last executing test programs:

7.769407109s ago: executing program 0 (id=370):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)

7.450941687s ago: executing program 0 (id=374):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x130, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360)

6.362770009s ago: executing program 0 (id=389):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}, {@barrier}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
chdir(&(0x7f0000000400)='./file0\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000640)='kfree\x00', r0, 0x0, 0x2}, 0x18)
link(&(0x7f0000000340)='./file0\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

5.559488578s ago: executing program 0 (id=393):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
ioctl$sock_inet_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040))
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000003f0001002cbd7000ffdbdf25010000003a0004002c"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x8000)

5.208767699s ago: executing program 0 (id=396):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c80)={{r0}, &(0x7f0000000c00), 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)

5.087356327s ago: executing program 0 (id=397):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2, 0x0, 0x2}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x4001, 0x3, 0x510, 0x1f0, 0x0, 0x148, 0x1f0, 0x148, 0x478, 0x240, 0x240, 0x478, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0xff000000, 'ip6tnl0\x00', 'wlan1\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0x190, 0x1f0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x6, 0x1, 0x1, 'syz1\x00', 0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0xffffff00, 0xffffff00, 0x0, 0xffffff00], 0x4e22, 0x4e22, 0x4e20, 0x4e23, 0x8, 0x2, 0x5f4a, 0x100, 0x2}}}, {{@ip={@remote, @multicast1, 0xff000000, 0xffffff00, 'wlan0\x00', 'pimreg1\x00', {}, {0xff}, 0x84, 0x0, 0x60}, 0x0, 0x260, 0x288, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x9, 0x1, 0x1, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x4, 0x3, 0x1, 0x1, 'syz1\x00', 0x5}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r5, 0x0)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

4.174680528s ago: executing program 1 (id=407):
socket$nl_route(0x10, 0x3, 0x0)
r0 = getuid()
r1 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r1, @ANYBLOB="834ec1d449594140ec7cd849b7c8102c41e3f0dca515470324ad4b0aa65364316fe674110b7c727744b2f37a93b77b35ccb8e87c616bc84d3297853814466c08ba6cae359bb1ce46140003c076f89f4cb267d0092e9c9634c7f7a2d05607208792276023dc797dbe05bec5c4637e8ee055a7d8ecb88d75", @ANYRESHEX, @ANYRESHEX=r0, @ANYBLOB="51ed0b6e23267ed03d74bcc66308f1fbd562cdc245173478935ca1d1bc30029915b26caef9b72fb0de1a8be170931bc86650534531c7347e69d84140b4c41e5afc6ea7292657de0dc912fb7571f06f1d5a0eb6036265b5720207f761c09a83177a8e177a0c0092", @ANYRES32=r1, @ANYRES16=0x0, @ANYRESHEX=r1], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000280)={0x1, 0x0, 0x3, 0x0, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x4005)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)

2.990907026s ago: executing program 1 (id=412):
syz_open_dev$usbfs(&(0x7f0000000000), 0x7f, 0xf637a2e314ffd3c3)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x21ca, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe3f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x4058534c, &(0x7f00000000c0)={0x80, 0x2, {0x0, 0x0, 0x4}})
syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x1004)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/15], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3, 0x0, 0x2}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0d00000069000000040000000500000000000000", @ANYRES32=r5, @ANYBLOB='\x00'/12, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r6, &(0x7f0000000080), 0x0}, 0x20)
r7 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20e8086)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0)
close(r8)

2.935567131s ago: executing program 3 (id=414):
r0 = socket(0xa, 0x3, 0x87)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80)

2.730935844s ago: executing program 4 (id=415):
getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000ffff26bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15170000bcb7040008000a00", @ANYRES32, @ANYBLOB="140012800c0001006d6163767461700004000280080005"], 0x44}, 0x1, 0x0, 0x0, 0x240448c5}, 0x8000002)

2.597215648s ago: executing program 3 (id=417):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0xfffffffe, 0x34f}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x82e, 0x0, 0x0, 0x4}]}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.573115662s ago: executing program 1 (id=418):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})

2.39728409s ago: executing program 1 (id=420):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x4000054)

2.356598094s ago: executing program 4 (id=421):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r0 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000440)={'syztnl1\x00', 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008000)
syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000640), 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000f400850000008600000095"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mm_page_free\x00', r2, 0x0, 0x1002}, 0x18)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0}, 0x0)

2.300471893s ago: executing program 2 (id=422):
socket$nl_route(0x10, 0x3, 0x0)
r0 = getuid()
r1 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r1, @ANYBLOB="834ec1d449594140ec7cd849b7c8102c41e3f0dca515470324ad4b0aa65364316fe674110b7c727744b2f37a93b77b35ccb8e87c616bc84d3297853814466c08ba6cae359bb1ce46140003c076f89f4cb267d0092e9c9634c7f7a2d05607208792276023dc797dbe05bec5c4637e8ee055a7d8ecb88d75", @ANYRESHEX, @ANYRESHEX=r0, @ANYBLOB="51ed0b6e23267ed03d74bcc66308f1fbd562cdc245173478935ca1d1bc30029915b26caef9b72fb0de1a8be170931bc86650534531c7347e69d84140b4c41e5afc6ea7292657de0dc912fb7571f06f1d5a0eb6036265b5720207f761c09a83177a8e177a0c0092", @ANYRES32=r1, @ANYRES16=0x0, @ANYRESHEX=r1], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000280)={0x1, 0x0, 0x3, 0x0, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
socket$inet(0x2, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x4005)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)

2.260889259s ago: executing program 3 (id=423):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000800500000a3c000000090a010400000000000000000a7df2040900010073797a310020000008000540000000020900020073797a310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c61737400000000040002801400000000000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

1.230336748s ago: executing program 3 (id=424):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8ab8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb3", 0x5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

1.153964181s ago: executing program 2 (id=425):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000b80)=[{0x6}]}, 0x10)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

1.094904345s ago: executing program 4 (id=426):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740))
sendmmsg$inet6(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x801)

1.009990533s ago: executing program 1 (id=427):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

917.746681ms ago: executing program 3 (id=428):
r0 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
r1 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r1, &(0x7f0000000280)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x35, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800"], 0x0)

900.965033ms ago: executing program 2 (id=429):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000001080)="2cae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c", 0x2d9}, {&(0x7f0000000b00)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1ba5cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e8801cbfa5ad284ea2180d1c80c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61f48eccfcc29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f8df2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cc5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5db60a4e8835dc47ed2537681827f6129759272574cf58f2f33c0bb3c24fa67c327cde47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826725b821dcbde856ba5a33f12cb1ea51da9ce96881d1aa6d096ed6b2319344d3c2781803a2119d9efd47b1abba3c1e6c563c1ec692da80ef66b19495b8e801d07b133f1b552ee772732a90e765b92d67f7a0cc8f15a4c6143f7cd3bda78fc7c3a743ad05b550d0083b821fb92e836d5d4cd36668d19d4cc80c355", 0x274}, {&(0x7f00000006c0)="5be08105437c98b91b9455046f57b5fc090014bde2bb01000000000000001a7838d859207067c30aa7352a", 0x2b}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0)

889.669967ms ago: executing program 4 (id=430):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

736.212437ms ago: executing program 1 (id=431):
r0 = gettid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7c}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pI4   \x00'}, 0x20)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r5=>0x0})
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x2000001, {0x0, 0x0, 0x0, r5, {0x7, 0xa}, {0xd, 0xffe0}, {0x8, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r8 = io_uring_setup(0xee4, 0x0)
r9 = dup3(r7, r8, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x4004550c, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f00000001c0), &(0x7f00000005c0)=r1}, 0x20)
r10 = syz_open_procfs(0x0, &(0x7f0000000280)='net/vlan/config\x00')
lseek(r10, 0x289e0cb5, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0x1}, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3}, 0x50)
mq_open(&(0x7f0000000ac0)='eth0\x00\xdd\xad\xff=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9%\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xcfL\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe9XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xa2@\xeb\x18\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4\x80\x00\x00\x00a\xdf\xb5\xd9\xe4\x01\xea|.\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9J\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O\x9e\xef\x9b\x97\xcb\xc6\x89\xba\x8e\xf2\xfb\xd5\a\xcb\xf6\xf7{\xec\xf0@\xc2\xb2\xbcAQx\xa4\x12\xf8\x9cji\"\xf7\x1a\xbd\xac\xde\xf4\x9b\xd7#\xab\\q\xd6\xdf#>}\x97\xd0U\xe4\x9e+|\xb1MT\xa0\x1bf\v9\xcdx\xab\x83\x87\xd3q3\xbeL\xd2\x1f6\x1ffL\x9eM\x0f?\'\xc3YB0\x80!\xe9Y\xf1:\xeeX\xf7G\x85K\xbb\xbdijaA\x00&\x0e\xb3\x99\xbc9\xee\x8f\aVy!d^\r\xd1\x9b\xd5<y \xff\x05o\xc2\xef\x87~\x9au\x10\xef\x89\xfb\xa2v\a\xd3\x8f\x85\xf6\xef\xc6\x92;cj\xc0\x12m\\Thf`\x1c\xc3I\xc3VY\xcf\b\x03R@\x8eI\xd7\xdf>\x06\xbc$\xc9[\x8e[', 0x1, 0x50, 0x0)

679.602599ms ago: executing program 2 (id=432):
r0 = io_uring_setup(0xfc6, &(0x7f00000002c0)={0x0, 0x6c02, 0x0, 0x0, 0x20000004})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000002c0)={0x2, 0x4e22, @remote}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

662.644708ms ago: executing program 3 (id=433):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000019580)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfff7ffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x4)

