacy support in use)
[  145.703600][ T5577] loop4: detected capacity change from 0 to 2048
[  145.798344][ T5577] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  145.872038][ T5584] netlink: 60 bytes leftover after parsing attributes in process `syz.3.374'.
[  146.050641][ T4271] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  146.112131][ T4271] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem
[  146.126635][ T5592] loop0: detected capacity change from 0 to 2048
[  146.188494][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  146.237157][ T5592] Alternate GPT is invalid, using primary GPT.
[  146.251551][ T5592]  loop0: p1 p2 p3
[  146.591855][ T4273] __loop_clr_fd: partition scan of loop0 failed (rc=-16)
[  146.592878][ T4376] I/O error, dev loop0, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  146.629516][ T4400] I/O error, dev loop0, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  146.639612][ T5445] I/O error, dev loop0, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  146.657643][ T5609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.385'.
[  146.679466][ T5445] I/O error, dev loop0, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.694593][ T4400] I/O error, dev loop0, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.697720][ T4376] I/O error, dev loop0, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.774950][ T5610] netlink: 'syz.1.383': attribute type 13 has an invalid length.
[  146.807029][ T4400] Buffer I/O error on dev loop0p2, logical block 8, async page read
[  146.819383][ T5445] Buffer I/O error on dev loop0p3, logical block 8, async page read
[  147.123542][ T4400] I/O error, dev loop0, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  147.141685][ T5445] I/O error, dev loop0, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  147.460891][ T4376] Buffer I/O error on dev loop0p1, logical block 8, async page read
[  147.470121][ T4376] I/O error, dev loop0, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  147.480223][ T4376] Buffer I/O error on dev loop0p1, logical block 9, async page read
[  147.491199][ T4376] I/O error, dev loop0, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  147.507359][ T4376] Buffer I/O error on dev loop0p1, logical block 10, async page read
[  147.537550][ T4400] Buffer I/O error on dev loop0p2, logical block 9, async page read
[  147.545721][ T4400] Buffer I/O error on dev loop0p2, logical block 10, async page read
[  147.554398][ T5445] Buffer I/O error on dev loop0p3, logical block 9, async page read
[  147.554892][ T4376] Buffer I/O error on dev loop0p1, logical block 11, async page read
[  147.617670][ T5445] Buffer I/O error on dev loop0p3, logical block 10, async page read
[  147.752989][ T5610] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  147.789725][ T5610] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  147.934619][ T5622] device syzkaller0 entered promiscuous mode
[  147.985144][ T4376] udevd[4376]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[  148.000062][ T4400] udevd[4400]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  148.031540][ T5620] udevd[5620]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[  148.351791][   T27] kauditd_printk_skb: 23 callbacks suppressed
[  148.351807][   T27] audit: type=1326 audit(1753860718.349:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.514455][   T27] audit: type=1326 audit(1753860718.349:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.608862][   T27] audit: type=1326 audit(1753860718.349:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.681465][   T27] audit: type=1326 audit(1753860718.349:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.792142][   T27] audit: type=1326 audit(1753860718.349:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.892046][   T27] audit: type=1326 audit(1753860718.349:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  148.975043][   T27] audit: type=1326 audit(1753860718.359:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  149.046318][   T27] audit: type=1326 audit(1753860718.409:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99aa18e9a9 code=0x7ffc0000
[  149.085044][   T27] audit: type=1326 audit(1753860718.419:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f99aa18d310 code=0x7ffc0000
[  149.151573][   T27] audit: type=1326 audit(1753860718.419:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5635 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f99aa1901d7 code=0x7ffc0000
[  149.340937][ T5658] device syzkaller0 entered promiscuous mode
[  149.541691][ T5661] tipc: Started in network mode
[  149.547239][ T5661] tipc: Node identity 56672da28f43, cluster identity 4711
[  149.582440][ T5661] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.638160][ T5667] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  149.822183][ T5659] tipc: Resetting bearer <eth:syzkaller0>
[  149.859761][ T5672] loop2: detected capacity change from 0 to 1024
[  149.884889][ T5672] EXT4-fs: Ignoring removed orlov option
[  149.912659][ T5672] EXT4-fs: Ignoring removed nomblk_io_submit option
[  150.025051][ T5672] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  150.230721][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  150.682856][   T14] tipc: Node number set to 3643026850
[  152.577525][ T5659] tipc: Disabling bearer <eth:syzkaller0>
[  152.768840][ T5708] device syzkaller0 entered promiscuous mode
[  152.823731][ T5710] IPv6: Can't replace route, no match found
[  152.867953][ T5713] loop1: detected capacity change from 0 to 256
[  153.043034][ T5717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.427'.
[  153.060459][ T5717] netlink: 28 bytes leftover after parsing attributes in process `syz.4.427'.
[  153.075720][ T5717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.427'.
[  153.105789][ T5717] netlink: 28 bytes leftover after parsing attributes in process `syz.4.427'.
[  153.137765][ T5717] netlink: 'syz.4.427': attribute type 6 has an invalid length.
[  153.145656][ T5720] netlink: 'syz.4.427': attribute type 10 has an invalid length.
[  153.208149][ T5720] bond0: (slave dummy0): Releasing backup interface
[  153.252709][ T5720] team0: Port device dummy0 added
[  153.273602][ T5721] netlink: 'syz.4.427': attribute type 10 has an invalid length.
[  153.383678][ T5721] team0: Port device dummy0 removed
[  153.405229][ T5721] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  153.448419][ T5734] xt_TPROXY: Can be used only with -p tcp or -p udp
[  153.820995][ T5746] loop1: detected capacity change from 0 to 256
[  154.103799][ T5752] device syzkaller0 entered promiscuous mode
[  154.305903][ T5757] netlink: 'syz.4.444': attribute type 1 has an invalid length.
