last executing test programs:

5.992743331s ago: executing program 4 (id=445):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5309, 0x0)

5.925943827s ago: executing program 4 (id=447):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
ptrace$ARCH_SHSTK_LOCK(0x1e, r0, 0x2, 0x5003)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
syz_clone(0x40042700, 0x0, 0x0, 0x0, 0x0, 0x0)

1.997518437s ago: executing program 0 (id=469):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB="483433dca25e10be06c92a74fa00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="180200000000000000000000faffffff85000000070000009504000000000000008588bdd6ab1846cfec1cfd015a345d17d49e3bd7733d72e269c23509823c160b294c5e197e1721567381579fce6c5272b4e697247e2169ad37aba7c5c0a1d89e92d29a7ded59ca16ba1ee772c872310fd70fef77c4a2fc84744d49629bb1b4da438919414ec3e0189f066f27eada7946824553ede60599d34c7e6c48836583ffcd8b"], 0x0, 0x2}, 0x94)
close(0x3)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip6gre0\x00', <r3=>0x0, 0x2f, 0x5, 0x6, 0x6, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, @dev={0xfe, 0x80, '\x00', 0xf}, 0x7800, 0x10, 0xff}})
recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/51, 0x33, 0x21, &(0x7f0000000300)={0x11, 0xf5, r3, 0x1, 0xfd, 0x6, @remote}, 0x14)
r4 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendfile(r1, r4, &(0x7f0000000780)=0x4, 0xffffffffffffff3a)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[], 0x48)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f00000011c0)=@urb_type_iso={0x0, {0x5, 0x1}, 0x7, 0xc4, &(0x7f0000000500)="feb4495903135505fa78191af88304530e4bdacf9e369077dea5f5ee4419f6b7009f1e0d0798fa20cd2205a19bb6f5f429ac7e8fdf6ec0cd44e96aa0f6e665ad06c7608eaa1c20c3bdd45b67ab03c641f67a5e3cedeca2828c8774cc208297c09cba3da69e1caebef3779a15e68c946107c5153ab31259ba7dee23f55396a86eab21ccce2dcdcb61ffb2bbc1812d970db001c1599b3866bb07d446a9ffcb9bf9d88fcc0d90226e17d9026196e424eea0904628ee05c9f769be8ee176308d8fccf5ba07f0", 0xc4, 0x8, 0x80000001, 0x72, 0x4, 0x1ff, &(0x7f0000000600), [{0x8001, 0x8, 0x5}, {0x2, 0x9, 0x6}, {0x84f, 0x6, 0x8}, {0x3, 0xc, 0x7fff}, {0x5, 0x568, 0x1ff}, {0x7, 0x400, 0x9}, {0x7, 0x1}, {0xe347, 0x2c10, 0x1}, {0x8001, 0xffff0000, 0x3ff}, {0xe03, 0xffff, 0x8}, {0x5, 0x3, 0x6}, {0xc8e, 0xd63e, 0x1}, {0x8001, 0x506, 0x2}, {0x5, 0x9, 0x6}, {0x3f, 0xbc69, 0x710cb254}, {0x2, 0x401, 0xd366}, {0x9, 0x10001, 0xf}, {0x1ff, 0x2, 0x4}, {0x253, 0x1, 0x1ff}, {0x8, 0x9, 0x200}, {0x2c, 0x9, 0xe04}, {0x4, 0x27ac1d27, 0x3}, {0x4, 0x1, 0x469d17c3}, {0x9f8a, 0x4, 0x6}, {0x0, 0xffff8001, 0x7}, {0x0, 0x8, 0x6}, {0x0, 0x5de2, 0x8}, {0x80000000, 0x737, 0x6}, {0x1, 0x8, 0x9}, {0x6, 0x36, 0x7ff}, {0x1, 0x80000001, 0x1c0000}, {0x4, 0x5, 0x5}, {0x80000001, 0x3, 0x3}, {0x2, 0x0, 0x3}, {0x7fffffff, 0x0, 0xfc}, {0x480, 0x1000, 0x3}, {0x7f, 0x8000, 0x6}, {0x7, 0xe3, 0x3}, {0x9, 0x1, 0x9}, {0x0, 0x0, 0xa842}, {0x6, 0x9, 0x5}, {0x4b5, 0x1, 0x40}, {0x101, 0x2, 0x7}, {0x7, 0xfffffffb, 0x3}, {0x80000001, 0x8, 0xf7b7}, {0x4, 0x9, 0xc}, {0x4, 0x7fff, 0x1}, {0x80, 0x4, 0x1}, {0x8, 0xd016, 0xbe0c}, {0x7, 0x5, 0xffff}, {0x8, 0x0, 0x3}, {0x7, 0x7fff, 0xfffffff8}, {0x9, 0x800, 0xd}, {0x6, 0x4, 0x1}, {0x5, 0x401, 0x7ff}, {0x4, 0x3, 0x7}, {0x638, 0x5, 0x8}, {0x7fff, 0x1ff, 0x6}, {0x3, 0x1, 0x3}, {0xc9e4595, 0x8000, 0xec}, {0x6ae, 0x8, 0x1}, {0x5, 0x5, 0xffffffff}, {0xf, 0x5, 0x72f}, {0xbc, 0x2, 0x300}, {0x6, 0x9}, {0xff, 0x5, 0x2a50}, {0xb8d, 0x9, 0xfffffffe}, {0x9f70, 0xfffffff8, 0x1}, {0x5, 0x5, 0x100}, {0x2, 0x0, 0x6}, {0x654, 0x10, 0x7}, {0x8, 0x8000, 0x3}, {0x2, 0x9, 0xffffffff}, {0xdf, 0x1f800000, 0xf}, {0x7fffffff, 0x7, 0x4}, {0x2, 0x0, 0x7}, {0x8001, 0x7, 0x6}, {0x9, 0xcf, 0x2}, {0x1a, 0x9, 0x3}, {0xf, 0x6, 0x2}, {0x2, 0x3, 0x609}, {0x80, 0x2, 0x800}, {0x4, 0x2}, {0x2, 0x3, 0x4}, {0x8, 0x0, 0x8}, {0x5, 0xafe8, 0x1000}, {0x9e4c, 0x8, 0x8}, {0x0, 0x9, 0x7}, {0x2, 0x66, 0xfffffffc}, {0x1, 0xea18, 0x9}, {0xd71d, 0x3, 0x1}, {0xc510, 0xa28, 0x2}, {0x7f, 0x3}, {0x1000, 0x8, 0xb}, {0x9, 0x0, 0x2}, {0x100, 0x80000000, 0x6}, {0x2, 0x2, 0x81}, {0x9, 0x5, 0x1}, {0x2, 0x5, 0x4}, {0x7fffffff, 0xa2, 0x7}, {0x0, 0xb, 0x9}, {0x7, 0xe, 0x3}, {0x3, 0x8, 0x3ff}, {0x6, 0x80, 0x3}, {0x6, 0x10000, 0x6}, {0x7f, 0x4, 0x8}, {0x9, 0x8, 0x8000}, {0x1, 0x9, 0x3831}, {0x41d, 0x7fff, 0xb}, {0x2, 0x0, 0x4}, {0x4, 0xfffffffe, 0x2}, {0xf8e4, 0x0, 0x3}, {0x5, 0x2, 0x1}, {0x5, 0x400, 0x90}]})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9d", 0x1cb}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d729f3dd409d39ff6d5cca97", 0x47}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3a9a9263506e88c5557069d0ca055991454ec1307b7411892a1beaef9ae54833107eb88b0411b1bc0ba9bc28d0eb6a73ad76be9facd1d9d82b6a3cc2040e84b398d279e50535b6557df8a633cfc7615fca9879b11834eb07eeb4278cab057f89b7464048cf573c21df5435e3b81aaba048fa4264d4c15513c91e9230a8e4b7635b58dc631604c311225f21db11c7101278ef4c7", 0xe2}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r5 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r5, 0x409, 0xb)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, r2, {0x4}}, './file1\x00'})
sendmsg$nl_route(r7, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
sendto(r6, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8], &(0x7f0000000dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd)
close(r9)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd(rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r10, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.96591645s ago: executing program 3 (id=470):
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getpid()
perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x44, 0xe, 0x0, 0x0, 0x0, 0x808, 0x180, 0xee353cc557df3748, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f00000001c0), 0x3}, 0x2012, 0x6, 0x2, 0x2, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x100, 0x1a0)
r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
msgget$private(0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r4}, 0x10)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001600)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