512.050611ms ago: executing program 4 (id=434):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000800500000a3c000000090a010400000000000000000a7df2040900010073797a310020000008000540000000020900020073797a310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c61737400000000040002801400000000000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

435.386368ms ago: executing program 2 (id=435):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), 0x0, 0x835, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x10)
sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x4c001, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000900)='.U', 0x2, 0x12, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/2, 0xffffff0c, 0xc9100160, 0x0, 0x0)

221.801047ms ago: executing program 4 (id=436):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/14], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffad)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x4, 0x0, 0x7ffc0002}]})
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x22802, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7e9, &(0x7f00000017c0)="$eJzs3c1rHG8dAPDvbF42SauJIGh7CggaKN2YGlsFDxEPIlgo6Nk2bLahZpMt2U1pQqDpQfAiqHgQ9NKzL/UgePXlqv+EeJAW0TRYT7oys7t53d0kbXa3/fXzgck8M/PMPPPN88yzz+4MuwF8sKbTP7mIKxHxwyRisrk+iYiRLDUcsdDI93p3u5hOSdTr3/pnkuX57aWDYyXN+aXmwqcj4o/fi7iWO17qeHNeLq03U7O11Yez1c2t6w9WF5dLy6W1m3Pz8zduffHWzZN7val//2Xr8ssfff1zv14Yjk89/8GfkliIy81te7vbxbc8/AnTMd38n4yk/8IjvnbRhQ1YMugT4I2kl+ZQ4yqPKzEZQ1mqg7e9AAGAd8KTiKgDAB+Y5LTX/yFDBAD4aGl9DrC3u11sTYP9RKK//vHViBhrxN+6v9nYMty8ZzeW3Qed2EuO3BlJImLqAsqfjoif/+47v0yn6NF9SIB2dp425nu7+WP9f5L2f6OnHyHfccvnu+1Wb+w3fWy1/g/65/fp+OdLJ8d/V/cf6BnL/h4b/4zl21y7b+L06z/3osOuZ+ibTpeO/75y6Nm2g/Hf/kNrU0PNpY9lY76R5P6Dcint2z4eETMxkk+X57Ks7Z+Cmnn131edyj88/vvXj7/7i7T8dH6QI/diOB/1xnN5/8vG60uLtcWLiD2L/2nE1eF28Sf749/kSP0v7Ed6p+NRj1bNN778/Z91ypnGn8bbmk7G31v1ZxGfbVv/B3WZdH0+cTZrDrOtRtHGb/7204lO5R/Ufz6bp+W33gv0Q1r/E93jn0pT1c2tlcVyubRePX8Zf342+YdO2w63//bxZ+3/iLT9jybfztKtlvZ4sVZbn4sYTb55cv2Ng31by638afwzn2l//bdv/42+IH1PeG9/qbvhl6O/ah6qbfyZnU7x91Ya/9K56r9Lot7c59im569XhjqVf7b6n89SM801Z+n/TjnTt2jNAAAAAAAAAAAAAAAAAAAAAAAAAHB+uYi4HEmusJ/O5QqFxm94fzImcuVKtXbtfmVjbSmy38qeipFc66suJw99H+pc8/vwW8s3ji1/ISI+ERE/yY9ny4Vipbw06OABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOnS0d//f5LOCoXGtr/nB312AEDPjA36BACAvvP6DwAfnvO9/o/37DwAgP459/v/etKbEwEA+ubMr//3enseAED/uP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAj925fTud6v/Z3S6my0uPNjdWKo+uL5WqK4XVjWKhWFl/WFiuVJbLpUKxstrxQDuNWblSeTgfaxuPZ2ulam22url1d7WysVa7+2B1cbl0tzTSt8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oyqm1sri+VyaV2iS2K8NN45TxIRAz/D0xJpXV/kAYff0ZB3/jqSteuumWPqvWn8o13yJBdZ1vjxNYd7ifFBdE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA74X/BwAA///YTBJy")
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x800000, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@noquota}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=")
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x220000, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@nombcache}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x12}}]}, 0x64, 0x50a, &(0x7f0000000940)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000c80), 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fcdbdf2501000000000000000b000000000600147379"], 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800)