[  154.446025][ T5757] 8021q: adding VLAN 0 to HW filter on device bond1
[  154.556932][ T5759] device vlan2 entered promiscuous mode
[  154.607521][ T5759] device bond1 entered promiscuous mode
[  154.618507][ T5753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.442'.
[  154.627922][ T5757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.444'.
[  154.675957][ T5757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.444'.
[  154.740629][ T5759] loop4: detected capacity change from 0 to 2048
[  154.998890][ T5776] netlink: 60 bytes leftover after parsing attributes in process `syz.1.448'.
[  155.394464][ T5794] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  155.404706][ T5794] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  155.671318][ T5799] device syzkaller0 entered promiscuous mode
[  155.742066][ T5798] loop1: detected capacity change from 0 to 2048
[  155.855913][ T5798] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  156.293937][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  156.742848][ T5833] loop4: detected capacity change from 0 to 512
[  156.854568][ T5833] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  156.880877][ T5837] lo speed is unknown, defaulting to 1000
[  156.925785][ T5841] loop1: detected capacity change from 0 to 512
[  156.933216][ T5841] EXT4-fs: Ignoring removed mblk_io_submit option
[  156.939937][ T5841] EXT4-fs: Ignoring removed bh option
[  156.959377][ T5841] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  156.970863][ T5841] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  157.036682][ T5833] EXT4-fs (loop4): orphan cleanup on readonly fs
[  157.065724][ T5841] EXT4-fs (loop1): 1 truncate cleaned up
[  157.072485][ T5841] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  157.103822][ T5833] EXT4-fs error (device loop4): ext4_quota_enable:7018: comm syz.4.467: Bad quota inum: 64, type: 0
[  157.177441][ T5833] EXT4-fs (loop4): Remounting filesystem read-only
[  157.215774][ T5833] EXT4-fs warning (device loop4): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix.
[  157.303267][ T5833] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  157.333689][ T5833] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  157.344056][ T5848] IPv4: Oversized IP packet from 127.202.26.0
[  157.630715][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  157.646556][ T5852] device syzkaller0 entered promiscuous mode
[  157.742187][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  157.985736][ T5861] netlink: 80 bytes leftover after parsing attributes in process `syz.2.476'.
[  158.054837][ T5864] loop4: detected capacity change from 0 to 512
[  158.151145][ T5864] EXT4-fs (loop4): 1 orphan inode deleted
[  158.157978][ T4430] __quota_error: 12 callbacks suppressed
[  158.157995][ T4430] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  158.197478][ T5864] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  158.242517][ T4430] EXT4-fs error (device loop4): ext4_release_dquot:6850: comm kworker/u4:9: Failed to release dquot type 1
[  158.261678][ T5864] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.448356][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  158.472034][ T5874] tipc: Started in network mode
[  158.477011][ T5874] tipc: Node identity ca9a61cec6f2, cluster identity 4711
[  158.516229][ T5874] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.551731][ T5882] xt_hashlimit: max too large, truncated to 1048576
[  158.743401][ T5882] loop2: detected capacity change from 0 to 1024
[  158.830929][ T5882] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  159.067561][ T5871] tipc: Resetting bearer <eth:syzkaller0>
[  159.628692][ T4319] tipc: Node number set to 208167374
[  162.423546][ T5871] tipc: Disabling bearer <eth:syzkaller0>
[  162.449062][ T5909] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  162.458871][ T5909] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  162.628791][ T5911] netlink: 80 bytes leftover after parsing attributes in process `syz.2.489'.
[  164.362654][ T5938] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  164.416552][ T5938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  164.457147][ T5942] loop2: detected capacity change from 0 to 512
[  164.547645][ T5942] EXT4-fs (loop2): #blocks per group too big: 466944
[  164.655656][   T27] audit: type=1326 audit(1753860734.649:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  164.709973][ T5949] netlink: 80 bytes leftover after parsing attributes in process `syz.0.502'.
[  164.739672][   T27] audit: type=1326 audit(1753860734.679:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  164.907377][   T27] audit: type=1326 audit(1753860734.679:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  165.027550][   T27] audit: type=1326 audit(1753860734.679:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  165.127359][   T27] audit: type=1326 audit(1753860734.679:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5943 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  165.376029][ T5969] netlink: 28 bytes leftover after parsing attributes in process `syz.4.511'.
[  165.397140][ T5969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.511'.
[  165.784455][ T5976] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  165.880515][ T5976] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  166.586048][ T5979] netlink: 'syz.4.514': attribute type 4 has an invalid length.
[  166.944963][ T5989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.518'.
[  166.972419][ T5989] netlink: 'syz.4.518': attribute type 30 has an invalid length.
[  167.030755][ T5989] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  167.040179][ T5989] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  167.048982][ T5989] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  167.057895][ T5989] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  167.083209][ T5992] loop3: detected capacity change from 0 to 512
[  167.141998][ T5988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.516'.
[  167.152564][ T5992] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  167.181176][ T5988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.516'.
[  167.198642][ T5992] EXT4-fs (loop3): orphan cleanup on readonly fs
[  167.251608][ T5992] EXT4-fs (loop3): 1 orphan inode deleted
[  167.260074][ T5989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.518'.
[  167.270631][ T4430] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  167.300911][ T5989] netlink: 'syz.4.518': attribute type 30 has an invalid length.