1.582220317s ago: executing program 0 (id=474):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0x9}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x214)

1.577914468s ago: executing program 1 (id=475):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000440)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000371f68000000ffffffff00000000", @ANYRES32=r5, @ANYBLOB="0b12050000000000240012800b00010069703667726500001400028008000100", @ANYRES32=r5], 0x44}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
sendto$inet(r6, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
syz_emit_ethernet(0x42, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0x300}]}}}}}}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}})

1.510461294s ago: executing program 1 (id=476):
r0 = socket$kcm(0xa, 0x2, 0x11)
sendmsg$kcm(r0, &(0x7f0000003840)={&(0x7f00000000c0)=@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xe1e6}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0x10, 0x29, 0x39}], 0x10}, 0x0)
r1 = socket(0x2b, 0x80801, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r3=>0x0)
r4 = eventfd2(0x9, 0x0)
io_pgetevents(r3, 0x2, 0x2, &(0x7f0000000080)=[{}, {}], 0x0, 0x0)
io_submit(r3, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1, r4}])
io_destroy(r3)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0xab, @loopback, 0x1}, 0x1c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x1}, 0x38)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r7, 0x0, 0x2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e00000000000000008000000900000000080000", @ANYRES32=r6, @ANYBLOB="00000100603e9db9b4e500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000040000000500"/28], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x2}, 0x18)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(r8, &(0x7f00000003c0)=ANY=[@ANYBLOB="c00f86dd0000120000000000000060ec97000f982c00fb8000000000000000000000000000aaff02000000000000000000000000000189"], 0xfce)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.498062476s ago: executing program 0 (id=477):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="60000000010a01030000000000000000030000040900010073797a31000000000900010073797a31000000000900010073797a3100000000080002400000000108000240000000020c8c044000000010000000050c0004400000000000000005"], 0x60}, 0x1, 0x0, 0x0, 0x404880c}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc0000000000", @ANYRES32, @ANYRESDEC, @ANYRES32=0x0, @ANYRES32], 0x50)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef289a63"], 0xffdd)

1.463388209s ago: executing program 0 (id=478):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r0, 0x0, 0x1a, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c0000000000000c5", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f0000000000)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50)

1.405513814s ago: executing program 0 (id=479):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="60000000010a01030000000000000000030000040900010073797a31000000000900010073797a31000000000900010073797a3100000000080002400000000108000240000000020c8c044000000010000000050c0004400000000000000005"], 0x60}, 0x1, 0x0, 0x0, 0x404880c}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc0000", @ANYRES32, @ANYRESDEC, @ANYRES32=0x0, @ANYRES32], 0x50)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef289a63"], 0xffdd)

1.404886044s ago: executing program 0 (id=480):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a310000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, 0x0, 0x40)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)

1.340523471s ago: executing program 1 (id=481):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000001580), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r3, @ANYBLOB="11060000000000000000010000000800050001000000200108803c0000801400040002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003002aea0914280000"], 0x174}}, 0x0)

1.286193726s ago: executing program 1 (id=482):
r0 = socket$kcm(0xa, 0x2, 0x11)
sendmsg$kcm(r0, &(0x7f0000003840)={&(0x7f00000000c0)=@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xe1e6}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0x10, 0x29, 0x39}], 0x10}, 0x0)
r1 = socket(0x2b, 0x80801, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2007, &(0x7f0000000980)=<r3=>0x0)
r4 = eventfd2(0x9, 0x0)
io_pgetevents(r3, 0x2, 0x2, &(0x7f0000000080)=[{}, {}], 0x0, 0x0)
io_submit(r3, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1, r4}])
io_destroy(r3)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0xab, @loopback, 0x1}, 0x1c)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x1}, 0x38)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r7, 0x0, 0x2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1e00000000000000008000000900000000080000", @ANYRES32=r6, @ANYBLOB="00000100603e9db9b4e500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000040000000500"/28], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x2}, 0x18)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(r8, &(0x7f00000003c0)=ANY=[@ANYBLOB="c00f86dd0000120000000000000060ec97000f982c00fb8000000000000000000000000000aaff02000000000000000000000000000189"], 0xfce)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.256769809s ago: executing program 3 (id=483):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xfe, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x15, 0x6, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r5}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0xe8, 0x0, 0x1, 0x401, 0x0, 0x0, {0x5}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_TUPLE_REPLY={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_REPLY={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x10}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}]}, 0xe8}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0xfffffffffffffdca, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0x4}, {}, {0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x24060050}, 0x8000)

1.194564365s ago: executing program 3 (id=484):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="85000000040000007f0f000500", @ANYRESHEX], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r1 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES16], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000000)={0x2a, 0x2, 0x7ffe}, 0xc)
bind$qrtr(r3, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r4=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@ifindex, 0x33, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg(r1, &(0x7f00000008c0)={&(0x7f0000000680)=@can, 0x80, &(0x7f0000000600)=[{&(0x7f00000003c0)="62dc10f928112cbab7ba0680791ae5a3b196bb", 0x13}, {&(0x7f0000000f80)="22245fe079556ab2c796b3d37eab9bdd5abb80abe953561020cca4ceab8366ba2e7b308bcbe62d0491d85ee4aee58911a90baee974bf54d5d9b3c72d4f03256cdf4ea25951e41bd9e1a6a91828218c3a65338cc5c6f2d8139577cb4c0b3ed50211e4bae06b94355f6072763d1897257d4eca9ed8c442d69e5e6c73cbf924f530f1eb1a4f4d7166e5c88d454990b6eb53f8dd2695207f0111a6d55c14b7f78a94a2cc2f97242568223413b8e81832414c957795e85de91fed69a35db893175e614e8363064ed25d8bc46e871ec3b1c7b7d1add272200839586e48509b74eef619554d666f3a7c4dba78642e11501a3652eec861feb2bf6de36ee7", 0xfa}, {&(0x7f0000000580)="b364522a38e8994941", 0x9}], 0x3}, 0x4000081)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x65, 0x0, 0x0, 0x3, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xd, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setitimer(0x2, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000180)={[{@errors_remount}, {@journal_dev={'journal_dev', 0x3d, 0xf79}}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")