0s ago: executing program 2 (id=437):
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan1\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x0, 0x0})
write(0xffffffffffffffff, &(0x7f0000000400)="254e8c4050269714b9acf37194c2963fde237785e527d4f993d226cc9cc8a6088b7ef1ea403a02d05fa8743cc2c7fcf15b5a9ae94cd332f7d6cbdf1ed7224328acaa4146aeb16389ba60f7b5b8c2d41f1103d1f5bc0d68a1c7ea8dd6d6fbe651239ed905fee577f8c75b3239eae61ea8f4f19a065d35fb2b4dd54cacae2d98970fc453b9dc4a54bbb6701bec22bd7df08136c777eee2cef89e75542160ef4e1ddb61adeb2e85daffc4d6c27aa25ee7b72770481231d8f9722aee28808f8fbf27b60387aa88fad0e96beae451b51ae84f2781470dc1ed41553186b291d2fec61248e2c1506328059a83ea82052f", 0xed)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf6ebfb138881d28d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1}, 0x18)
r2 = socket(0x2, 0x2, 0x1)
creat(&(0x7f0000000080)='./file0\x00', 0x30)
syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r2, 0x8983, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0x5832})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.173' (ED25519) to the list of known hosts.
[   86.509118][ T5812] cgroup: Unknown subsys name 'net'
[   86.627293][ T5812] cgroup: Unknown subsys name 'cpuset'
[   86.636628][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   88.426175][ T5812] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.708828][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.713744][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   92.720763][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   92.724604][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   92.738415][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   92.745366][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   92.746091][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.753736][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   92.761591][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   92.768194][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   92.774324][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.781843][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   92.788491][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   92.795930][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   92.802437][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   92.811205][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   92.824666][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   92.824928][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   92.831996][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.843392][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   92.846947][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   92.860186][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.864150][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   92.898813][ T5145] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   92.906624][ T5145] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   93.665046][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   93.680532][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   93.733885][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   93.826285][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   93.939911][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   94.063524][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.070887][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.078801][ T5829] bridge_slave_0: entered allmulticast mode
[   94.086757][ T5829] bridge_slave_0: entered promiscuous mode
[   94.126607][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.133837][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.141010][ T5830] bridge_slave_0: entered allmulticast mode
[   94.148866][ T5830] bridge_slave_0: entered promiscuous mode
[   94.157401][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.164937][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.172295][ T5829] bridge_slave_1: entered allmulticast mode
[   94.180187][ T5829] bridge_slave_1: entered promiscuous mode
[   94.193845][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.201044][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.208624][ T5831] bridge_slave_0: entered allmulticast mode
[   94.216737][ T5831] bridge_slave_0: entered promiscuous mode
[   94.230667][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.238684][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.246291][ T5830] bridge_slave_1: entered allmulticast mode
[   94.253947][ T5830] bridge_slave_1: entered promiscuous mode
[   94.299631][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.307427][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.315030][ T5831] bridge_slave_1: entered allmulticast mode
[   94.322340][ T5831] bridge_slave_1: entered promiscuous mode
[   94.395156][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.407399][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.417290][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.425746][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.433128][ T5835] bridge_slave_0: entered allmulticast mode
[   94.440554][ T5835] bridge_slave_0: entered promiscuous mode
[   94.476000][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.487905][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.511045][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.518646][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.526056][ T5835] bridge_slave_1: entered allmulticast mode
[   94.533744][ T5835] bridge_slave_1: entered promiscuous mode
[   94.544580][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.610688][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.620504][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.627840][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.635116][ T5828] bridge_slave_0: entered allmulticast mode
[   94.642433][ T5828] bridge_slave_0: entered promiscuous mode
[   94.664621][ T5829] team0: Port device team_slave_0 added
[   94.696217][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.704246][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.711430][ T5828] bridge_slave_1: entered allmulticast mode
[   94.720729][ T5828] bridge_slave_1: entered promiscuous mode
[   94.729892][ T5830] team0: Port device team_slave_0 added
[   94.738323][ T5829] team0: Port device team_slave_1 added
[   94.747378][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.783938][ T5830] team0: Port device team_slave_1 added
[   94.805231][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.817586][ T5831] team0: Port device team_slave_0 added
[   94.877085][ T5831] team0: Port device team_slave_1 added
[   94.891310][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.900998][   T52] Bluetooth: hci3: command tx timeout
[   94.907080][ T5145] Bluetooth: hci0: command tx timeout
[   94.919776][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.927414][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.953667][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.965397][ T5145] Bluetooth: hci2: command tx timeout
[   94.965441][   T52] Bluetooth: hci1: command tx timeout
[   94.975444][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.982915][   T52] Bluetooth: hci4: command tx timeout
[   94.983630][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.015507][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.054107][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.064238][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.071198][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.097730][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.118147][ T5835] team0: Port device team_slave_0 added
[   95.150981][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.158042][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.184304][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.198736][ T5835] team0: Port device team_slave_1 added
[   95.205133][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.212105][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.238602][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.284852][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.291841][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.318076][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.332833][ T5828] team0: Port device team_slave_0 added
[   95.373239][ T5828] team0: Port device team_slave_1 added
[   95.392437][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.399778][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.426447][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.439583][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.446758][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.472749][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.515357][ T5829] hsr_slave_0: entered promiscuous mode
[   95.521985][ T5829] hsr_slave_1: entered promiscuous mode
[   95.583569][ T5830] hsr_slave_0: entered promiscuous mode
[   95.590182][ T5830] hsr_slave_1: entered promiscuous mode
[   95.596840][ T5830] debugfs: 'hsr0' already exists in 'hsr'
[   95.602805][ T5830] Cannot create hsr debugfs directory
[   95.620482][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.627592][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.653598][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.685615][ T5831] hsr_slave_0: entered promiscuous mode
[   95.692177][ T5831] hsr_slave_1: entered promiscuous mode
[   95.698807][ T5831] debugfs: 'hsr0' already exists in 'hsr'
[   95.704851][ T5831] Cannot create hsr debugfs directory
[   95.724436][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.731421][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.757519][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.849010][ T5835] hsr_slave_0: entered promiscuous mode
[   95.856027][ T5835] hsr_slave_1: entered promiscuous mode
[   95.862242][ T5835] debugfs: 'hsr0' already exists in 'hsr'
[   95.868623][ T5835] Cannot create hsr debugfs directory
[   96.023359][ T5828] hsr_slave_0: entered promiscuous mode
[   96.030124][ T5828] hsr_slave_1: entered promiscuous mode
[   96.037505][ T5828] debugfs: 'hsr0' already exists in 'hsr'
[   96.043582][ T5828] Cannot create hsr debugfs directory
[   96.555686][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.576009][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.587325][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.616663][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.719364][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.734238][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.765323][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.779570][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   96.888662][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   96.902412][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   96.916293][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   96.937234][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   96.969820][ T5145] Bluetooth: hci3: command tx timeout
[   96.976216][   T52] Bluetooth: hci0: command tx timeout
[   97.043644][ T5145] Bluetooth: hci2: command tx timeout
[   97.049118][ T5145] Bluetooth: hci4: command tx timeout
[   97.055388][   T52] Bluetooth: hci1: command tx timeout
[   97.095911][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   97.120252][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   97.131217][ T3096] cfg80211: failed to load regulatory.db
[   97.166261][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   97.186636][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   97.306361][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.317944][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.332186][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.355101][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.362093][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.473313][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   97.499490][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.511932][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.522579][  T146] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.529966][  T146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.565088][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.572308][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.628570][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   97.646482][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   97.671411][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.678613][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.705539][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.712799][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.722082][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.729304][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.769862][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.777051][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.820335][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.840137][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.927572][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   97.959784][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   97.998453][  T146] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.005724][  T146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.016731][  T146] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.024076][  T146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.065982][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.073251][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.117954][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.125287][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.324275][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.578200][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.636872][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.684288][ T5829] veth0_vlan: entered promiscuous mode