[  167.307663][ T4430] EXT4-fs error (device loop3): ext4_release_dquot:6850: comm kworker/u4:9: Failed to release dquot type 1
[  167.322399][ T5992] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  167.807507][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  169.450166][ T6023] loop1: detected capacity change from 0 to 1024
[  169.478969][ T6026] device syzkaller0 entered promiscuous mode
[  169.575015][ T6023] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  169.643782][ T6023] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.529: Allocating blocks 385-513 which overlap fs metadata
[  169.776790][ T6020] EXT4-fs (loop1): pa ffff8880753ae620: logic 16, phys. 129, len 24
[  169.786255][ T6020] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  169.854985][ T6037] loop4: detected capacity change from 0 to 1024
[  169.908538][ T6037] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  169.975554][ T6037] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.533: Allocating blocks 385-513 which overlap fs metadata
[  170.016414][ T6037] EXT4-fs (loop4): pa ffff8880753ae2a0: logic 16, phys. 129, len 24
[  170.025057][ T6037] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  170.258005][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  170.285808][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  170.521709][ T6043] loop4: detected capacity change from 0 to 512
[  170.550918][ T6043] EXT4-fs: Ignoring removed nobh option
[  170.614392][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #3: comm syz.4.535: corrupted inode contents
[  170.634057][   T27] audit: type=1326 audit(1753860740.629:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  170.643730][ T6049] loop1: detected capacity change from 0 to 164
[  170.686458][ T6043] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #3: comm syz.4.535: mark_inode_dirty error
[  170.754916][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #3: comm syz.4.535: corrupted inode contents
[  170.793946][ T6049] bio_check_eod: 878 callbacks suppressed
[  170.793967][ T6049] syz.1.537: attempt to access beyond end of device
[  170.793967][ T6049] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  170.817854][   T27] audit: type=1326 audit(1753860740.639:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  170.912437][ T6043] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.535: mark_inode_dirty error
[  170.940376][ T6054] xt_recent: hitcount (692) is larger than allowed maximum (255)
[  170.954345][ T6049] syz.1.537: attempt to access beyond end of device
[  170.954345][ T6049] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  171.168733][ T6061] lo speed is unknown, defaulting to 1000
[  171.222297][ T6061] loop2: detected capacity change from 0 to 512
[  171.229589][ T6061] EXT4-fs: Ignoring removed mblk_io_submit option
[  171.236058][ T6061] EXT4-fs: Ignoring removed bh option
[  172.058239][ T6061] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  172.069750][ T6061] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  172.111493][   T27] audit: type=1326 audit(1753860740.639:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  172.130236][ T6043] Quota error (device loop4): write_blk: dquota write failed
[  172.151884][ T6061] EXT4-fs (loop2): 1 truncate cleaned up
[  172.157734][ T6061] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  172.179876][ T6043] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  172.191279][ T6043] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.535: Failed to acquire dquot type 0
[  172.208674][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.535: corrupted inode contents
[  172.238799][ T6065] syz.1.537: attempt to access beyond end of device
[  172.238799][ T6065] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  172.260081][ T6043] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #16: comm syz.4.535: mark_inode_dirty error
[  172.302228][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.535: corrupted inode contents
[  172.360783][   T27] audit: type=1326 audit(1753860740.639:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  172.409556][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  172.430089][ T6043] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.535: mark_inode_dirty error
[  172.455753][   T27] audit: type=1326 audit(1753860740.639:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  172.519959][   T27] audit: type=1326 audit(1753860740.639:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff7dcf8e9a9 code=0x7ffc0000
[  172.529142][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.535: corrupted inode contents
[  172.604961][   T27] audit: type=1326 audit(1753860740.639:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff7dcf8e9e3 code=0x7ffc0000
[  172.706561][ T6043] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  172.721556][ T6043] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.535: corrupted inode contents
[  172.743629][   T27] audit: type=1326 audit(1753860740.639:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.1.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff7dcf8d45f code=0x7ffc0000
[  172.803255][ T6043] EXT4-fs error (device loop4): ext4_truncate:4312: inode #16: comm syz.4.535: mark_inode_dirty error
[  172.835419][ T6043] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  172.865642][ T6043] EXT4-fs (loop4): 1 truncate cleaned up
[  172.871462][ T6043] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  172.886953][ T6043] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.924149][ T6079] netlink: 60 bytes leftover after parsing attributes in process `syz.3.546'.
[  173.126831][ T6083] loop1: detected capacity change from 0 to 512
[  173.143579][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  173.164356][ T6083] EXT4-fs: Ignoring removed i_version option
[  173.212980][ T6083] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  173.300804][ T6083] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  173.346000][ T6083] EXT4-fs (loop1): 1 truncate cleaned up
[  173.377681][ T6083] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  173.391601][ T6086] device syzkaller0 entered promiscuous mode
[  173.406336][ T6089] netlink: 80 bytes leftover after parsing attributes in process `syz.4.550'.
[  174.353359][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  174.472077][ T6098] netlink: 12 bytes leftover after parsing attributes in process `syz.2.554'.
[  174.497534][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.2.554'.
[  174.539876][ T6098] netlink: 12 bytes leftover after parsing attributes in process `syz.2.554'.
[  174.557720][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.2.554'.
[  174.585167][ T6098] netlink: 'syz.2.554': attribute type 6 has an invalid length.
[  174.612434][ T6101] netlink: 'syz.2.554': attribute type 10 has an invalid length.
[  174.693733][ T6101] team0: Port device dummy0 added
[  174.724423][ T6104] netlink: 'syz.2.554': attribute type 10 has an invalid length.
[  174.819797][ T6104] team0: Port device dummy0 removed
[  174.824924][ T6112] loop3: detected capacity change from 0 to 2048
[  174.843155][ T6104] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  174.879871][ T6112]  loop3: p1 < > p4
[  174.887258][ T6116] netlink: 60 bytes leftover after parsing attributes in process `syz.1.559'.
[  174.907025][ T6112] loop3: p4 size 8388608 extends beyond EOD, truncated
[  175.244118][ T6125] netlink: 80 bytes leftover after parsing attributes in process `syz.1.561'.
[  175.422494][ T5620] udevd[5620]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  175.439134][ T4376] udevd[4376]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  175.469693][ T6130] hub 6-0:1.0: USB hub found
[  175.481632][ T6130] hub 6-0:1.0: 1 port detected
[  175.966738][ T6146] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  176.031811][ T6146] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  176.125778][ T6148] netlink: 12 bytes leftover after parsing attributes in process `syz.2.571'.