1.131401091s ago: executing program 1 (id=485):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB="483433dca25e10be06c92a74fa00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="180200000000000000000000faffffff85000000070000009504000000000000008588bdd6ab1846cfec1cfd015a345d17d49e3bd7733d72e269c23509823c160b294c5e197e1721567381579fce6c5272b4e697247e2169ad37aba7c5c0a1d89e92d29a7ded59ca16ba1ee772c872310fd70fef77c4a2fc84744d49629bb1b4da438919414ec3e0189f066f27eada7946824553ede60599d34c7e6c48836583ffcd8b"], 0x0, 0x2}, 0x94)
close(0x3)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip6gre0\x00', <r3=>0x0, 0x2f, 0x5, 0x6, 0x6, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, @dev={0xfe, 0x80, '\x00', 0xf}, 0x7800, 0x10, 0xff}})
recvfrom$packet(0xffffffffffffffff, &(0x7f0000000080)=""/51, 0x33, 0x21, &(0x7f0000000300)={0x11, 0xf5, r3, 0x1, 0xfd, 0x6, @remote}, 0x14)
r4 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendfile(r1, r4, &(0x7f0000000780)=0x4, 0xffffffffffffff3a)
bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[], 0x48)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f00000011c0)=@urb_type_iso={0x0, {0x5, 0x1}, 0x7, 0xc4, &(0x7f0000000500)="feb4495903135505fa78191af88304530e4bdacf9e369077dea5f5ee4419f6b7009f1e0d0798fa20cd2205a19bb6f5f429ac7e8fdf6ec0cd44e96aa0f6e665ad06c7608eaa1c20c3bdd45b67ab03c641f67a5e3cedeca2828c8774cc208297c09cba3da69e1caebef3779a15e68c946107c5153ab31259ba7dee23f55396a86eab21ccce2dcdcb61ffb2bbc1812d970db001c1599b3866bb07d446a9ffcb9bf9d88fcc0d90226e17d9026196e424eea0904628ee05c9f769be8ee176308d8fccf5ba07f0", 0xc4, 0x8, 0x80000001, 0x72, 0x4, 0x1ff, &(0x7f0000000600), [{0x8001, 0x8, 0x5}, {0x2, 0x9, 0x6}, {0x84f, 0x6, 0x8}, {0x3, 0xc, 0x7fff}, {0x5, 0x568, 0x1ff}, {0x7, 0x400, 0x9}, {0x7, 0x1}, {0xe347, 0x2c10, 0x1}, {0x8001, 0xffff0000, 0x3ff}, {0xe03, 0xffff, 0x8}, {0x5, 0x3, 0x6}, {0xc8e, 0xd63e, 0x1}, {0x8001, 0x506, 0x2}, {0x5, 0x9, 0x6}, {0x3f, 0xbc69, 0x710cb254}, {0x2, 0x401, 0xd366}, {0x9, 0x10001, 0xf}, {0x1ff, 0x2, 0x4}, {0x253, 0x1, 0x1ff}, {0x8, 0x9, 0x200}, {0x2c, 0x9, 0xe04}, {0x4, 0x27ac1d27, 0x3}, {0x4, 0x1, 0x469d17c3}, {0x9f8a, 0x4, 0x6}, {0x0, 0xffff8001, 0x7}, {0x0, 0x8, 0x6}, {0x0, 0x5de2, 0x8}, {0x80000000, 0x737, 0x6}, {0x1, 0x8, 0x9}, {0x6, 0x36, 0x7ff}, {0x1, 0x80000001, 0x1c0000}, {0x4, 0x5, 0x5}, {0x80000001, 0x3, 0x3}, {0x2, 0x0, 0x3}, {0x7fffffff, 0x0, 0xfc}, {0x480, 0x1000, 0x3}, {0x7f, 0x8000, 0x6}, {0x7, 0xe3, 0x3}, {0x9, 0x1, 0x9}, {0x0, 0x0, 0xa842}, {0x6, 0x9, 0x5}, {0x4b5, 0x1, 0x40}, {0x101, 0x2, 0x7}, {0x7, 0xfffffffb, 0x3}, {0x80000001, 0x8, 0xf7b7}, {0x4, 0x9, 0xc}, {0x4, 0x7fff, 0x1}, {0x80, 0x4, 0x1}, {0x8, 0xd016, 0xbe0c}, {0x7, 0x5, 0xffff}, {0x8, 0x0, 0x3}, {0x7, 0x7fff, 0xfffffff8}, {0x9, 0x800, 0xd}, {0x6, 0x4, 0x1}, {0x5, 0x401, 0x7ff}, {0x4, 0x3, 0x7}, {0x638, 0x5, 0x8}, {0x7fff, 0x1ff, 0x6}, {0x3, 0x1, 0x3}, {0xc9e4595, 0x8000, 0xec}, {0x6ae, 0x8, 0x1}, {0x5, 0x5, 0xffffffff}, {0xf, 0x5, 0x72f}, {0xbc, 0x2, 0x300}, {0x6, 0x9}, {0xff, 0x5, 0x2a50}, {0xb8d, 0x9, 0xfffffffe}, {0x9f70, 0xfffffff8, 0x1}, {0x5, 0x5, 0x100}, {0x2, 0x0, 0x6}, {0x654, 0x10, 0x7}, {0x8, 0x8000, 0x3}, {0x2, 0x9, 0xffffffff}, {0xdf, 0x1f800000, 0xf}, {0x7fffffff, 0x7, 0x4}, {0x2, 0x0, 0x7}, {0x8001, 0x7, 0x6}, {0x9, 0xcf, 0x2}, {0x1a, 0x9, 0x3}, {0xf, 0x6, 0x2}, {0x2, 0x3, 0x609}, {0x80, 0x2, 0x800}, {0x4, 0x2}, {0x2, 0x3, 0x4}, {0x8, 0x0, 0x8}, {0x5, 0xafe8, 0x1000}, {0x9e4c, 0x8, 0x8}, {0x0, 0x9, 0x7}, {0x2, 0x66, 0xfffffffc}, {0x1, 0xea18, 0x9}, {0xd71d, 0x3, 0x1}, {0xc510, 0xa28, 0x2}, {0x7f, 0x3}, {0x1000, 0x8, 0xb}, {0x9, 0x0, 0x2}, {0x100, 0x80000000, 0x6}, {0x2, 0x2, 0x81}, {0x9, 0x5, 0x1}, {0x2, 0x5, 0x4}, {0x7fffffff, 0xa2, 0x7}, {0x0, 0xb, 0x9}, {0x7, 0xe, 0x3}, {0x3, 0x8, 0x3ff}, {0x6, 0x80, 0x3}, {0x6, 0x10000, 0x6}, {0x7f, 0x4, 0x8}, {0x9, 0x8, 0x8000}, {0x1, 0x9, 0x3831}, {0x41d, 0x7fff, 0xb}, {0x2, 0x0, 0x4}, {0x4, 0xfffffffe, 0x2}, {0xf8e4, 0x0, 0x3}, {0x5, 0x2, 0x1}, {0x5, 0x400, 0x90}]})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9d", 0x1cb}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d729f3dd409d39ff6d5cca97", 0x47}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3a9a9263506e88c5557069d0ca055991454ec1307b7411892a1beaef9ae54833107eb88b0411b1bc0ba9bc28d0eb6a73ad76be9facd1d9d82b6a3cc2040e84b398d279e50535b6557df8a633cfc7615fca9879b11834eb07eeb4278cab057f89b7464048cf573c21df5435e3b81aaba048fa4264d4c15513c91e9230a8e4b7635b58dc631604c311225f21db11c7101278ef4c7", 0xe2}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r5 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r5, 0x409, 0xb)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, r2, {0x4}}, './file1\x00'})
sendmsg$nl_route(r7, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
sendto(r6, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8], &(0x7f0000000dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd)
close(r9)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="10000000040000000400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd(rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r10, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.022848332s ago: executing program 4 (id=486):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getpid()
perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x44, 0xe, 0x0, 0x0, 0x0, 0x808, 0x180, 0xee353cc557df3748, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f00000001c0), 0x3}, 0x2012, 0x6, 0x2, 0x2, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x100, 0x1a0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
r5 = msgget$private(0x0, 0x0)
msgsnd(r5, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
msgrcv(r5, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
msgctl$IPC_SET(r5, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xb, 0x6f76, 0x7, 0x0, 0x1, 0x8, 0x7f, 0x3})
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001600)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r8, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x7)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