[   98.749190][ T5829] veth1_vlan: entered promiscuous mode
[   98.862592][ T5835] veth0_vlan: entered promiscuous mode
[   98.921776][ T5835] veth1_vlan: entered promiscuous mode
[   98.951057][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.963676][ T5829] veth0_macvtap: entered promiscuous mode
[   98.991627][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.016237][ T5829] veth1_macvtap: entered promiscuous mode
[   99.051170][   T52] Bluetooth: hci3: command tx timeout
[   99.058150][ T5145] Bluetooth: hci0: command tx timeout
[   99.108219][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.124871][   T52] Bluetooth: hci4: command tx timeout
[   99.125978][ T5848] Bluetooth: hci1: command tx timeout
[   99.130382][ T5145] Bluetooth: hci2: command tx timeout
[   99.165444][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.190183][ T5831] veth0_vlan: entered promiscuous mode
[   99.202056][ T5835] veth0_macvtap: entered promiscuous mode
[   99.217345][ T3470] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.226876][ T3470] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.244296][ T3470] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.254223][ T3470] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.269389][ T5835] veth1_macvtap: entered promiscuous mode
[   99.277342][ T5831] veth1_vlan: entered promiscuous mode
[   99.359317][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.381239][ T5828] veth0_vlan: entered promiscuous mode
[   99.404735][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.447079][ T5830] veth0_vlan: entered promiscuous mode
[   99.462024][ T1131] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.480728][ T1131] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.491003][ T1131] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.508588][ T5828] veth1_vlan: entered promiscuous mode
[   99.517776][ T1131] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.533362][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.544813][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.573789][ T5830] veth1_vlan: entered promiscuous mode
[   99.606072][ T5831] veth0_macvtap: entered promiscuous mode
[   99.628556][ T5831] veth1_macvtap: entered promiscuous mode
[   99.648473][ T4513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.656480][ T4513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.765297][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   99.770769][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.800949][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.809421][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.838097][ T5830] veth0_macvtap: entered promiscuous mode
[   99.865507][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.895993][ T5828] veth0_macvtap: entered promiscuous mode
[   99.930940][  T155] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.940337][  T155] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.955442][ T5828] veth1_macvtap: entered promiscuous mode
[   99.963199][ T5945] netlink: 'syz.0.1': attribute type 3 has an invalid length.
[   99.971516][ T5945] netlink: 'syz.0.1': attribute type 3 has an invalid length.
[   99.989623][ T5830] veth1_macvtap: entered promiscuous mode
[   99.996758][  T155] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.009393][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.018879][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.033519][  T155] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.165340][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.226769][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.270057][ T4513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.285232][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.308382][ T4513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.332071][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.349942][ T5951] loop0: detected capacity change from 0 to 512
[  100.448465][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.459542][ T1131] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.486778][ T5958] Zero length message leads to an empty skb
[  100.497137][ T5951] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.509827][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.520957][ T1131] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.537673][ T1131] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.548197][ T5951] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.559120][ T1131] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.595105][ T1131] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.635919][ T5951] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  100.640977][ T1131] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.688647][ T5951] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  100.699066][ T5951] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.7: Failed to acquire dquot type 0
[  100.833614][ T1131] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.851634][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.900210][ T1131] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.140722][ T5145] Bluetooth: hci0: command tx timeout
[  101.146364][ T5145] Bluetooth: hci3: command tx timeout
[  101.191331][ T5962] loop2: detected capacity change from 0 to 512
[  101.197875][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.205316][ T5848] Bluetooth: hci1: command tx timeout
[  101.206640][   T52] Bluetooth: hci4: command tx timeout
[  101.217933][ T5145] Bluetooth: hci2: command tx timeout
[  101.244316][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.388981][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.422700][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.456287][ T5962] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.495564][ T5962] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.514366][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.524418][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.629091][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.662334][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.674265][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.268860][ T5973] loop1: detected capacity change from 0 to 128
[  102.417731][ T5973] tipc: Started in network mode
[  102.445567][ T5980] loop4: detected capacity change from 0 to 2048
[  102.485569][ T5973] tipc: Node identity 4, cluster identity 4711
[  102.501998][ T5980] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  102.524111][ T5973] tipc: Node number set to 4
[  102.638479][   T30] audit: type=1326 audit(1764344790.853:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  102.703776][ T5980] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  102.734528][   T30] audit: type=1326 audit(1764344790.873:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  102.805678][ T5980] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  102.876280][   T30] audit: type=1326 audit(1764344790.873:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  102.885279][ T5986] EXT4-fs: Ignoring removed orlov option
[  102.901810][ T5985] loop9: detected capacity change from 0 to 7
[  102.944794][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  102.981130][ T5980] EXT4-fs (loop4): This should not happen!! Data will be lost
[  102.981130][ T5980] 
[  103.005889][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.010020][   T30] audit: type=1326 audit(1764344790.873:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  103.043896][ T5986] EXT4-fs (loop4): stripe (18) is not aligned with cluster size (16), stripe is disabled
[  103.074595][ T5980] EXT4-fs (loop4): Total free blocks count 0
[  103.091741][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.137244][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.138214][ T5980] EXT4-fs (loop4): Free/Dirty block details
[  103.152091][   T30] audit: type=1326 audit(1764344790.873:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f72d038f783 code=0x7ffc0000
[  103.195393][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.232980][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.241022][   T30] audit: type=1326 audit(1764344790.883:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f72d038e1ff code=0x7ffc0000
[  103.281961][ T5980] EXT4-fs (loop4): free_blocks=2415919104
[  103.288499][ T5980] EXT4-fs (loop4): dirty_blocks=32
[  103.294368][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.312545][ T5980] EXT4-fs (loop4): Block reservation details
[  103.342898][ T5985] ldm_validate_partition_table(): Disk read failed.
[  103.349712][ T5980] EXT4-fs (loop4): i_reserved_data_blocks=2
[  103.356683][   T30] audit: type=1326 audit(1764344790.883:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f72d038f7d7 code=0x7ffc0000
[  103.413785][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.418755][   T30] audit: type=1326 audit(1764344790.883:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5979 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f72d038df90 code=0x7ffc0000
[  103.472245][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  103.635390][ T5985] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.221752][ T5985] Dev loop9: unable to read RDB block 0
[  104.228160][ T5985]  loop9: unable to read partition table
[  104.234716][ T5985] loop9: partition table beyond EOD, truncated
[  104.275920][ T5985] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  104.275920][ T5985] 
) failed (rc=-5)
[  104.671625][ T6006] loop3: detected capacity change from 0 to 2048
[  104.791072][ T6006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  105.192717][ T6020] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  105.194692][ T6020] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 414 with max blocks 210 with error 28
[  105.194740][ T6020] EXT4-fs (loop3): This should not happen!! Data will be lost
[  105.194740][ T6020] 
[  105.194759][ T6020] EXT4-fs (loop3): Total free blocks count 0
[  105.194886][ T6020] EXT4-fs (loop3): Free/Dirty block details
[  105.194908][ T6020] EXT4-fs (loop3): free_blocks=2415919104
[  105.194953][ T6020] EXT4-fs (loop3): dirty_blocks=640
[  105.194969][ T6020] EXT4-fs (loop3): Block reservation details
[  105.194984][ T6020] EXT4-fs (loop3): i_reserved_data_blocks=40
[  105.326408][ T6029] 9p: Bad value for 'rfdno'
[  105.337459][ T1138] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  105.735724][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  105.735743][   T30] audit: type=1326 audit(1764344793.953:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6043 comm="syz.3.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  105.742769][   T30] audit: type=1326 audit(1764344793.953:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6043 comm="syz.3.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  105.754667][   T30] audit: type=1326 audit(1764344793.953:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6043 comm="syz.3.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  105.936673][ T6048] 9p: Bad value for 'source'
[  106.804526][ T6067] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  107.133323][ T6066] syz.1.34 (6066) used greatest stack depth: 15936 bytes left
[  107.876379][ T6092] loop2: detected capacity change from 0 to 256
[  108.283381][ T6106] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  108.338218][ T6106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.52'.
[  108.774158][ T6126] loop1: detected capacity change from 0 to 128
[  108.781425][ T6126] =======================================================
[  108.781425][ T6126] WARNING: The mand mount option has been deprecated and
[  108.781425][ T6126]          and is ignored by this kernel. Remove the mand
[  108.781425][ T6126]          option from the mount to silence this warning.