[  176.155046][ T6148] netlink: 28 bytes leftover after parsing attributes in process `syz.2.571'.
[  176.196068][ T6148] netlink: 'syz.2.571': attribute type 6 has an invalid length.
[  176.242693][ T6151] netlink: 'syz.2.571': attribute type 10 has an invalid length.
[  176.290884][ T6151] bond0: (slave dummy0): Releasing backup interface
[  176.350475][ T6151] team0: Port device dummy0 added
[  176.381946][ T6153] netlink: 'syz.2.571': attribute type 10 has an invalid length.
[  176.516276][ T6153] team0: Port device dummy0 removed
[  176.539916][ T6153] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  176.845564][ T6176] ALSA: seq fatal error: cannot create timer (-22)
[  177.068930][   T27] kauditd_printk_skb: 62 callbacks suppressed
[  177.068947][   T27] audit: type=1326 audit(1753860747.069:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.116469][ T6180] loop3: detected capacity change from 0 to 164
[  177.217948][ T6180] syz.3.579: attempt to access beyond end of device
[  177.217948][ T6180] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  177.227443][   T27] audit: type=1326 audit(1753860747.069:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.283971][ T6180] syz.3.579: attempt to access beyond end of device
[  177.283971][ T6180] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  177.349340][ T6184] xt_recent: hitcount (692) is larger than allowed maximum (255)
[  177.399187][   T27] audit: type=1326 audit(1753860747.099:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.473806][ T6189] device syzkaller0 entered promiscuous mode
[  177.522475][   T27] audit: type=1326 audit(1753860747.099:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.627535][ T6191] device syzkaller0 entered promiscuous mode
[  177.636529][   T27] audit: type=1326 audit(1753860747.099:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.770033][   T27] audit: type=1326 audit(1753860747.109:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.798860][   T27] audit: type=1326 audit(1753860747.109:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.884466][   T27] audit: type=1326 audit(1753860747.109:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  177.996080][   T27] audit: type=1326 audit(1753860747.109:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  178.043475][ T6199] loop4: detected capacity change from 0 to 256
[  178.065731][   T27] audit: type=1326 audit(1753860747.109:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6179 comm="syz.3.579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f49d878e9e3 code=0x7ffc0000
[  178.290654][ T6211] __nla_validate_parse: 4 callbacks suppressed
[  178.290672][ T6211] netlink: 20 bytes leftover after parsing attributes in process `syz.0.591'.
[  178.375541][ T6211] netlink: 8 bytes leftover after parsing attributes in process `syz.0.591'.
[  178.432651][ T6213] syz.3.593[6213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  178.432762][ T6213] syz.3.593[6213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  178.676891][ T6221] blktrace: Concurrent blktraces are not allowed on loop0
[  178.715504][ T6220] device syzkaller0 entered promiscuous mode
[  178.936357][ T6231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.600'.
[  178.963967][ T6223] device syzkaller0 entered promiscuous mode
[  178.974752][ T6230] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  179.409494][ T6244] loop3: detected capacity change from 0 to 1024
[  179.431800][ T6247] netlink: 20 bytes leftover after parsing attributes in process `syz.0.607'.
[  179.449381][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.607'.
[  179.498719][ T6244] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  179.538073][ T6244] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3841: comm syz.3.606: Allocating blocks 385-513 which overlap fs metadata
[  179.588433][ T6243] EXT4-fs (loop3): pa ffff888075319c40: logic 16, phys. 129, len 24
[  179.596549][ T6243] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  179.733927][ T6258] loop4: detected capacity change from 0 to 512
[  179.735986][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  179.753245][ T6258] EXT4-fs: Ignoring removed nobh option
[  179.838881][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #3: comm syz.4.612: corrupted inode contents
[  179.879223][ T6258] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #3: comm syz.4.612: mark_inode_dirty error
[  179.907910][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #3: comm syz.4.612: corrupted inode contents
[  179.965654][ T6258] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.612: mark_inode_dirty error
[  179.988548][ T6267] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  180.006962][ T6267] device syzkaller0 entered promiscuous mode
[  180.023345][ T6258] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.612: Failed to acquire dquot type 0
[  180.071605][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.612: corrupted inode contents
[  180.091957][ T6258] EXT4-fs error (device loop4): ext4_dirty_inode:6119: inode #16: comm syz.4.612: mark_inode_dirty error
[  180.136467][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.612: corrupted inode contents
[  180.163729][ T6258] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.612: mark_inode_dirty error
[  180.225401][ T6276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.619'.
[  180.225479][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.612: corrupted inode contents
[  180.285266][ T6258] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  180.315885][ T6258] EXT4-fs error (device loop4): ext4_do_update_inode:5254: inode #16: comm syz.4.612: corrupted inode contents
[  180.335809][ T6279] netlink: 60 bytes leftover after parsing attributes in process `syz.0.618'.
[  180.350897][ T6258] EXT4-fs error (device loop4): ext4_truncate:4312: inode #16: comm syz.4.612: mark_inode_dirty error
[  180.365276][ T6258] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  180.380332][ T6258] EXT4-fs (loop4): 1 truncate cleaned up
[  180.386399][ T6258] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  180.396587][ T6258] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.419409][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.447524][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.455016][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.473367][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.486561][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  180.495345][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.508652][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.525110][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.541287][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.566734][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.589906][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.597832][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.605587][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.613203][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.620813][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.628420][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.635943][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.665199][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.684214][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.699653][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.707401][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.723757][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.753217][ T6287] loop1: detected capacity change from 0 to 1024
[  180.759764][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.767199][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.776129][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.784595][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.792284][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.800186][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.811847][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.819534][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.821088][ T6287] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  180.827095][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.843086][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.847630][ T6287] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.851301][ T4329] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  180.876928][ T4329] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  181.115465][ T6292] fido_id[6292]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  181.135543][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  181.278328][ T6297] netlink: 20 bytes leftover after parsing attributes in process `syz.4.622'.