930.835201ms ago: executing program 3 (id=487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

907.995523ms ago: executing program 3 (id=488):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0xa10005, &(0x7f0000000040), 0x1, 0x797, &(0x7f0000001240)="$eJzs3c1rXFUbAPDnTpPmo33f5IUXpG4MCBopnZgaWwUXFRciWCjo2naYTEPNJFMyk9KEgC0iuBFUXAi66dqPunPrx1Z3/gkupKVqGoy4kMidzCSTzEw7SfNhye8HJ3POvTdzznM/zj0z9zI3gANrKP2TiTgWEe8nEQO16ZmISKq5rogzq8stLy7k05TEysprvyXV+UuLC/n6eyW11yO1wlMR8d07EcczzfWW5+Ync8ViYaZWHqlMXR4pz82fuDSVmyhMFKZPjY6NnTz97OlT2w6td/OEP36cP3r7g5ef/PLMX28/cvO975M4E0dr85a61uPYKUOrazciutNVuMFLO13ZPkv2uwFsS2b1CK+mYzEQh6q5Nvr2smUAwG55KyJWAIADJnH+B4ADpv49wNLiQr6eOvjaoOna2sPqzour0SzVrm0ur8XfVbtm1xvdEdG/lGy4MpJExOAO1D8UEZ9+/cbnaYpN11MBdtO16xFxYXCouf9Pmu5Z2KqnO1hmaFO5g/7vp/8+QJuAdd+k45/nWo3/Mmvjn2gx/ulpcexux/2P/8ytHaimrXT890LDvW3LDfHXDB6qlf5THfN1JxcvFQtp35b2Q8PR3ZOWR+9Rx/Ddv++2m9c4/vv9wzc/S+tPX9eXyNzq6tn4P+O5Su5BYm5053rEo12t4k/Wtn/SZvx7rsM6Xnn+3U/azUvjT+Otp+b4Gx3uPLAOrdyIeKLl9l+/oy255/2JI9XdYaS+U7Tw1c8f97erv3H7pymtv/5ZYC+k27//3vEPJo33a5bbvdNjbev44cbAt+3m3T/+1vv/4eT1ar6+R1zNVSozoxGHk1ebp59c/996ub58Gv/w462P/4b9/9DmdqefCS+0jXijrtu/frH9+HdXGv/4lrb/1jM3lyeb1l/9xNLZ9h+r5oZrUzrp/zpt4IOuPwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSya7lM5lsdvUZ3v+P/kyxVK4cv1ianR6P6rOyB6M7U/+py4GG30Mdrf0efr18clP5mYj4X0R81NNXLWfzpeL4fgcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVH2jz/P/VLz363DgDYNb373QAAYM85/wPAwbO183/frrUDANg7vU7qAHDg+P4fAA4e538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB22bmzZ9O08ufiQj4tj1+Zm50sXTkxXihPZqdm89l8aeZydqJUmigWsvnSVNs3urb6UiyVLo/F9OzVkUqhXBkpz82fnyrNTlfOX5rKTRTOF7r3LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Fx5bn4yVywWZmRktpip70P/lvbItMwMbe8wb+wl+valbwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4GPwTAAD//1t7JQU=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004000000", @ANYBLOB='\x00\x00\x00', @ANYRES32], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r3, &(0x7f0000002e40)=""/4101, 0x1005, 0xd37)

842.975739ms ago: executing program 1 (id=489):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getpid()
perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0x44, 0xe, 0x0, 0x0, 0x0, 0x808, 0x180, 0xee353cc557df3748, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f00000001c0), 0x3}, 0x2012, 0x6, 0x2, 0x2, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x100, 0x1a0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
r5 = msgget$private(0x0, 0x0)
msgsnd(r5, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
msgrcv(r5, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
msgctl$IPC_SET(r5, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xb, 0x6f76, 0x7, 0x0, 0x1, 0x8, 0x7f, 0x3})
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001600)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r8, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x7)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

754.315608ms ago: executing program 2 (id=491):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0xffff, 0xb7, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x1e)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000080)=@gcm_128={{0x303}, "ba28597967d1b54c", "9712b0d86846b5ecc522bc6f13a6e30c", "ea0292da", "9e87dc79f4c04982"}, 0x28)
close(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2$9p(&(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff47}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000040), 0x200080, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@version_9p2000}]}})

579.752174ms ago: executing program 2 (id=492):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a310000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
ioctl$TIOCSETD(r3, 0x5423, 0x0)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)

342.103218ms ago: executing program 2 (id=493):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000001580), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r3, @ANYBLOB="11060000000000000000010000000800050001000000200108803c0000801400040002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003002aea0914280000"], 0x174}}, 0x0)

241.465497ms ago: executing program 2 (id=494):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xfe, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x15, 0x6, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r6}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0xe8, 0x0, 0x1, 0x401, 0x0, 0x0, {0x5}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_TUPLE_REPLY={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_REPLY={0x74, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x10}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}]}, 0xe8}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0xfffffffffffffdca, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r4, {0x10, 0x4}, {}, {0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x24060050}, 0x8000)

200.676631ms ago: executing program 4 (id=495):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket(0x40000000015, 0x5, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0)