[  108.781425][ T6126] =======================================================
[  108.945685][ T6119] loop2: detected capacity change from 0 to 4096
[  108.992539][ T6119] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  109.022156][   T30] audit: type=1326 audit(1764344797.233:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  109.115449][ T6119] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.190443][   T30] audit: type=1326 audit(1764344797.233:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  109.299021][   T30] audit: type=1326 audit(1764344797.363:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f485858f783 code=0x7ffc0000
[  109.354538][   T30] audit: type=1326 audit(1764344797.363:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f485858f783 code=0x7ffc0000
[  109.416439][ T6126] netlink: 'syz.1.56': attribute type 6 has an invalid length.
[  109.422739][   T30] audit: type=1326 audit(1764344797.363:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  109.525392][   T30] audit: type=1326 audit(1764344797.363:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  109.603252][   T30] audit: type=1326 audit(1764344797.453:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6120 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  109.859575][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.910273][ T6154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.65'.
[  110.743209][ T6184] netlink: 16 bytes leftover after parsing attributes in process `syz.3.74'.
[  111.112067][ T6197] loop1: detected capacity change from 0 to 764
[  111.191766][ T6197] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  111.259193][ T6197] Symlink component flag not implemented
[  111.309361][ T6197] Symlink component flag not implemented (7)
[  111.467613][ T6204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.80'.
[  111.715475][ T6208] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  111.742740][ T6192] mmap: syz.3.74 (6192) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  111.825499][ T6210] xt_TPROXY: Can be used only with -p tcp or -p udp
[  112.550634][ T6229] netlink: 20 bytes leftover after parsing attributes in process `syz.3.90'.
[  113.397602][ T6262] netlink: 'syz.0.102': attribute type 30 has an invalid length.
[  113.413074][ T6262] netlink: 16 bytes leftover after parsing attributes in process `syz.0.102'.
[  113.510359][ T6267] netlink: 20 bytes leftover after parsing attributes in process `syz.4.103'.
[  113.606448][ T6262] bond1: option arp_missed_max: invalid value (0)
[  113.645104][ T6262] bond1: option arp_missed_max: allowed values 1 - 255
[  113.756557][ T6271] loop4: detected capacity change from 0 to 128
[  113.795956][ T6271] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  113.814814][ T6271] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  113.937975][ T6262] bond1 (unregistering): Released all slaves
[  114.767500][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.4.112'.
[  115.239106][ T6301] netlink: 12 bytes leftover after parsing attributes in process `syz.0.115'.
[  115.348124][ T6304] loop7: detected capacity change from 0 to 7
[  115.375890][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.385187][    C0] buffer_io_error: 9 callbacks suppressed
[  115.385207][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.411930][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.421150][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.430432][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.439758][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.451429][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.460681][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.472675][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.481862][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.491271][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.500514][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.509259][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.518507][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.530186][ T6304] ldm_validate_partition_table(): Disk read failed.
[  115.563886][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.573163][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.603056][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.612349][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.620541][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  115.629804][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  115.645731][ T6304] Dev loop7: unable to read RDB block 0
[  115.804583][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  115.804603][   T30] audit: type=1326 audit(1764344803.993:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0410d8f749 code=0x7ffc0000
[  115.835551][ T6315] loop0: detected capacity change from 0 to 1024
[  115.857261][ T6315] EXT4-fs: Ignoring removed orlov option
[  115.890167][   T30] audit: type=1326 audit(1764344803.993:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0410d8f749 code=0x7ffc0000
[  115.925587][   T30] audit: type=1326 audit(1764344803.993:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0410d8f783 code=0x7ffc0000
[  115.948109][ T6304]  loop7: unable to read partition table
[  115.954190][ T6304] loop7: partition table beyond EOD, truncated
[  115.974088][ T6304] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  116.947587][   T30] audit: type=1326 audit(1764344804.003:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0410d8e1ff code=0x7ffc0000
[  117.006897][   T30] audit: type=1326 audit(1764344804.013:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0410d8f7d7 code=0x7ffc0000
[  117.029122][   T30] audit: type=1326 audit(1764344804.013:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0410d8df90 code=0x7ffc0000
[  117.056688][   T30] audit: type=1326 audit(1764344804.013:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0410d8f34b code=0x7ffc0000
[  117.079429][   T30] audit: type=1326 audit(1764344804.063:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0410d8e3aa code=0x7ffc0000
[  117.110448][   T30] audit: type=1326 audit(1764344804.063:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0410d8e3aa code=0x7ffc0000
[  117.110565][ T6315] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.146087][   T30] audit: type=1326 audit(1764344804.063:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.0.120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0410d8de97 code=0x7ffc0000
[  117.439892][ T6325] bond1: entered promiscuous mode
[  117.476745][ T6325] bond1: entered allmulticast mode
[  117.498873][ T6325] 8021q: adding VLAN 0 to HW filter on device bond1
[  117.671005][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.913671][ T6325] bond1 (unregistering): Released all slaves
[  118.743230][ T6344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.130'.
[  119.886928][ T6365] loop2: detected capacity change from 0 to 1024
[  119.925200][ T6365] EXT4-fs: Ignoring removed orlov option
[  119.942236][ T6365] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  120.055962][ T6365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.106337][ T6365] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  120.191952][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.794004][ T6388] loop3: detected capacity change from 0 to 1024
[  120.811536][ T6388] EXT4-fs: Ignoring removed bh option
[  120.839343][ T6388] EXT4-fs: inline encryption not supported
[  120.897389][ T6388] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  120.946222][ T6388] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  121.009219][ T6388] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 2: comm syz.3.146: lblock 2 mapped to illegal pblock 2 (length 1)
[  121.089316][ T6388] __quota_error: 65 callbacks suppressed
[  121.089339][ T6388] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  121.179337][ T6388] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 48: comm syz.3.146: lblock 0 mapped to illegal pblock 48 (length 1)
[  121.242547][ T6388] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  121.255405][ T6388] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.146: Failed to acquire dquot type 0
[  121.444893][ T6399] loop2: detected capacity change from 0 to 1024
[  121.461356][ T6399] EXT4-fs: Ignoring removed bh option
[  121.466952][ T6399] EXT4-fs: Ignoring removed nomblk_io_submit option
[  121.474454][ T6399] ext4: Unknown parameter 'smackfsroot'
[  121.680339][ T6399] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  121.799479][ T6388] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  121.899164][ T6388] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.146: mark_inode_dirty error
[  121.993804][ T6388] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  122.008144][ T6388] EXT4-fs (loop3): 1 orphan inode deleted
[  122.050632][  T155] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  122.053967][ T6388] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.133241][  T155] Quota error (device loop3): remove_tree: Can't read quota data block 1
[  122.141775][  T155] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:6: Failed to release dquot type 0
[  122.285994][ T6388] tipc: Invalid UDP bearer configuration
[  122.286057][ T6388] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  122.481453][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.525307][ T5835] EXT4-fs error (device loop3): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  122.564800][ T5835] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  122.612181][ T5835] EXT4-fs error (device loop3): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  123.400012][ T6423] loop3: detected capacity change from 0 to 512
[  123.445845][ T6423] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  123.549215][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.155'.
[  124.480294][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.1.160'.
[  124.532137][   T30] audit: type=1800 audit(1764344812.743:146): pid=6423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.157" name="file1" dev="loop3" ino=1048607 res=0 errno=0
[  124.606357][ T6423] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  124.669520][ T6423] FAT-fs (loop3): Filesystem has been set read-only
[  124.741532][ T6423] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[  124.764289][ T6423] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[  125.262195][ T6444] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.510910][ T6444] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.773438][ T6469] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  125.827720][ T6444] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.982990][ T6474] usb usb1: usbfs: process 6474 (syz.1.173) did not claim interface 63 before use
[  126.039370][ T6444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.412727][ T5977] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.497732][ T3470] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.610682][  T155] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.879134][ T3470] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.195918][ T6492] loop1: detected capacity change from 0 to 1024
[  127.208457][ T6492] EXT4-fs: Ignoring removed bh option
[  127.214183][ T6492] EXT4-fs: Ignoring removed nomblk_io_submit option
[  127.221504][ T6492] ext4: Unknown parameter 'smackfsroot'
[  127.292150][ T6492] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  127.810265][   T30] audit: type=1326 audit(1764344816.023:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.2.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  127.882876][   T30] audit: type=1326 audit(1764344816.073:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.2.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  127.954509][   T30] audit: type=1326 audit(1764344816.073:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.024897][   T30] audit: type=1326 audit(1764344816.073:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.136803][   T30] audit: type=1326 audit(1764344816.073:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.204325][   T30] audit: type=1326 audit(1764344816.073:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.296316][   T30] audit: type=1326 audit(1764344816.073:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.377051][   T30] audit: type=1326 audit(1764344816.093:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.586854][ T6508] syzkaller0: entered promiscuous mode
[  128.592453][ T6508] syzkaller0: entered allmulticast mode
[  128.621316][   T30] audit: type=1326 audit(1764344816.093:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.734347][   T30] audit: type=1326 audit(1764344816.093:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  128.866666][ T6521] loop1: detected capacity change from 0 to 1024