[  181.342456][ T6297] netlink: 8 bytes leftover after parsing attributes in process `syz.4.622'.
[  181.878099][ T6320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.634'.
[  182.841921][ T6344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  182.873797][ T6344] tipc: Resetting bearer <eth:syzkaller0>
[  182.889901][ T6342] tipc: Disabling bearer <eth:syzkaller0>
[  183.175344][   T27] kauditd_printk_skb: 66 callbacks suppressed
[  183.175362][   T27] audit: type=1326 audit(1753860753.169:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.212011][   T27] audit: type=1326 audit(1753860753.169:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.239753][   T27] audit: type=1326 audit(1753860753.169:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.334118][ T6359] loop2: detected capacity change from 0 to 512
[  183.347137][   T27] audit: type=1326 audit(1753860753.169:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.401810][   T27] audit: type=1326 audit(1753860753.169:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.498504][   T27] audit: type=1326 audit(1753860753.169:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.559726][ T6368] lo speed is unknown, defaulting to 1000
[  183.607577][ T6371] loop4: detected capacity change from 0 to 512
[  183.615688][ T6371] EXT4-fs: Ignoring removed mblk_io_submit option
[  183.622290][ T6371] EXT4-fs: Ignoring removed bh option
[  183.629025][ T6359] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  183.690341][ T6371] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  183.702644][ T6371] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  183.756074][ T6371] EXT4-fs (loop4): 1 truncate cleaned up
[  183.761941][ T6371] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  183.890532][   T27] audit: type=1326 audit(1753860753.169:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  183.957832][   T27] audit: type=1326 audit(1753860753.169:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  184.053102][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  184.071770][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  184.081593][   T27] audit: type=1326 audit(1753860753.169:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  184.127406][   T27] audit: type=1326 audit(1753860753.169:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6355 comm="syz.3.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f49d878e9a9 code=0x7ffc0000
[  184.379600][ T6378] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  184.413134][ T6378] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  184.715756][ T6393] __nla_validate_parse: 2 callbacks suppressed
[  184.715774][ T6393] netlink: 80 bytes leftover after parsing attributes in process `syz.0.662'.
[  185.650360][ T6415] loop4: detected capacity change from 0 to 512
[  185.688951][ T6415] EXT4-fs: Ignoring removed i_version option
[  185.711200][ T6415] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  185.829722][ T6415] EXT4-fs (loop4): 1 truncate cleaned up
[  185.856659][ T6415] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  186.655743][ T6426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'.
[  186.737351][ T6426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.673'.
[  186.777154][ T6426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'.
[  186.825165][ T6426] netlink: 28 bytes leftover after parsing attributes in process `syz.1.673'.
[  186.836409][ T6426] netlink: 'syz.1.673': attribute type 6 has an invalid length.
[  186.844997][ T6430] netlink: 'syz.1.673': attribute type 10 has an invalid length.
[  186.853434][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  186.928614][ T6430] bond0: (slave dummy0): Releasing backup interface
[  186.960105][ T6430] team0: Port device dummy0 added
[  186.979188][ T6432] netlink: 'syz.1.673': attribute type 10 has an invalid length.
[  187.070314][ T6432] team0: Port device dummy0 removed
[  187.081720][ T6432] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  187.219673][ T6446] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  187.251553][ T6444] device syzkaller0 entered promiscuous mode
[  187.311983][ T6450] loop0: detected capacity change from 0 to 512
[  187.324461][ T6448] netlink: 8 bytes leftover after parsing attributes in process `syz.4.682'.
[  187.325191][ T6450] EXT4-fs: Ignoring removed i_version option
[  187.348769][ T6450] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  187.429733][ T6450] EXT4-fs (loop0): 1 truncate cleaned up
[  187.467432][ T6450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  187.715888][ T6457] netlink: 24 bytes leftover after parsing attributes in process `syz.1.687'.
[  188.552455][ T6476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.693'.
[  188.554396][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  188.561463][ T6476] netlink: 28 bytes leftover after parsing attributes in process `syz.2.693'.
[  188.561487][ T6476] netlink: 12 bytes leftover after parsing attributes in process `syz.2.693'.
[  188.561716][ T6476] netlink: 'syz.2.693': attribute type 6 has an invalid length.
[  188.598914][ T6476] netlink: 'syz.2.693': attribute type 10 has an invalid length.
[  188.630970][ T6476] bond0: (slave dummy0): Releasing backup interface
[  188.661477][ T6476] team0: Port device dummy0 added
[  188.667117][ T6478] netlink: 'syz.2.693': attribute type 10 has an invalid length.
[  188.744742][ T6478] team0: Port device dummy0 removed
[  188.762081][ T6478] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  188.959177][ T6486] loop4: detected capacity change from 0 to 2048
[  189.004118][ T6488] loop2: detected capacity change from 0 to 256
[  189.022732][ T6486] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  189.073966][ T4271] EXT4-fs (loop4): unmounting filesystem.
[  189.138965][ T6496] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  189.188728][ T6496] device syzkaller0 entered promiscuous mode
[  189.314803][ T6503] tipc: Started in network mode
[  189.330500][ T6503] tipc: Node identity 1ae80c2d0739, cluster identity 4711
[  189.373438][ T6504] loop1: detected capacity change from 0 to 512
[  189.383342][ T6503] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  189.398509][ T6504] EXT4-fs: Ignoring removed i_version option
[  189.432560][ T6504] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  189.451484][ T6506] device syzkaller0 entered promiscuous mode
[  189.501481][ T6504] EXT4-fs (loop1): 1 truncate cleaned up
[  189.507218][ T6504] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  189.568306][ T6500] tipc: Resetting bearer <eth:syzkaller0>
[  190.862762][ T4319] tipc: Node number set to 500239405
[  191.251603][ T6500] tipc: Disabling bearer <eth:syzkaller0>
[  191.263864][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  191.288316][ T6519] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  191.309648][ T6519] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  191.326562][ T6523] __nla_validate_parse: 3 callbacks suppressed
[  191.326582][ T6523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.707'.