172.017554ms ago: executing program 2 (id=496):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="01000000040000000800"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@usrjquota}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q6KCqFVibHxpaUHl4EWjiQeMJnrAm7UthFCooTURQqQagxcTQ6Jn9WjiX+DNi1FPJl71bkiIcgE91czsTNldum1XtruF/XySYZ9n5pk+z7czz84z80wJoGcNZ/8kETsi4reIGKxm6wsMVz9uXLsw9fe1C1NJLC298WeSl7t+7cJUWbTcb3uRGUkj0o+TopJ68+fOn5qcnZ05W+THFk6/OzZ/7vzTJ09Pnpg5MXNm4siRw4fGn3t24pm2xJnFdX3fB3P7977y1uVXp45dfuenb7P27ii218bRYEvD57oNZ4H/tZRbXplWPx5rOYLNbWdNOunrYkNoSSUissPVn/f/wajEzYM3GC9/1NXGARsquzatcmFbXALuYkl0uwVAd5QX+uz+t1w6NPTYFK6+UL0ByuK+USzVLX3lrXp+b7Rzg+ofjohji/98mS2x+nMIAIC2+HTqi6Px1ErjvzTurSm3q5hDGYqI/0fE7oi4JyL21JS5LyLuX7vKtDbTODV06/gnvdJyUC3Ixn/PF3Nb9eO/5WYOVYrczjz+/uT4ydmZg8XvZCT6t2T58WrZYgpssa6O71/69bNm9deO/7Ilq78cCxbtuNLX8IBuenJhMh+UtsHVDyP29a0Uf7I8E5AFtTci9rX2o3eViZNPfLO/WaG1419FG+aZlr6OeLx6/BejIf5Ssvr85Nj/Ynbm4Fh5Vtzq518uvd6s/tuKvw2y47+t/vxvLDKU1M7Xzrdex6XfP2l6T/Nfz/+B5M1834Fi3fuTCwtnxyMGkqN5vm79xM19y3xZPot/5MDK/X93sU8W/wMRkZ3ED0bEQxHxcNH2RyLi0Yg4sEr8P77YfFt9/Ft3dOP4Tzd8/23Ntyyf/w3Hv/VE5dQP361c+1dvr+/4H85TI8Wa/PtvDett4G3++gAAAOCOkObvwCfp6HI6TUdHq+/w74lt6ezc/MKTx+feOzNdfVd+KPrT8knXYM3z0PGkfOZZzU8Uz4rL7YeK58afV7bm+dGpudnpLscOvW57k/6f+aPS7dYBG26lebSJgS40BOi4xv6f1mcvvtbJxgAd1fQ9mm2dbQfQeWu8R5d2qh1A5/n/WqB3rdT/LzbkzQXA3cn1H3qX/g+9S/+H3qX/Q09a64/kK7f5t/8Sd1wiWV/hSLvf1M2R6I+ItvzAgU0RTpHo9jcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAe/wbAAD///mA6oc=")

169.537414ms ago: executing program 4 (id=497):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000440)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000371f68000000ffffffff00000000", @ANYRES32=r5, @ANYBLOB="0b12050000000000240012800b00010069703667726500001400028008000100", @ANYRES32=r5], 0x44}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
sendto$inet(r6, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
syz_emit_ethernet(0x42, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0x300}]}}}}}}}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}})

48.971456ms ago: executing program 4 (id=498):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000048759fca91d6eefacc37e108824f0020000000000004c6b2e548eef3f9e11e5eaef518e1a7e9eb88971990ca25278e7d414ff90cd14d63d1b52557dc96e6100ec8b2b2e23a7ad053076d34332ed80bba7a0371af2dc2e7c9358927b0175bd01575f3c838c7cbc08fd2d7a4997960aefe7abf467cd37ba6d75092c91c9feb937255383e515eaab24289446233f48c92b1d71254808bd5ff358f"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x75c1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffeff}, 0x94)
r2 = syz_open_dev$mouse(&(0x7f00000000c0), 0xfff, 0x408000)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x6c, 0x9, 0x6, 0xd02, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_ADT={0x58, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x1ff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0xff}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48000}, 0x40001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x1, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x4000}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000280)=r3}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r5, &(0x7f00000001c0), 0x0}, 0x20)
r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x6168, 0x8, 0x5, 0x1b9}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000300)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r6, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x12345})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x58, 0x10, 0x401, 0x1000000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}, @IFLA_XFRM_LINK={0x8, 0x1, 0x2}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x58}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r11}, 0x18)
r12 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0)
read$eventfd(r12, &(0x7f0000000080), 0x8)
r13 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
read$rfkill(r13, &(0x7f0000000040), 0x8)
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
munlockall()

7.97625ms ago: executing program 2 (id=499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

0s ago: executing program 3 (id=500):
r0 = socket(0x2b, 0x80801, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]})
r3 = gettid()
process_vm_readv(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0x0, 0x0, 0x4c62d6309aaa1bde, 0xff000000], 'ip6tnl0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x4, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000330000/0x2000)=nil, 0x2000, 0x0, 0x600, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="14000000100001000000001e000000000000000a68000000060a0b040000000000000000020000003c00048014000180090001006c6173740000000004000280240001800a0001807265646972000000140002800800034000000028080001400000001d0900010073797a30000000000900020073797a32"], 0x90}}, 0x2000c004)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_opts(r7, 0x0, 0x4, 0x0, &(0x7f0000000180))
getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, 0x0, &(0x7f00000000c0))

kernel console output (not intermixed with test programs):