[  128.882340][ T6521] EXT4-fs: Ignoring removed orlov option
[  128.940965][ T6521] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.165219][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.365526][ T6530] loop1: detected capacity change from 0 to 128
[  129.918773][  T155] kworker/u8:6: attempt to access beyond end of device
[  129.918773][  T155] loop1: rw=1, sector=145, nr_sectors = 8 limit=128
[  129.933164][  T155] kworker/u8:6: attempt to access beyond end of device
[  129.933164][  T155] loop1: rw=1, sector=161, nr_sectors = 8 limit=128
[  129.946921][  T155] kworker/u8:6: attempt to access beyond end of device
[  129.946921][  T155] loop1: rw=1, sector=177, nr_sectors = 8 limit=128
[  129.966425][  T155] kworker/u8:6: attempt to access beyond end of device
[  129.966425][  T155] loop1: rw=1, sector=193, nr_sectors = 8 limit=128
[  129.988004][  T155] kworker/u8:6: attempt to access beyond end of device
[  129.988004][  T155] loop1: rw=1, sector=209, nr_sectors = 8 limit=128
[  130.013689][  T155] kworker/u8:6: attempt to access beyond end of device
[  130.013689][  T155] loop1: rw=1, sector=225, nr_sectors = 8 limit=128
[  130.028088][  T155] kworker/u8:6: attempt to access beyond end of device
[  130.028088][  T155] loop1: rw=1, sector=241, nr_sectors = 8 limit=128
[  130.042366][  T155] kworker/u8:6: attempt to access beyond end of device
[  130.042366][  T155] loop1: rw=1, sector=257, nr_sectors = 8 limit=128
[  130.058205][  T155] kworker/u8:6: attempt to access beyond end of device
[  130.058205][  T155] loop1: rw=1, sector=273, nr_sectors = 8 limit=128
[  130.075206][  T155] kworker/u8:6: attempt to access beyond end of device
[  130.075206][  T155] loop1: rw=1, sector=289, nr_sectors = 8 limit=128
[  130.907371][ T6550] Cannot find add_set index 0 as target
[  131.688472][ T6554] loop1: detected capacity change from 0 to 512
[  131.801790][ T6522] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  133.011340][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  133.011361][   T30] audit: type=1326 audit(1764344821.223:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  133.177185][   T30] audit: type=1326 audit(1764344821.223:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  133.264282][   T30] audit: type=1326 audit(1764344821.223:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  133.316540][ T6593] ip6t_srh: unknown srh match flags  4000
[  133.363050][   T30] audit: type=1326 audit(1764344821.223:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6588 comm="syz.1.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  133.415725][ T6584] syzkaller0: entered promiscuous mode
[  133.442353][ T6584] syzkaller0: entered allmulticast mode
[  133.564795][ T6593] loop1: detected capacity change from 0 to 8192
[  133.607523][ T6593]  loop1: p1 p2 p3 p4
[  133.607523][ T6593]  p1: <minix: p5 >
[  133.631586][ T6593] loop1: p1 size 196608 extends beyond EOD, truncated
[  133.667980][ T6593] loop1: p2 start 164919041 is beyond EOD, truncated
[  133.713805][ T6593] loop1: p3 size 66846464 extends beyond EOD, truncated
[  133.757409][ T6593] loop1: p4 size 37048832 extends beyond EOD, truncated
[  133.781950][ T6593] loop1: p5 size 196608 extends beyond EOD, truncated
[  133.817106][   T30] audit: type=1326 audit(1764344822.033:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  133.912788][   T30] audit: type=1326 audit(1764344822.063:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  133.976294][   T30] audit: type=1326 audit(1764344822.063:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  134.061429][   T30] audit: type=1326 audit(1764344822.063:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  134.109270][   T30] audit: type=1326 audit(1764344822.063:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  134.137696][   T30] audit: type=1326 audit(1764344822.073:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6602 comm="syz.2.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe34f98f749 code=0x7ffc0000
[  134.175269][ T6615] loop0: detected capacity change from 0 to 512
[  134.183379][ T6613] loop1: detected capacity change from 0 to 512
[  134.210452][ T6615] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  134.231617][ T6615] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  134.289571][ T6613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.306251][ T5883] udevd[5883]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  134.317959][ T5989] udevd[5989]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  134.342045][ T6613] ext4 filesystem being mounted at /42/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  134.342669][ T5882] udevd[5882]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  134.398600][ T6619] udevd[6619]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory
[  134.649411][ T6615] EXT4-fs (loop0): 1 truncate cleaned up
[  134.693986][ T6624] loop2: detected capacity change from 0 to 2048
[  134.699123][ T6615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.521612][ T6624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.676069][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.089438][ T6610] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  137.270074][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.533272][ T6641] loop4: detected capacity change from 0 to 512
[  137.586311][ T6641] EXT4-fs (loop4): orphan cleanup on readonly fs
[  137.633255][ T6641] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.233: bad orphan inode 13
[  137.682270][ T6641] ext4_test_bit(bit=12, block=18) = 1
[  137.712961][ T6641] is_bad_inode(inode)=0
[  137.717235][ T6641] NEXT_ORPHAN(inode)=2130706432
[  137.739844][ T6641] max_ino=32
[  137.752728][ T6641] i_nlink=1
[  137.758235][ T6641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.813328][ T6641] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  137.884114][ T6641] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  137.912434][ T6653] netlink: 16 bytes leftover after parsing attributes in process `syz.3.236'.
[  137.950189][ T6641] EXT4-fs error (device loop4): ext4_lookup:1785: inode #15: comm syz.4.233: iget: bad i_size value: 360287970189639690
[  138.077093][   T30] kauditd_printk_skb: 79 callbacks suppressed
[  138.077112][   T30] audit: type=1326 audit(1764344826.293:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  138.078298][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.127804][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  138.135565][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  138.172919][   T30] audit: type=1326 audit(1764344826.293:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.4.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  138.237199][ T6650] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  138.270372][ T6660] smc: net device bond0 applied user defined pnetid SYZ0
[  138.278165][ T6660] smc: net device bond0 erased user defined pnetid SYZ0
[  138.377921][ T5830] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.441420][ T6692] netlink: 'syz.3.249': attribute type 1 has an invalid length.
[  140.894871][ T6702] netlink: 52 bytes leftover after parsing attributes in process `syz.4.252'.
[  141.236430][   T30] audit: type=1326 audit(1764344829.433:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.283527][   T30] audit: type=1326 audit(1764344829.433:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.306996][   T30] audit: type=1326 audit(1764344829.433:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.312316][ T6711] loop1: detected capacity change from 0 to 128
[  141.428362][   T30] audit: type=1326 audit(1764344829.433:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.441091][ T6711] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  141.464431][ T6713] loop4: detected capacity change from 0 to 2048
[  141.528615][ T6711] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  141.577144][   T30] audit: type=1326 audit(1764344829.433:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.649605][ T6713] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  141.749922][   T30] audit: type=1326 audit(1764344829.433:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.798434][ T6713] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  141.822116][   T30] audit: type=1326 audit(1764344829.443:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  141.870003][ T6732] EXT4-fs: Ignoring removed orlov option
[  141.916114][ T6713] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  141.926300][ T6732] EXT4-fs (loop4): stripe (18) is not aligned with cluster size (16), stripe is disabled
[  141.975689][   T30] audit: type=1326 audit(1764344829.443:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6706 comm="syz.3.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  142.050856][ T6713] EXT4-fs (loop4): This should not happen!! Data will be lost
[  142.050856][ T6713] 
[  142.076740][ T6713] EXT4-fs (loop4): Total free blocks count 0
[  142.112709][ T6713] EXT4-fs (loop4): Free/Dirty block details
[  142.128139][ T6713] EXT4-fs (loop4): free_blocks=2415919104
[  142.172760][ T6713] EXT4-fs (loop4): dirty_blocks=32
[  142.188187][ T6713] EXT4-fs (loop4): Block reservation details
[  142.233934][ T6713] EXT4-fs (loop4): i_reserved_data_blocks=2
[  142.367148][ T6744] loop2: detected capacity change from 0 to 1024
[  142.575548][ T6744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  142.619347][ T6744] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.633703][ T6734] infiniband syz!: set active
[  142.651907][ T6734] infiniband syz!: added team_slave_0
[  142.694466][ T6744] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 3: comm syz.2.265: lblock 3 mapped to illegal pblock 3 (length 3)
[  142.742807][ T6744] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  142.821967][ T6744] EXT4-fs (loop2): This should not happen!! Data will be lost
[  142.821967][ T6744] 
[  142.938683][ T6754] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 7: comm syz.2.265: lblock 7 mapped to illegal pblock 7 (length 9)
[  143.081109][ T6754] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 9 with error 117
[  143.256450][ T6754] EXT4-fs (loop2): This should not happen!! Data will be lost
[  143.256450][ T6754] 
[  143.297932][ T6734] RDS/IB: syz!: added
[  143.337332][ T6734] smc: adding ib device syz! with port count 1
[  143.360556][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  143.383887][ T6734] smc:    ib device syz! port 1 has no pnetid
[  143.668021][ T6760] loop2: detected capacity change from 0 to 128
[  143.690905][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  143.690924][   T30] audit: type=1326 audit(1764344831.903:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  143.761814][ T6768] bio_check_eod: 102 callbacks suppressed
[  143.761834][ T6768] syz.2.270: attempt to access beyond end of device
[  143.761834][ T6768] loop2: rw=2049, sector=145, nr_sectors = 16 limit=128
[  143.783102][   T30] audit: type=1326 audit(1764344831.943:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  143.783156][   T30] audit: type=1326 audit(1764344831.943:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  143.935689][ T6768] syz.2.270: attempt to access beyond end of device
[  143.935689][ T6768] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128
[  143.967942][ T6768] syz.2.270: attempt to access beyond end of device
[  143.967942][ T6768] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128
[  144.042986][ T6768] syz.2.270: attempt to access beyond end of device
[  144.042986][ T6768] loop2: rw=2049, sector=201, nr_sectors = 8 limit=128
[  144.217968][ T6768] syz.2.270: attempt to access beyond end of device
[  144.217968][ T6768] loop2: rw=2049, sector=217, nr_sectors = 8 limit=128
[  144.318090][ T6768] syz.2.270: attempt to access beyond end of device
[  144.318090][ T6768] loop2: rw=2049, sector=233, nr_sectors = 8 limit=128
[  144.642976][ T6768] syz.2.270: attempt to access beyond end of device
[  144.642976][ T6768] loop2: rw=2049, sector=249, nr_sectors = 8 limit=128
[  145.006064][ T6768] syz.2.270: attempt to access beyond end of device
[  145.006064][ T6768] loop2: rw=2049, sector=265, nr_sectors = 8 limit=128
[  145.059056][ T6768] syz.2.270: attempt to access beyond end of device
[  145.059056][ T6768] loop2: rw=2049, sector=281, nr_sectors = 8 limit=128
[  145.080839][ T6768] syz.2.270: attempt to access beyond end of device
[  145.080839][ T6768] loop2: rw=2049, sector=297, nr_sectors = 8 limit=128
[  145.595463][ T6798] loop1: detected capacity change from 0 to 4096
[  145.675878][ T6798] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.724993][   T30] audit: type=1800 audit(1764344833.943:286): pid=6798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.279" name="file1" dev="loop1" ino=15 res=0 errno=0