[  191.756116][ T6530] netlink: 12 bytes leftover after parsing attributes in process `syz.4.711'.
[  191.773568][ T6530] netlink: 28 bytes leftover after parsing attributes in process `syz.4.711'.
[  191.788451][ T6530] netlink: 12 bytes leftover after parsing attributes in process `syz.4.711'.
[  191.808115][ T6530] netlink: 28 bytes leftover after parsing attributes in process `syz.4.711'.
[  191.817531][ T6530] netlink: 'syz.4.711': attribute type 6 has an invalid length.
[  191.826112][ T6537] mmap: syz.1.715 (6537) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  191.838585][ T6535] netlink: 'syz.4.711': attribute type 10 has an invalid length.
[  191.869932][ T6540] loop0: detected capacity change from 0 to 256
[  191.906055][ T6535] bond0: (slave dummy0): Releasing backup interface
[  191.946893][ T6535] team0: Port device dummy0 added
[  191.964549][ T6538] netlink: 'syz.4.711': attribute type 10 has an invalid length.
[  191.997143][ T6543] loop2: detected capacity change from 0 to 1024
[  192.046824][ T6538] team0: Port device dummy0 removed
[  192.072468][ T6538] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  192.083415][ T6543] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  192.129629][ T6543] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.716: Allocating blocks 385-513 which overlap fs metadata
[  192.155011][ T6541] EXT4-fs (loop2): pa ffff888071a28c40: logic 16, phys. 129, len 24
[  192.163255][ T6541] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  192.318126][ T4276] EXT4-fs (loop2): unmounting filesystem.
[  192.606369][ T6569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'.
[  192.761611][ T6573] loop1: detected capacity change from 0 to 128
[  192.775659][ T6573] EXT4-fs: Ignoring removed nobh option
[  192.802090][ T6571] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  192.815588][ T6571] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  192.839211][ T6566] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  192.899794][ T6573] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  192.989614][ T6573] ext4 filesystem being mounted at /146/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  193.206396][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  193.506932][ T6579] netlink: 60 bytes leftover after parsing attributes in process `syz.4.728'.
[  193.540990][ T6585] loop1: detected capacity change from 0 to 256
[  194.267041][ T6611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.740'.
[  194.396495][ T6613] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  194.487710][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  194.494748][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  194.506621][ T6613] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  194.731545][ T6616] tipc: Started in network mode
[  194.741811][ T6616] tipc: Node identity c237e198e7d1, cluster identity 4711
[  194.749244][ T6616] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  194.769136][ T6616] device syzkaller0 entered promiscuous mode
[  194.874328][ T6615] tipc: Resetting bearer <eth:syzkaller0>
[  194.938880][ T6615] tipc: Disabling bearer <eth:syzkaller0>
[  195.073302][ T6624] loop1: detected capacity change from 0 to 256
[  195.238333][ T6628] netlink: 60 bytes leftover after parsing attributes in process `syz.4.746'.
[  195.496646][ T6639] loop0: detected capacity change from 0 to 512
[  195.516714][ T6639] EXT4-fs: Ignoring removed i_version option
[  195.567432][ T6639] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  195.642661][ T6639] EXT4-fs (loop0): 1 truncate cleaned up
[  195.663630][ T6639] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  195.836939][ T6649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.754'.
[  196.781093][ T6658] loop1: detected capacity change from 0 to 512
[  196.891230][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  196.984039][ T6658] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c01c, mo2=0002]
[  196.992525][ T6658] System zones: 1-3, 19-19, 35-38
[  197.011702][ T6658] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  197.021288][ T6658] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.388098][ T6662] loop3: detected capacity change from 0 to 256
[  197.774802][ T6667] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  197.880593][ T6670] device syzkaller0 entered promiscuous mode
[  197.958736][ T6667] tipc: Resetting bearer <eth:syzkaller0>
[  197.994802][ T6664] tipc: Resetting bearer <eth:syzkaller0>
[  198.131164][ T6664] tipc: Disabling bearer <eth:syzkaller0>
[  198.612167][ T6677] loop3: detected capacity change from 0 to 1024
[  199.098852][ T6677] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  199.109967][ T6677] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869)
[  199.138578][ T6677] EXT4-fs (loop3): invalid journal inode
[  199.144731][ T6677] EXT4-fs (loop3): can't get journal size
[  199.217177][ T4266] EXT4-fs (loop1): unmounting filesystem.
[  199.229978][ T6677] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  199.534698][ T4267] EXT4-fs (loop3): unmounting filesystem.
[  199.651306][ T6683] netlink: 80 bytes leftover after parsing attributes in process `syz.2.766'.
[  199.726448][ T6690] loop4: detected capacity change from 0 to 512
[  199.740051][ T6690] EXT4-fs: Ignoring removed i_version option
[  199.859406][ T6690] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  199.929940][   T27] kauditd_printk_skb: 22 callbacks suppressed
[  199.929958][   T27] audit: type=1326 audit(1753860769.929:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.0.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6764b8e9a9 code=0x7ffc0000
[  199.986030][ T6690] EXT4-fs (loop4): 1 truncate cleaned up
[  200.034547][ T6696] netlink: 'syz.3.767': attribute type 13 has an invalid length.