ave_0) entered blocking state
[   30.117786][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.126343][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.133421][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.142221][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.149381][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.158152][  T111] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.165455][  T111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.179375][  T111] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.186462][  T111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.206831][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.213951][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.243389][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.259797][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.294325][ T3316] 8021q: adding VLAN 0 to HW filter on device team0
[   30.303230][ T3321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.342582][  T316] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.349655][  T316] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.358174][  T316] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.365299][  T316] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.375437][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.426233][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.459963][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.489275][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.534988][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.579159][ T3314] veth0_vlan: entered promiscuous mode
[   30.616496][ T3314] veth1_vlan: entered promiscuous mode
[   30.645907][ T3314] veth0_macvtap: entered promiscuous mode
[   30.662476][ T3321] veth0_vlan: entered promiscuous mode
[   30.677942][ T3314] veth1_macvtap: entered promiscuous mode
[   30.694641][ T3321] veth1_vlan: entered promiscuous mode
[   30.701886][ T3313] veth0_vlan: entered promiscuous mode
[   30.716146][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.734918][ T3313] veth1_vlan: entered promiscuous mode
[   30.749878][ T3316] veth0_vlan: entered promiscuous mode
[   30.759925][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1
[   30.768976][ T3321] veth0_macvtap: entered promiscuous mode
[   30.776429][ T3321] veth1_macvtap: entered promiscuous mode
[   30.786079][ T3316] veth1_vlan: entered promiscuous mode
[   30.795744][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.812364][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   30.823634][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.833017][ T3315] veth0_vlan: entered promiscuous mode
[   30.841063][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.855982][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   30.863786][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   30.874569][ T3315] veth1_vlan: entered promiscuous mode
[   30.885199][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   30.902933][ T3315] veth0_macvtap: entered promiscuous mode
[   30.917255][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   30.931141][ T3315] veth1_macvtap: entered promiscuous mode
[   30.941531][   T52] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   30.952629][ T3314] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   30.955119][ T3316] veth0_macvtap: entered promiscuous mode
[   30.976217][ T3316] veth1_macvtap: entered promiscuous mode
[   30.989209][   T52] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.003150][ T3313] veth0_macvtap: entered promiscuous mode
[   31.014989][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.024247][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.038705][ T3483] loop3: detected capacity change from 0 to 512
[   31.046358][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.054560][ T3483] EXT4-fs: Invalid want_extra_isize 7
[   31.056462][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.081941][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.104677][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.113668][ T3313] veth1_macvtap: entered promiscuous mode
[   31.114262][ T3485] loop2: detected capacity change from 0 to 1024
[   31.128687][ T3485] EXT4-fs: Ignoring removed orlov option
[   31.130227][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.144631][ T3485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.147124][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.207500][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.245260][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.257397][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.275684][   T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.285163][   T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.291683][ T3494] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5'.
[   31.314340][   T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.520280][   T29] kauditd_printk_skb: 33 callbacks suppressed
[   31.520298][   T29] audit: type=1400 audit(1763207084.733:105): avc:  denied  { open } for  pid=3490 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   31.545460][   T29] audit: type=1400 audit(1763207084.733:106): avc:  denied  { kernel } for  pid=3490 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   31.662376][   T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.672565][   T29] audit: type=1400 audit(1763207084.873:107): avc:  denied  { create } for  pid=3497 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   31.691998][   T29] audit: type=1400 audit(1763207084.883:108): avc:  denied  { setopt } for  pid=3497 comm="syz.1.2" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   31.721173][ T3506] loop0: detected capacity change from 0 to 1024
[   31.728189][ T3506] =======================================================
[   31.728189][ T3506] WARNING: The mand mount option has been deprecated and
[   31.728189][ T3506]          and is ignored by this kernel. Remove the mand
[   31.728189][ T3506]          option from the mount to silence this warning.
[   31.728189][ T3506] =======================================================
[   31.731440][ T3504] lo speed is unknown, defaulting to 1000
[   31.775648][   T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.789277][ T3506] EXT4-fs: Ignoring removed nobh option
[   31.795032][ T3506] EXT4-fs: Ignoring removed bh option
[   31.800007][   T29] audit: type=1400 audit(1763207084.933:109): avc:  denied  { read write } for  pid=3505 comm="syz.0.7" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   31.824187][   T29] audit: type=1400 audit(1763207084.933:110): avc:  denied  { open } for  pid=3505 comm="syz.0.7" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   31.847928][   T29] audit: type=1400 audit(1763207084.943:111): avc:  denied  { create } for  pid=3497 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   31.868048][   T29] audit: type=1400 audit(1763207084.943:112): avc:  denied  { write } for  pid=3497 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   31.897420][   T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.906231][ T3504] lo speed is unknown, defaulting to 1000
[   31.915444][   T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.928982][ T3504] lo speed is unknown, defaulting to 1000
[   31.962154][ T3504] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   31.972516][ T3504] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   31.981351][ T3510] FAULT_INJECTION: forcing a failure.
[   31.981351][ T3510] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   31.994630][ T3510] CPU: 0 UID: 0 PID: 3510 Comm: syz.4.8 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   31.994718][ T3510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   31.994731][ T3510] Call Trace:
[   31.994738][ T3510]  <TASK>
[   31.994747][ T3510]  __dump_stack+0x1d/0x30
[   31.994770][ T3510]  dump_stack_lvl+0xe8/0x140
[   31.994788][ T3510]  dump_stack+0x15/0x1b
[   31.994849][ T3510]  should_fail_ex+0x265/0x280
[   31.994887][ T3510]  should_fail+0xb/0x20
[   31.994921][ T3510]  should_fail_usercopy+0x1a/0x20
[   31.994973][ T3510]  _copy_from_user+0x1c/0xb0
[   31.995002][ T3510]  copy_from_sockptr+0x5e/0xa0
[   31.995033][ T3510]  do_ip_setsockopt+0x17e8/0x2240
[   31.995223][ T3510]  ip_setsockopt+0x58/0x110
[   31.995258][ T3510]  tcp_setsockopt+0x98/0xb0
[   31.995281][ T3510]  sock_common_setsockopt+0x69/0x80
[   31.995379][ T3510]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   31.995409][ T3510]  __sys_setsockopt+0x184/0x200
[   31.995446][ T3510]  __x64_sys_setsockopt+0x64/0x80
[   31.995508][ T3510]  x64_sys_call+0x20ec/0x3000
[   31.995528][ T3510]  do_syscall_64+0xd2/0x200
[   31.995557][ T3510]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   31.995589][ T3510]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   31.995627][ T3510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   31.995652][ T3510] RIP: 0033:0x7f477a8ff6c9
[   31.995797][ T3510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   31.995816][ T3510] RSP: 002b:00007f4779367038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   31.995838][ T3510] RAX: ffffffffffffffda RBX: 00007f477ab55fa0 RCX: 00007f477a8ff6c9
[   31.995853][ T3510] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000006
[   31.995867][ T3510] RBP: 00007f4779367090 R08: 000000000000000c R09: 0000000000000000
[   31.995908][ T3510] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   31.995919][ T3510] R13: 00007f477ab56038 R14: 00007f477ab55fa0 R15: 00007ffc3205c168
[   31.995935][ T3510]  </TASK>
[   32.212256][ T3504] lo speed is unknown, defaulting to 1000
[   32.218436][ T3504] lo speed is unknown, defaulting to 1000
[   32.263344][ T3506] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.292741][ T3504] lo speed is unknown, defaulting to 1000
[   32.309727][ T3504] lo speed is unknown, defaulting to 1000
[   32.324076][ T3504] lo speed is unknown, defaulting to 1000