[  145.911511][   T30] audit: type=1326 audit(1764344834.043:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.045138][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.074927][   T30] audit: type=1326 audit(1764344834.043:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.094677][ T6808] v: renamed from ip6_vti0 (while UP)
[  146.161917][   T30] audit: type=1326 audit(1764344834.043:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.184881][   T30] audit: type=1326 audit(1764344834.043:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.207795][   T30] audit: type=1326 audit(1764344834.043:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.239204][   T30] audit: type=1326 audit(1764344834.043:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f485858f749 code=0x7ffc0000
[  146.815702][ T6820] netlink: 'syz.4.287': attribute type 1 has an invalid length.
[  146.840020][ T6820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.287'.
[  147.479281][ T6838] loop1: detected capacity change from 0 to 2048
[  147.628387][ T6838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  147.897434][ T6849] loop3: detected capacity change from 0 to 1024
[  147.911135][ T6849] EXT4-fs: Ignoring removed bh option
[  147.916746][ T6849] EXT4-fs: Ignoring removed nomblk_io_submit option
[  147.924213][ T6849] ext4: Unknown parameter 'smackfsroot'
[  147.992426][ T6849] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  148.262978][ T6838] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  148.395468][ T6838] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  148.533203][ T6850] EXT4-fs: Ignoring removed orlov option
[  148.539040][ T6850] EXT4-fs (loop1): stripe (18) is not aligned with cluster size (16), stripe is disabled
[  148.587265][ T6838] EXT4-fs (loop1): This should not happen!! Data will be lost
[  148.587265][ T6838] 
[  148.636673][ T6838] EXT4-fs (loop1): Total free blocks count 0
[  148.673766][ T6838] EXT4-fs (loop1): Free/Dirty block details
[  148.679748][ T6838] EXT4-fs (loop1): free_blocks=2415919104
[  148.756312][ T6838] EXT4-fs (loop1): dirty_blocks=32
[  148.761508][ T6838] EXT4-fs (loop1): Block reservation details
[  148.841512][ T6838] EXT4-fs (loop1): i_reserved_data_blocks=2
[  149.268571][ T6875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.305'.
[  149.594405][   T30] kauditd_printk_skb: 94 callbacks suppressed
[  149.594424][   T30] audit: type=1326 audit(1764344837.813:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  149.731911][   T30] audit: type=1326 audit(1764344837.853:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  149.856583][   T30] audit: type=1326 audit(1764344837.853:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  149.941410][   T30] audit: type=1326 audit(1764344837.853:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  149.991650][ T6894] loop0: detected capacity change from 0 to 2048
[  150.044104][   T30] audit: type=1326 audit(1764344837.853:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  150.102861][   T30] audit: type=1326 audit(1764344837.853:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  150.132952][   T30] audit: type=1326 audit(1764344837.873:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  150.155375][   T30] audit: type=1326 audit(1764344837.903:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6890 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f05805c2005 code=0x7ffc0000
[  150.177820][   T30] audit: type=1326 audit(1764344837.903:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=143 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  150.234175][ T6904] netlink: 8 bytes leftover after parsing attributes in process `wޣ�'.
[  150.246349][ T6894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  150.261156][   T30] audit: type=1326 audit(1764344837.903:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6882 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058058f749 code=0x7ffc0000
[  150.360570][ T6906] Cannot find add_set index 0 as target
[  150.426874][ T6894] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  150.483819][ T6894] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  150.517366][ T6911] EXT4-fs: Ignoring removed orlov option
[  150.541969][ T6894] EXT4-fs (loop0): This should not happen!! Data will be lost
[  150.541969][ T6894] 
[  150.588166][ T6911] EXT4-fs (loop0): stripe (18) is not aligned with cluster size (16), stripe is disabled
[  150.617392][ T6894] EXT4-fs (loop0): Total free blocks count 0
[  150.630883][ T6894] EXT4-fs (loop0): Free/Dirty block details
[  150.648768][ T6894] EXT4-fs (loop0): free_blocks=2415919104
[  150.656280][ T6894] EXT4-fs (loop0): dirty_blocks=32
[  150.661699][ T6894] EXT4-fs (loop0): Block reservation details
[  150.670031][ T6894] EXT4-fs (loop0): i_reserved_data_blocks=2
[  150.983641][ T6924] syzkaller1: entered promiscuous mode
[  151.037891][ T6924] syzkaller1: entered allmulticast mode
[  151.075934][ T6932] 9p: Bad value for 'source'
[  151.202358][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.331'.
[  151.341703][ T6935] team1: entered promiscuous mode
[  151.416903][ T6935] team1: entered allmulticast mode
[  151.819615][ T6950] loop2: detected capacity change from 0 to 1024
[  151.827156][ T6950] EXT4-fs: Ignoring removed bh option
[  151.832675][ T6950] EXT4-fs: Ignoring removed nomblk_io_submit option
[  151.839426][ T6950] ext4: Unknown parameter 'smackfsroot'
[  151.853948][ T6950] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  153.656540][ T6952] loop1: detected capacity change from 0 to 512
[  153.755274][ T6952] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  153.766006][ T6952] EXT4-fs (loop1): orphan cleanup on readonly fs
[  153.780900][ T6952] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm +}[@: corrupted inode contents
[  153.814705][ T6952] EXT4-fs (loop1): Remounting filesystem read-only
[  153.821883][ T6952] EXT4-fs (loop1): 1 truncate cleaned up
[  153.883216][ T6377] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  153.896187][ T6960] Cannot find add_set index 0 as target
[  153.898513][ T6377] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  153.915553][ T6377] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  153.977706][ T6952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  153.994036][ T6952] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.025902][ T6964] loop3: detected capacity change from 0 to 764
[  154.110967][ T6964] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  154.179190][ T6964] Symlink component flag not implemented
[  154.185063][ T6964] Symlink component flag not implemented (7)
[  154.303400][ T6969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.311018][ T6969] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.346495][ T6969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.388756][ T6969] batman_adv: batadv0: Removing interface: batadv_slave_1
[  154.584183][ T6976] loop0: detected capacity change from 0 to 1024
[  154.655532][ T6976] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  154.711314][ T6976] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.839218][ T6976] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #15: block 3: comm syz.0.345: lblock 3 mapped to illegal pblock 3 (length 3)
[  154.881308][ T6976] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  154.897737][ T6976] EXT4-fs (loop0): This should not happen!! Data will be lost
[  154.897737][ T6976] 
[  154.977337][ T3470] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:9: lblock 8 mapped to illegal pblock 8 (length 8)
[  155.000938][ T3470] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  155.017248][ T3470] EXT4-fs (loop0): This should not happen!! Data will be lost
[  155.017248][ T3470] 
[  155.033283][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  155.330938][ T7001] syz.2.350 uses obsolete (PF_INET,SOCK_PACKET)
[  155.870490][ T7015] Cannot find add_set index 0 as target
[  156.235531][ T7028] loop3: detected capacity change from 0 to 1024
[  156.356723][ T7028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  156.400214][ T7028] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.627211][ T7028] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 3: comm syz.3.359: lblock 3 mapped to illegal pblock 3 (length 3)
[  156.744486][ T7044] loop1: detected capacity change from 0 to 128
[  156.962435][ T7044] bio_check_eod: 89 callbacks suppressed
[  156.962481][ T7044] syz.1.361: attempt to access beyond end of device
[  156.962481][ T7044] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128
[  157.288441][ T7028] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  157.343209][ T7028] EXT4-fs (loop3): This should not happen!! Data will be lost
[  157.343209][ T7028] 
[  157.418395][ T7050] netlink: 36 bytes leftover after parsing attributes in process `syz.0.365'.
[  157.639024][ T1138] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:8: lblock 8 mapped to illegal pblock 8 (length 8)
[  157.708462][ T1138] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  157.742792][ T1138] EXT4-fs (loop3): This should not happen!! Data will be lost
[  157.742792][ T1138] 
[  157.792497][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  158.270211][ T7077] netlink: 'syz.3.377': attribute type 13 has an invalid length.
[  158.284915][ T7078] loop4: detected capacity change from 0 to 512
[  158.316378][ T7077] netlink: 'syz.3.377': attribute type 17 has an invalid length.
[  158.331875][ T7078] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  158.391616][ T7078] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  158.403743][ T7078] EXT4-fs (loop4): orphan cleanup on readonly fs
[  158.413281][ T7079] Cannot find add_set index 0 as target
[  158.447180][ T7078] EXT4-fs (loop4): 1 truncate cleaned up
[  158.467339][ T7078] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  158.512581][ T7077] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  158.667157][ T5830] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.669683][ T7088] netlink: 108 bytes leftover after parsing attributes in process `syz.2.380'.
[  159.071691][ T7102] loop2: detected capacity change from 0 to 512
[  159.173268][ T7104] loop1: detected capacity change from 0 to 1024
[  159.208037][ T7104] EXT4-fs: Ignoring removed orlov option
[  159.237826][ T7106] loop0: detected capacity change from 0 to 512
[  159.246862][ T7102] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.310055][ T7106] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.389: corrupted in-inode xattr: invalid ea_ino
[  159.350480][ T7104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.403844][ T7102] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.434090][ T7106] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.389: couldn't read orphan inode 15 (err -117)
[  159.490105][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  159.490124][   T30] audit: type=1800 audit(1764344847.703:440): pid=7104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.388" name="bus" dev="loop1" ino=18 res=0 errno=0
[  159.518487][ T7106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.584843][   T30] audit: type=1804 audit(1764344847.803:441): pid=7114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.388" name="/newroot/71/bus/bus" dev="loop1" ino=18 res=1 errno=0
[  159.913443][ T5829] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.062539][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.0.393'.
[  160.116865][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.528026][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.381828][ T7158] netlink: 12 bytes leftover after parsing attributes in process `syz.3.408'.
[  161.440723][ T7160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.409'.
[  161.454596][ T7160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.409'.
[  161.785395][ T7165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.407'.
[  162.816166][ T7176] macvtap1: entered promiscuous mode
[  162.842746][ T7176] macvtap1: entered allmulticast mode
[  163.190355][ T7188] can0: slcan on ttyS3.
[  163.430085][ T7197] netlink: 16 bytes leftover after parsing attributes in process `syz.3.423'.
[  163.559682][ T7200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.422'.
[  164.124211][ T7200] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  164.133678][ T7200] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  164.143437][ T7200] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  164.277329][ T7188] can0 (unregistered): slcan off ttyS3.
[  164.748363][ T7216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.431'.
[  165.044479][ T7226] netlink: 16 bytes leftover after parsing attributes in process `syz.4.434'.
[  165.133145][ T7230] loop2: detected capacity change from 0 to 1024
[  165.140577][ T7230] EXT4-fs: Ignoring removed orlov option