[  200.053765][ T6690] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  200.796114][ T6696] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  200.815432][ T6696] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  200.943550][   T27] audit: type=1326 audit(1753860769.929:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.0.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6764b8e9a9 code=0x7ffc0000
[  200.973362][   T27] audit: type=1326 audit(1753860769.959:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.0.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f6764b8e9a9 code=0x7ffc0000
[  201.036540][ T6702] loop1: detected capacity change from 0 to 256
[  201.074239][   T27] audit: type=1326 audit(1753860769.959:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.0.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6764b8e9a9 code=0x7ffc0000
[  201.159015][ T6704] 
[  201.161430][ T6704] ======================================================
[  201.168476][ T6704] WARNING: possible circular locking dependency detected
[  201.175544][ T6704] 6.1.147-syzkaller #0 Not tainted
[  201.180681][ T6704] ------------------------------------------------------
[  201.187723][ T6704] syz.4.768/6704 is trying to acquire lock:
[  201.193638][ T6704] ffff8880750bf258 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_lookup_create+0x18b5/0x1d10
[  201.205567][ T6704] 
[  201.205567][ T6704] but task is already holding lock:
[  201.212955][ T6704] ffff8880750bc8c0 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x13d4/0x19f0
[  201.222336][ T6704] 
[  201.222336][ T6704] which lock already depends on the new lock.
[  201.222336][ T6704] 
[  201.232762][ T6704] 
[  201.232762][ T6704] the existing dependency chain (in reverse order) is:
[  201.241821][ T6704] 
[  201.241821][ T6704] -> #1 (&ei->i_data_sem/3){++++}-{3:3}:
[  201.249702][ T6704]        down_write+0x36/0x60
[  201.254421][ T6704]        ext4_xattr_inode_lookup_create+0x15c4/0x1d10
[  201.261228][ T6704]        ext4_xattr_ibody_set+0x1fe/0x690
[  201.266986][ T6704]        ext4_xattr_set_handle+0xa7c/0x12b0
[  201.272922][ T6704]        ext4_xattr_set+0x22a/0x320
[  201.278155][ T6704]        __vfs_setxattr+0x3e0/0x420
[  201.283392][ T6704]        __vfs_setxattr_noperm+0x129/0x5e0
[  201.289237][ T6704]        vfs_setxattr+0x168/0x2f0
[  201.294303][ T6704]        setxattr+0x2b2/0x2d0
[  201.299012][ T6704]        path_setxattr+0x142/0x280
[  201.304158][ T6704]        __x64_sys_setxattr+0xb7/0xd0
[  201.309602][ T6704]        do_syscall_64+0x4c/0xa0
[  201.314569][ T6704]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  201.321113][ T6704] 
[  201.321113][ T6704] -> #0 (&sb->s_type->i_mutex_key#8/1){+.+.}-{3:3}:
[  201.329955][ T6704]        __lock_acquire+0x2cf8/0x7c50
[  201.335367][ T6704]        lock_acquire+0x1b4/0x490
[  201.340431][ T6704]        down_write+0x36/0x60
[  201.345148][ T6704]        ext4_xattr_inode_lookup_create+0x18b5/0x1d10
[  201.351954][ T6704]        ext4_xattr_block_set+0x23a/0x32a0
[  201.357819][ T6704]        ext4_expand_extra_isize_ea+0x109b/0x19b0
[  201.364282][ T6704]        __ext4_expand_extra_isize+0x301/0x3e0
[  201.370478][ T6704]        __ext4_mark_inode_dirty+0x47f/0x770
[  201.376501][ T6704]        ext4_setattr+0x1457/0x19f0
[  201.381727][ T6704]        notify_change+0xc74/0xf40
[  201.386858][ T6704]        do_truncate+0x197/0x220
[  201.391838][ T6704]        path_openat+0x27f2/0x2e70
[  201.396962][ T6704]        do_filp_open+0x1c1/0x3c0
[  201.401996][ T6704]        do_sys_openat2+0x142/0x490
[  201.407217][ T6704]        __x64_sys_openat+0x135/0x160
[  201.412609][ T6704]        do_syscall_64+0x4c/0xa0
[  201.417571][ T6704]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  201.424011][ T6704] 
[  201.424011][ T6704] other info that might help us debug this:
[  201.424011][ T6704] 
[  201.434266][ T6704]  Possible unsafe locking scenario:
[  201.434266][ T6704] 
[  201.441786][ T6704]        CPU0                    CPU1
[  201.447161][ T6704]        ----                    ----
[  201.452532][ T6704]   lock(&ei->i_data_sem/3);
[  201.457140][ T6704]                                lock(&sb->s_type->i_mutex_key#8/1);
[  201.465228][ T6704]                                lock(&ei->i_data_sem/3);
[  201.472356][ T6704]   lock(&sb->s_type->i_mutex_key#8/1);
[  201.477921][ T6704] 
[  201.477921][ T6704]  *** DEADLOCK ***
[  201.477921][ T6704] 
[  201.486072][ T6704] 5 locks held by syz.4.768/6704:
[  201.491105][ T6704]  #0: ffff888074878460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90
[  201.500280][ T6704]  #1: ffff8880750bca38 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x183/0x220
[  201.510575][ T6704]  #2: ffff8880750bcbd8 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xe6f/0x19f0
[  201.520783][ T6704]  #3: ffff8880750bc8c0 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x13d4/0x19f0
[  201.530563][ T6704]  #4: ffff8880750bc700 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770
[  201.540854][ T6704] 