[   32.326784][   T29] audit: type=1400 audit(1763207085.543:113): avc:  denied  { create } for  pid=3515 comm="syz.4.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   32.379915][   T29] audit: type=1400 audit(1763207085.583:114): avc:  denied  { read write } for  pid=3505 comm="syz.0.7" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.384407][ T3506] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[   32.491888][ T3506] EXT4-fs (loop0): Remounting filesystem read-only
[   32.529185][ T3528] netlink: 36 bytes leftover after parsing attributes in process `syz.4.13'.
[   32.602421][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.627872][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.641555][ T3531] FAULT_INJECTION: forcing a failure.
[   32.641555][ T3531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   32.654732][ T3531] CPU: 0 UID: 0 PID: 3531 Comm: syz.0.14 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   32.654802][ T3531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   32.654816][ T3531] Call Trace:
[   32.654824][ T3531]  <TASK>
[   32.654851][ T3531]  __dump_stack+0x1d/0x30
[   32.654874][ T3531]  dump_stack_lvl+0xe8/0x140
[   32.654897][ T3531]  dump_stack+0x15/0x1b
[   32.654917][ T3531]  should_fail_ex+0x265/0x280
[   32.654972][ T3531]  should_fail+0xb/0x20
[   32.655005][ T3531]  should_fail_usercopy+0x1a/0x20
[   32.655056][ T3531]  _copy_from_user+0x1c/0xb0
[   32.655078][ T3531]  ___sys_sendmsg+0xc1/0x1d0
[   32.655110][ T3531]  __x64_sys_sendmsg+0xd4/0x160
[   32.655198][ T3531]  x64_sys_call+0x191e/0x3000
[   32.655223][ T3531]  do_syscall_64+0xd2/0x200
[   32.655247][ T3531]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   32.655405][ T3531]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   32.655441][ T3531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   32.655464][ T3531] RIP: 0033:0x7fba1764f6c9
[   32.655484][ T3531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   32.655500][ T3531] RSP: 002b:00007fba160af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   32.655520][ T3531] RAX: ffffffffffffffda RBX: 00007fba178a5fa0 RCX: 00007fba1764f6c9
[   32.655535][ T3531] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006
[   32.655549][ T3531] RBP: 00007fba160af090 R08: 0000000000000000 R09: 0000000000000000
[   32.655570][ T3531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   32.655584][ T3531] R13: 00007fba178a6038 R14: 00007fba178a5fa0 R15: 00007fffc73d6148
[   32.655625][ T3531]  </TASK>
[   32.949140][ T3532] lo speed is unknown, defaulting to 1000
[   33.142045][ T3528] lo speed is unknown, defaulting to 1000
[   33.612979][ T3540] process 'syz.0.16' launched '/dev/fd/8' with NULL argv: empty string added
[   33.634861][ T3544] netlink: 44 bytes leftover after parsing attributes in process `syz.2.15'.
[   33.870546][ T3555] loop4: detected capacity change from 0 to 1024
[   33.897461][ T3555] EXT4-fs: Ignoring removed orlov option
[   33.937321][ T3555] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.953783][ T3554] loop3: detected capacity change from 0 to 1024
[   33.973045][ T3554] EXT4-fs: inline encryption not supported
[   33.979079][ T3554] EXT4-fs: Ignoring removed orlov option
[   34.040731][ T3554] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   34.068233][ T3558] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   34.092744][ T3554] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840c018, mo2=0002]
[   34.117262][ T3554] System zones: 0-1, 3-12
[   34.133793][ T3554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.270246][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.300822][ T3567] loop3: detected capacity change from 0 to 512
[   34.317086][ T3567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.330561][ T3567] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.343351][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.350776][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.358227][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.366245][ T3567] FAULT_INJECTION: forcing a failure.
[   34.366245][ T3567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   34.379360][ T3567] CPU: 1 UID: 0 PID: 3567 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   34.379391][ T3567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   34.379405][ T3567] Call Trace:
[   34.379412][ T3567]  <TASK>
[   34.379419][ T3567]  __dump_stack+0x1d/0x30
[   34.379449][ T3567]  dump_stack_lvl+0xe8/0x140
[   34.379468][ T3567]  dump_stack+0x15/0x1b
[   34.379505][ T3567]  should_fail_ex+0x265/0x280
[   34.379544][ T3567]  should_fail+0xb/0x20
[   34.379632][ T3567]  should_fail_usercopy+0x1a/0x20
[   34.379657][ T3567]  _copy_from_user+0x1c/0xb0
[   34.379685][ T3567]  uhid_char_write+0xef/0x650
[   34.379754][ T3567]  ? __pfx_uhid_char_write+0x10/0x10
[   34.379785][ T3567]  vfs_write+0x269/0x960
[   34.379813][ T3567]  ? __rcu_read_unlock+0x4f/0x70
[   34.379881][ T3567]  ? __fget_files+0x184/0x1c0
[   34.379907][ T3567]  ksys_write+0xda/0x1a0
[   34.379933][ T3567]  __x64_sys_write+0x40/0x50
[   34.380035][ T3567]  x64_sys_call+0x2802/0x3000
[   34.380141][ T3567]  do_syscall_64+0xd2/0x200
[   34.380163][ T3567]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   34.380243][ T3567]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   34.380281][ T3567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.380316][ T3567] RIP: 0033:0x7f27ecdaf6c9
[   34.380367][ T3567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.380387][ T3567] RSP: 002b:00007f27eb80f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   34.380406][ T3567] RAX: ffffffffffffffda RBX: 00007f27ed005fa0 RCX: 00007f27ecdaf6c9
[   34.380418][ T3567] RDX: 0000000000000004 RSI: 0000200000000080 RDI: 0000000000000004
[   34.380451][ T3567] RBP: 00007f27eb80f090 R08: 0000000000000000 R09: 0000000000000000
[   34.380477][ T3567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.380491][ T3567] R13: 00007f27ed006038 R14: 00007f27ed005fa0 R15: 00007ffdbf97dd48
[   34.380513][ T3567]  </TASK>
[   34.574652][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.582090][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.589501][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.597079][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.604596][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.612043][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.619440][   T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   34.648771][   T36] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[   34.718002][ T3581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26'.
[   34.728179][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.749772][ T3581] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   34.757510][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_0
[   34.772299][ T3583] netlink: 56 bytes leftover after parsing attributes in process `syz.3.27'.
[   34.782210][ T3581] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   34.782517][ T3576] fido_id[3576]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   34.789615][ T3581] batman_adv: batadv0: Removing interface: batadv_slave_1
[   34.811119][ T3585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28'.
[   34.866603][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.246208][ T3592] syz.3.30 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   35.287260][ T3592] vlan0: entered allmulticast mode
[   35.338285][ T3599] loop3: detected capacity change from 0 to 512
[   35.350702][ T3599] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   35.394862][ T3599] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #3: comm syz.3.30: corrupted inode contents
[   35.409351][ T3599] EXT4-fs (loop3): Remounting filesystem read-only
[   35.416810][ T3599] EXT4-fs (loop3): 1 truncate cleaned up
[   35.423038][ T3599] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.435826][ T3599] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.446711][ T3599] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.589219][ T3606] lo speed is unknown, defaulting to 1000
[   36.422609][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   36.535478][ T3615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.36'.
[   36.545780][ T3599] syz.3.30 (3599) used greatest stack depth: 9696 bytes left
[   36.572217][ T3615] hsr_slave_0: left promiscuous mode
[   36.608986][ T3615] hsr_slave_1: left promiscuous mode
[   36.624574][ T3617] loop2: detected capacity change from 0 to 512
[   36.648715][ T3621] loop0: detected capacity change from 0 to 512
[   36.668279][ T3622] netlink: 56 bytes leftover after parsing attributes in process `syz.3.38'.
[   36.694782][ T3613] vlan2: entered allmulticast mode
[   36.715122][ T3617] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.780076][ T3617] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   36.828868][ T3621] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.35: corrupted inode contents
[   36.847174][ T3621] EXT4-fs (loop0): Remounting filesystem read-only
[   36.882338][ T3632] loop4: detected capacity change from 0 to 512
[   36.903881][   T29] kauditd_printk_skb: 485 callbacks suppressed
[   36.903906][   T29] audit: type=1400 audit(1763207090.103:598): avc:  denied  { tracepoint } for  pid=3629 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   36.944837][ T3621] Quota error (device loop0): write_blk: dquota write failed
[   36.952533][ T3615] Quota error (device loop2): do_check_range: Getting block 32773 out of range 1-6
[   36.961914][ T3615] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[   36.970574][ T3632] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   36.971357][ T3615] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.36: Failed to acquire dquot type 0
[   36.979700][ T3621] Quota error (device loop0): qtree_write_dquot: Error -30 occurred while creating quota
[   37.092281][ T3632] EXT4-fs (loop4): orphan cleanup on readonly fs
[   37.110555][ T3630] loop3: detected capacity change from 0 to 1024