[  165.231284][ T7230] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.349635][   T30] audit: type=1326 audit(1764344853.563:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.405824][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.443873][   T30] audit: type=1326 audit(1764344853.593:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.502735][   T30] audit: type=1326 audit(1764344853.593:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.517837][ T7237] loop4: detected capacity change from 0 to 2048
[  165.572752][   T30] audit: type=1326 audit(1764344853.593:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.642740][   T30] audit: type=1326 audit(1764344853.593:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.684920][   T30] audit: type=1326 audit(1764344853.593:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7236 comm="syz.4.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f72d038f749 code=0x7ffc0000
[  165.705944][ T7237] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  165.732057][ T7216] ==================================================================
[  165.740178][ T7216] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40
[  165.747683][ T7216] Read of size 1 at addr ffff8881416ea1d8 by task syz.1.431/7216
[  165.755414][ T7216] 
[  165.757769][ T7216] CPU: 1 UID: 0 PID: 7216 Comm: syz.1.431 Not tainted syzkaller #0 PREEMPT(full) 
[  165.757791][ T7216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  165.757809][ T7216] Call Trace:
[  165.757819][ T7216]  <TASK>
[  165.757828][ T7216]  dump_stack_lvl+0x189/0x250
[  165.757853][ T7216]  ? __virt_addr_valid+0x1c8/0x5c0
[  165.757878][ T7216]  ? rcu_is_watching+0x15/0xb0
[  165.757899][ T7216]  ? __kasan_check_byte+0x12/0x40
[  165.757921][ T7216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.757940][ T7216]  ? rcu_is_watching+0x15/0xb0
[  165.757962][ T7216]  ? lock_release+0x4b/0x3b0
[  165.757982][ T7216]  ? __virt_addr_valid+0x1c8/0x5c0
[  165.758006][ T7216]  ? __virt_addr_valid+0x4a5/0x5c0
[  165.758031][ T7216]  print_report+0xca/0x240
[  165.758049][ T7216]  ? _raw_spin_lock+0x2e/0x40
[  165.758065][ T7216]  kasan_report+0x118/0x150
[  165.758087][ T7216]  ? _raw_spin_lock+0x2e/0x40
[  165.758106][ T7216]  ? mqueue_flush_file+0x49/0x270
[  165.758128][ T7216]  __kasan_check_byte+0x2a/0x40
[  165.758148][ T7216]  lock_acquire+0x84/0x340
[  165.758170][ T7216]  ? __pfx_mqueue_flush_file+0x10/0x10
[  165.758191][ T7216]  _raw_spin_lock+0x2e/0x40
[  165.758207][ T7216]  ? mqueue_flush_file+0x49/0x270
[  165.758234][ T7216]  mqueue_flush_file+0x49/0x270
[  165.758254][ T7216]  ? filp_flush+0xae/0x190
[  165.758279][ T7216]  ? __pfx_mqueue_flush_file+0x10/0x10
[  165.758300][ T7216]  filp_flush+0xbd/0x190
[  165.758325][ T7216]  filp_close+0x1d/0x40
[  165.758349][ T7216]  put_files_struct+0x1ba/0x350
[  165.758374][ T7216]  do_exit+0x67f/0x2310
[  165.758400][ T7216]  ? do_raw_spin_lock+0x121/0x290
[  165.758426][ T7216]  ? __pfx_do_exit+0x10/0x10
[  165.758455][ T7216]  do_group_exit+0x21c/0x2d0
[  165.758479][ T7216]  ? lockdep_hardirqs_on+0x98/0x140
[  165.758501][ T7216]  get_signal+0x1285/0x1340
[  165.758526][ T7216]  arch_do_signal_or_restart+0x9a/0x7a0
[  165.758554][ T7216]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  165.758578][ T7216]  ? __x64_sys_sendmsg+0x230/0x260
[  165.758608][ T7216]  ? exit_to_user_mode_loop+0x55/0x4f0
[  165.758628][ T7216]  exit_to_user_mode_loop+0x87/0x4f0
[  165.758645][ T7216]  ? rcu_is_watching+0x15/0xb0
[  165.758668][ T7216]  do_syscall_64+0x2e3/0xf80
[  165.758689][ T7216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.758706][ T7216]  ? clear_bhb_loop+0x60/0xb0
[  165.758725][ T7216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.758743][ T7216] RIP: 0033:0x7f485858f749
[  165.758763][ T7216] Code: Unable to access opcode bytes at 0x7f485858f71f.
[  165.758772][ T7216] RSP: 002b:00007f4859473038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  165.758790][ T7216] RAX: 0000000000000024 RBX: 00007f48587e5fa0 RCX: 00007f485858f749
[  165.758803][ T7216] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000006
[  165.758814][ T7216] RBP: 00007f4858613f91 R08: 0000000000000000 R09: 0000000000000000
[  165.758825][ T7216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  165.758835][ T7216] R13: 00007f48587e6038 R14: 00007f48587e5fa0 R15: 00007ffeb0213a48
[  165.758855][ T7216]  </TASK>
[  165.758861][ T7216] 
[  166.050891][ T7216] Allocated by task 7216:
[  166.055227][ T7216]  kasan_save_track+0x3e/0x80
[  166.059921][ T7216]  __kasan_slab_alloc+0x6c/0x80
[  166.064774][ T7216]  kmem_cache_alloc_lru_noprof+0x36c/0x6e0
[  166.070594][ T7216]  mqueue_alloc_inode+0x28/0x40
[  166.075454][ T7216]  alloc_inode+0x6a/0x1b0
[  166.079795][ T7216]  new_inode+0x22/0x170
[  166.083956][ T7216]  mqueue_get_inode+0x27/0xb50
[  166.088730][ T7216]  mqueue_create_attr+0x1ac/0x2e0
[  166.093763][ T7216]  vfs_mkobj+0xcf/0x290
[  166.097933][ T7216]  do_mq_open+0x60d/0x7c0
[  166.102272][ T7216]  __x64_sys_mq_open+0x16a/0x1c0
[  166.107222][ T7216]  do_syscall_64+0xfa/0xf80
[  166.111744][ T7216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.117642][ T7216] 
[  166.119976][ T7216] Freed by task 30:
[  166.123784][ T7216]  kasan_save_track+0x3e/0x80
[  166.128474][ T7216]  kasan_save_free_info+0x46/0x50
[  166.133510][ T7216]  __kasan_slab_free+0x5c/0x80
[  166.138283][ T7216]  kmem_cache_free+0x197/0x620
[  166.143049][ T7216]  rcu_core+0xd70/0x1870
[  166.147315][ T7216]  handle_softirqs+0x27d/0x850
[  166.152100][ T7216]  __irq_exit_rcu+0xca/0x1f0
[  166.156699][ T7216]  irq_exit_rcu+0x9/0x30
[  166.160953][ T7216]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  166.166597][ T7216]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  166.172583][ T7216] 
[  166.174937][ T7216] Last potentially related work creation:
[  166.180651][ T7216]  kasan_save_stack+0x3e/0x60
[  166.185340][ T7216]  kasan_record_aux_stack+0xbd/0xd0
[  166.190556][ T7216]  call_rcu+0x157/0x9c0
[  166.194725][ T7216]  evict+0x931/0xae0
[  166.198628][ T7216]  __dentry_kill+0x209/0x660
[  166.203239][ T7216]  finish_dput+0xc9/0x480
[  166.207601][ T7216]  __fput+0x68e/0xa70
[  166.211597][ T7216]  task_work_run+0x1d4/0x260
[  166.216201][ T7216]  exit_to_user_mode_loop+0xff/0x4f0
[  166.221494][ T7216]  do_syscall_64+0x2e3/0xf80
[  166.226095][ T7216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.232042][ T7216] 
[  166.234377][ T7216] The buggy address belongs to the object at ffff8881416ea1c0
[  166.234377][ T7216]  which belongs to the cache mqueue_inode_cache of size 1576
[  166.249130][ T7216] The buggy address is located 24 bytes inside of
[  166.249130][ T7216]  freed 1576-byte region [ffff8881416ea1c0, ffff8881416ea7e8)
[  166.262934][ T7216] 
[  166.265265][ T7216] The buggy address belongs to the physical page:
[  166.271869][ T7216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1416e8
[  166.280728][ T7216] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  166.289241][ T7216] memcg:ffff88814d9e0301
[  166.293488][ T7216] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  166.301136][ T7216] page_type: f5(slab)
[  166.305133][ T7216] raw: 057ff00000000040 ffff888145ea4500 dead000000000122 0000000000000000
[  166.313728][ T7216] raw: 0000000000000000 0000000080120012 00000000f5000000 ffff88814d9e0301
[  166.322318][ T7216] head: 057ff00000000040 ffff888145ea4500 dead000000000122 0000000000000000
[  166.331003][ T7216] head: 0000000000000000 0000000080120012 00000000f5000000 ffff88814d9e0301
[  166.339694][ T7216] head: 057ff00000000003 ffffea000505ba01 00000000ffffffff 00000000ffffffff
[  166.348371][ T7216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  166.357040][ T7216] page dumped because: kasan: bad access detected
[  166.363482][ T7216] page_owner tracks the page as allocated
[  166.369195][ T7216] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8579008219, free_ts 0
[  166.388910][ T7216]  post_alloc_hook+0x234/0x290
[  166.393688][ T7216]  get_page_from_freelist+0x2365/0x2440
[  166.399243][ T7216]  __alloc_frozen_pages_noprof+0x181/0x370
[  166.405066][ T7216]  alloc_pages_mpol+0x232/0x4a0
[  166.409927][ T7216]  allocate_slab+0x86/0x3b0
[  166.414439][ T7216]  ___slab_alloc+0xf2b/0x1960
[  166.419125][ T7216]  __slab_alloc+0x65/0x100
[  166.423548][ T7216]  kmem_cache_alloc_lru_noprof+0x3fe/0x6e0
[  166.429371][ T7216]  mqueue_alloc_inode+0x28/0x40
[  166.434230][ T7216]  alloc_inode+0x6a/0x1b0
[  166.438567][ T7216]  new_inode+0x22/0x170
[  166.442729][ T7216]  mqueue_fill_super+0xdc/0x380
[  166.447587][ T7216]  get_tree_nodev+0xbb/0x150
[  166.452178][ T7216]  vfs_get_tree+0x92/0x2a0
[  166.456597][ T7216]  fc_mount_longterm+0x1c/0x100
[  166.461454][ T7216]  mq_init_ns+0x275/0x360
[  166.465792][ T7216] page_owner free stack trace missing
[  166.471160][ T7216] 
[  166.473492][ T7216] Memory state around the buggy address:
[  166.479125][ T7216]  ffff8881416ea080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.487188][ T7216]  ffff8881416ea100: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  166.495249][ T7216] >ffff8881416ea180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  166.503394][ T7216]                                                     ^
[  166.510329][ T7216]  ffff8881416ea200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.518398][ T7216]  ffff8881416ea280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  166.526463][ T7216] ==================================================================
[  166.536382][ T7216] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  166.543634][ T7216] CPU: 1 UID: 0 PID: 7216 Comm: syz.1.431 Not tainted syzkaller #0 PREEMPT(full) 
[  166.552921][ T7216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  166.562989][ T7216] Call Trace:
[  166.566276][ T7216]  <TASK>
[  166.569213][ T7216]  dump_stack_lvl+0x99/0x250
[  166.573820][ T7216]  ? __asan_memcpy+0x40/0x70
[  166.578449][ T7216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.583916][ T7216]  ? __pfx__printk+0x10/0x10
[  166.588525][ T7216]  vpanic+0x237/0x6d0
[  166.592519][ T7216]  ? __pfx_vpanic+0x10/0x10
[  166.597032][ T7216]  ? irqentry_exit+0x5dd/0x660
[  166.601811][ T7216]  ? trace_irq_disable+0x37/0x100
[  166.606850][ T7216]  panic+0xb9/0xc0
[  166.610588][ T7216]  ? __pfx_panic+0x10/0x10
[  166.615029][ T7216]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  166.620934][ T7216]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  166.627268][ T7216]  ? _raw_spin_lock+0x2e/0x40
[  166.631947][ T7216]  check_panic_on_warn+0x89/0xb0
[  166.636902][ T7216]  ? _raw_spin_lock+0x2e/0x40
[  166.641582][ T7216]  end_report+0x6f/0x140
[  166.645837][ T7216]  kasan_report+0x129/0x150
[  166.650354][ T7216]  ? _raw_spin_lock+0x2e/0x40
[  166.655041][ T7216]  ? mqueue_flush_file+0x49/0x270
[  166.660079][ T7216]  __kasan_check_byte+0x2a/0x40
[  166.664943][ T7216]  lock_acquire+0x84/0x340
[  166.669396][ T7216]  ? __pfx_mqueue_flush_file+0x10/0x10
[  166.674870][ T7216]  _raw_spin_lock+0x2e/0x40
[  166.679379][ T7216]  ? mqueue_flush_file+0x49/0x270
[  166.684413][ T7216]  mqueue_flush_file+0x49/0x270
[  166.689275][ T7216]  ? filp_flush+0xae/0x190
[  166.693704][ T7216]  ? __pfx_mqueue_flush_file+0x10/0x10
[  166.699170][ T7216]  filp_flush+0xbd/0x190
[  166.703428][ T7216]  filp_close+0x1d/0x40
[  166.707598][ T7216]  put_files_struct+0x1ba/0x350
[  166.712465][ T7216]  do_exit+0x67f/0x2310
[  166.716642][ T7216]  ? do_raw_spin_lock+0x121/0x290
[  166.721684][ T7216]  ? __pfx_do_exit+0x10/0x10
[  166.726304][ T7216]  do_group_exit+0x21c/0x2d0
[  166.730911][ T7216]  ? lockdep_hardirqs_on+0x98/0x140
[  166.736121][ T7216]  get_signal+0x1285/0x1340
[  166.740644][ T7216]  arch_do_signal_or_restart+0x9a/0x7a0
[  166.746211][ T7216]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  166.752381][ T7216]  ? __x64_sys_sendmsg+0x230/0x260
[  166.757514][ T7216]  ? exit_to_user_mode_loop+0x55/0x4f0
[  166.762984][ T7216]  exit_to_user_mode_loop+0x87/0x4f0
[  166.768277][ T7216]  ? rcu_is_watching+0x15/0xb0
[  166.773057][ T7216]  do_syscall_64+0x2e3/0xf80
[  166.777659][ T7216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.783731][ T7216]  ? clear_bhb_loop+0x60/0xb0
[  166.788421][ T7216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.794325][ T7216] RIP: 0033:0x7f485858f749
[  166.798746][ T7216] Code: Unable to access opcode bytes at 0x7f485858f71f.
[  166.805771][ T7216] RSP: 002b:00007f4859473038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.814204][ T7216] RAX: 0000000000000024 RBX: 00007f48587e5fa0 RCX: 00007f485858f749
[  166.822185][ T7216] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 0000000000000006
[  166.830187][ T7216] RBP: 00007f4858613f91 R08: 0000000000000000 R09: 0000000000000000
[  166.838172][ T7216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  166.846151][ T7216] R13: 00007f48587e6038 R14: 00007f48587e5fa0 R15: 00007ffeb0213a48
[  166.854145][ T7216]  </TASK>
[  166.857324][ T7216] Kernel Offset: disabled
[  166.861647][ T7216] Rebooting in 86400 seconds..