[  201.540854][ T6704] stack backtrace:
[  201.546761][ T6704] CPU: 0 PID: 6704 Comm: syz.4.768 Not tainted 6.1.147-syzkaller #0
[  201.554751][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.564835][ T6704] Call Trace:
[  201.568126][ T6704]  <TASK>
[  201.571071][ T6704]  dump_stack_lvl+0x168/0x22e
[  201.575767][ T6704]  ? load_image+0x3b0/0x3b0
[  201.580289][ T6704]  ? show_regs_print_info+0x12/0x12
[  201.585501][ T6704]  ? print_circular_bug+0x12b/0x1a0
[  201.590718][ T6704]  check_noncircular+0x274/0x310
[  201.595676][ T6704]  ? add_chain_block+0x940/0x940
[  201.600633][ T6704]  ? lockdep_lock+0xdc/0x1e0
[  201.605244][ T6704]  ? lock_chain_count+0x20/0x20
[  201.610114][ T6704]  ? _find_first_zero_bit+0xcf/0x100
[  201.615428][ T6704]  __lock_acquire+0x2cf8/0x7c50
[  201.620306][ T6704]  ? lockdep_hardirqs_on+0x94/0x140
[  201.625536][ T6704]  ? verify_lock_unused+0x140/0x140
[  201.630757][ T6704]  ? release_firmware_map_entry+0x18a/0x18a
[  201.636672][ T6704]  lock_acquire+0x1b4/0x490
[  201.641198][ T6704]  ? ext4_xattr_inode_lookup_create+0x18b5/0x1d10
[  201.647635][ T6704]  ? __might_sleep+0xd0/0xd0
[  201.652248][ T6704]  ? lockdep_hardirqs_on+0x94/0x140
[  201.657476][ T6704]  ? read_lock_is_recursive+0x10/0x10
[  201.662876][ T6704]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  201.668556][ T6704]  ? ext4_xattr_inode_lookup_create+0xf01/0x1d10
[  201.674908][ T6704]  down_write+0x36/0x60
[  201.679086][ T6704]  ? ext4_xattr_inode_lookup_create+0x18b5/0x1d10
[  201.685524][ T6704]  ext4_xattr_inode_lookup_create+0x18b5/0x1d10
[  201.691795][ T6704]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  201.697449][ T6704]  ? lockdep_hardirqs_on+0x94/0x140
[  201.702700][ T6704]  ? ext4_xattr_ibody_set+0x690/0x690
[  201.708102][ T6704]  ext4_xattr_block_set+0x23a/0x32a0
[  201.713412][ T6704]  ? __might_sleep+0xd0/0xd0
[  201.718045][ T6704]  ? __getblk_gfp+0x4f/0xb20
[  201.722652][ T6704]  ? xattr_find_entry+0x12b/0x2f0
[  201.727696][ T6704]  ? ext4_xattr_block_find+0x2b0/0x2b0
[  201.733176][ T6704]  ? ext4_xattr_block_find+0x241/0x2b0
[  201.738654][ T6704]  ext4_expand_extra_isize_ea+0x109b/0x19b0
[  201.744580][ T6704]  __ext4_expand_extra_isize+0x301/0x3e0
[  201.750306][ T6704]  __ext4_mark_inode_dirty+0x47f/0x770
[  201.755817][ T6704]  ext4_setattr+0x1457/0x19f0
[  201.760540][ T6704]  ? ext4_write_inode+0x5e0/0x5e0
[  201.765592][ T6704]  notify_change+0xc74/0xf40
[  201.770203][ T6704]  do_truncate+0x197/0x220
[  201.774644][ T6704]  ? aa_get_current_label+0x110/0x1d0
[  201.780045][ T6704]  ? put_page_bootmem+0x2c0/0x2c0
[  201.785091][ T6704]  ? ima_bprm_check+0x1f0/0x1f0
[  201.789969][ T6704]  ? bpf_lsm_path_truncate+0x5/0x10
[  201.795184][ T6704]  path_openat+0x27f2/0x2e70
[  201.799799][ T6704]  ? __schedule+0x10f4/0x40b0
[  201.804501][ T6704]  ? do_filp_open+0x3c0/0x3c0
[  201.809199][ T6704]  ? release_firmware_map_entry+0x18a/0x18a
[  201.815113][ T6704]  ? mark_lock+0x94/0x320
[  201.819468][ T6704]  do_filp_open+0x1c1/0x3c0
[  201.823986][ T6704]  ? vfs_tmpfile+0x480/0x480
[  201.828589][ T6704]  ? preempt_schedule_common+0xa5/0xd0
[  201.834078][ T6704]  ? _raw_spin_unlock+0x36/0x40
[  201.838964][ T6704]  ? alloc_fd+0x58f/0x630
[  201.843314][ T6704]  do_sys_openat2+0x142/0x490
[  201.848025][ T6704]  ? lock_chain_count+0x20/0x20
[  201.852897][ T6704]  ? do_sys_open+0xe0/0xe0
[  201.857340][ T6704]  ? lockdep_hardirqs_on+0x94/0x140
[  201.862584][ T6704]  __x64_sys_openat+0x135/0x160
[  201.867463][ T6704]  do_syscall_64+0x4c/0xa0
[  201.871904][ T6704]  ? clear_bhb_loop+0x60/0xb0
[  201.876621][ T6704]  ? clear_bhb_loop+0x60/0xb0
[  201.881317][ T6704]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  201.887240][ T6704] RIP: 0033:0x7f99aa18e9a9
[  201.891690][ T6704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.911320][ T6704] RSP: 002b:00007f99ab051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  201.919754][ T6704] RAX: ffffffffffffffda RBX: 00007f99aa3b6160 RCX: 00007f99aa18e9a9
[  201.927830][ T6704] RDX: 0000000000000242 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  201.935816][ T6704] RBP: 00007f99aa210d69 R08: 0000000000000000 R09: 0000000000000000
[  201.943808][ T6704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  201.951789][ T6704] R13: 0000000000000000 R14: 00007f99aa3b6160 R15: 00007fff152dc538
[  201.959783][ T6704]  </TASK>
[  201.968660][ T4283] Bluetooth: hci2: command 0x0406 tx timeout
[  201.974863][ T4283] Bluetooth: hci3: command 0x0406 tx timeout
[  201.984390][ T4281] Bluetooth: hci0: command 0x0406 tx timeout
[  201.990497][ T4268] Bluetooth: hci4: command 0x0406 tx timeout
[  201.996564][ T4268] Bluetooth: hci1: command 0x0406 tx timeout
[  202.003927][   T27] audit: type=1326 audit(1753860769.959:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6692 comm="syz.0.769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6764b8e9a9 code=0x7ffc0000
[  202.075867][ T6707] device syzkaller0 entered promiscuous mode
[  202.157233][ T4271] EXT4-fs (loop4): unmounting filesystem.