[   37.117623][ T3632] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present
[   37.127784][ T3632] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[   37.137218][ T3632] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.41: Failed to acquire dquot type 1
[   37.156887][ T3621] EXT4-fs (loop0): 1 truncate cleaned up
[   37.167492][ T3615] siw: device registration error -23
[   37.173516][ T3630] EXT4-fs: Ignoring removed orlov option
[   37.179282][ T3630] EXT4-fs: Ignoring removed nomblk_io_submit option
[   37.189681][ T3621] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.230785][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz-executor: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1
[   37.251553][ T3621] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   37.263202][ T3632] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.41: bg 0: block 40: padding at end of block bitmap is not set
[   37.278339][ T3630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.291490][ T3621] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.300663][ T3632] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   37.310583][   T29] audit: type=1400 audit(1763207090.523:599): avc:  denied  { write } for  pid=3629 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   37.340147][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   37.362050][ T3632] EXT4-fs (loop4): 1 truncate cleaned up
[   37.368193][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 13: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   37.389804][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 14: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   37.411038][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 15: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=32773, rec_len=0, size=2048 fake=0
[   37.433661][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   37.455777][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 17: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   37.486835][ T3321] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[   37.501599][ T3321] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 19: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   37.627301][ T3632] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   37.641538][   T29] audit: type=1400 audit(1763207090.853:600): avc:  denied  { connect } for  pid=3640 comm="syz.1.44" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   37.663760][ T3641] xt_CT: You must specify a L4 protocol and not use inversions on it
[   37.674029][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.744145][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.748165][   T29] audit: type=1326 audit(1763207090.963:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3642 comm="syz.3.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   37.802640][ T3644] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[   37.849153][ T3650] netlink: 44 bytes leftover after parsing attributes in process `syz.0.46'.
[   37.882077][  T111] Bluetooth: hci0: Frame reassembly failed (-84)
[   37.965337][ T3657] vlan2: entered allmulticast mode
[   38.044173][ T3660] loop4: detected capacity change from 0 to 512
[   38.087186][ T3660] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #3: comm syz.4.48: corrupted inode contents
[   38.104664][ T3660] EXT4-fs (loop4): Remounting filesystem read-only
[   38.137338][ T3660] EXT4-fs (loop4): 1 truncate cleaned up
[   38.149873][ T3666] loop1: detected capacity change from 0 to 512
[   38.162177][ T3660] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.174891][ T3660] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.187710][ T3666] EXT4-fs: Invalid want_extra_isize 7
[   38.218370][ T3660] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.037204][ T3682] FAULT_INJECTION: forcing a failure.
[   39.037204][ T3682] name failslab, interval 1, probability 0, space 0, times 1
[   39.050034][ T3682] CPU: 0 UID: 0 PID: 3682 Comm: syz.3.54 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   39.050066][ T3682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   39.050079][ T3682] Call Trace:
[   39.050087][ T3682]  <TASK>
[   39.050104][ T3682]  __dump_stack+0x1d/0x30
[   39.050129][ T3682]  dump_stack_lvl+0xe8/0x140
[   39.050228][ T3682]  dump_stack+0x15/0x1b
[   39.050246][ T3682]  should_fail_ex+0x265/0x280
[   39.050300][ T3682]  should_failslab+0x8c/0xb0
[   39.050325][ T3682]  kmem_cache_alloc_noprof+0x50/0x480
[   39.050427][ T3682]  ? audit_log_start+0x342/0x720
[   39.050529][ T3682]  audit_log_start+0x342/0x720
[   39.050551][ T3682]  audit_seccomp+0x48/0x100
[   39.050583][ T3682]  ? __seccomp_filter+0x82d/0x1250
[   39.050663][ T3682]  __seccomp_filter+0x83e/0x1250
[   39.050689][ T3682]  ? _raw_spin_unlock+0x26/0x50
[   39.050732][ T3682]  __secure_computing+0x82/0x150
[   39.050762][ T3682]  syscall_trace_enter+0xcf/0x1e0
[   39.050810][ T3682]  do_syscall_64+0xac/0x200
[   39.050831][ T3682]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   39.050860][ T3682]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   39.050928][ T3682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   39.050984][ T3682] RIP: 0033:0x7f27ecdaf6c9
[   39.051002][ T3682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   39.051019][ T3682] RSP: 002b:00007f27eb80f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000043
[   39.051038][ T3682] RAX: ffffffffffffffda RBX: 00007f27ed005fa0 RCX: 00007f27ecdaf6c9
[   39.051050][ T3682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   39.051061][ T3682] RBP: 00007f27eb80f090 R08: 0000000000000000 R09: 0000000000000000
[   39.051075][ T3682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   39.051088][ T3682] R13: 00007f27ed006038 R14: 00007f27ed005fa0 R15: 00007ffdbf97dd48
[   39.051132][ T3682]  </TASK>
[   39.373061][ T3684] loop3: detected capacity change from 0 to 512
[   39.402544][ T3684] EXT4-fs: Invalid want_extra_isize 7
[   39.434887][ T3686] Cannot find add_set index 2 as target
[   39.458971][ T3686] SELinux:  Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped).
[   39.724143][ T3700] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   39.916217][ T3705] random: crng reseeded on system resumption
[   39.951872][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   39.952206][ T3556] Bluetooth: hci0: command 0x1003 tx timeout
[   40.020971][ T3704] syz.1.63 (3704) used greatest stack depth: 9400 bytes left
[   40.073474][ T3713] syz.1.66 uses obsolete (PF_INET,SOCK_PACKET)
[   40.104382][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.113295][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.127951][ T3711] SELinux:  Context � is not valid (left unmapped).
[   40.154295][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.168718][ T3722] loop3: detected capacity change from 0 to 512
[   40.175323][ T3723] loop1: detected capacity change from 0 to 2048
[   40.185818][ T3722] EXT4-fs: Invalid want_extra_isize 7
[   40.201604][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.210407][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.249545][ T3713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'.
[   40.272001][ T3726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'.
[   40.304552][ T3726] IPv6: NLM_F_CREATE should be specified when creating new route
[   40.323206][ T3723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.384964][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.545819][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   40.562143][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   40.608243][ T3748] loop0: detected capacity change from 0 to 256
[   40.664638][ T3748] FAT-fs (loop0): Directory bread(block 64) failed
[   40.688917][ T3748] FAT-fs (loop0): Directory bread(block 65) failed
[   40.698551][ T3744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   40.706032][ T3744] batman_adv: batadv0: Removing interface: batadv_slave_0
[   40.713959][ T3748] FAT-fs (loop0): Directory bread(block 66) failed
[   40.731577][ T3748] FAT-fs (loop0): Directory bread(block 67) failed
[   40.750181][ T3748] FAT-fs (loop0): Directory bread(block 68) failed
[   40.773998][ T3748] FAT-fs (loop0): Directory bread(block 69) failed
[   40.790795][ T3748] FAT-fs (loop0): Directory bread(block 70) failed
[   40.797933][ T3744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   40.805361][ T3744] batman_adv: batadv0: Removing interface: batadv_slave_1
[   40.808427][ T3748] FAT-fs (loop0): Directory bread(block 71) failed
[   40.824791][ T3748] FAT-fs (loop0): Directory bread(block 72) failed
[   40.840065][ T3748] FAT-fs (loop0): Directory bread(block 73) failed
[   40.878456][ T3748] syz.0.76: attempt to access beyond end of device
[   40.878456][ T3748] loop0: rw=0, sector=1768, nr_sectors = 4 limit=256
[   40.961246][ T3751] loop0: detected capacity change from 0 to 512
[   40.993439][ T3751] EXT4-fs: Invalid want_extra_isize 7
[   41.113378][ T3753] lo speed is unknown, defaulting to 1000
[   41.369485][ T3762] lo speed is unknown, defaulting to 1000
[   42.591854][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   42.854825][ T3771] lo speed is unknown, defaulting to 1000
[   43.008764][ T3774] loop1: detected capacity change from 0 to 512
[   43.019690][   T29] kauditd_printk_skb: 313 callbacks suppressed
[   43.019708][   T29] audit: type=1400 audit(1763207096.233:911): avc:  denied  { create } for  pid=3775 comm="syz.3.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   43.113154][ T3774] EXT4-fs: Invalid want_extra_isize 7
[   43.477561][ T3778] __nla_validate_parse: 11 callbacks suppressed
[   43.477652][ T3778] netlink: 56 bytes leftover after parsing attributes in process `syz.3.85'.
[   43.502826][   T29] audit: type=1400 audit(1763207096.293:912): avc:  denied  { setopt } for  pid=3775 comm="syz.3.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   43.522191][   T29] audit: type=1400 audit(1763207096.293:913): avc:  denied  { create } for  pid=3775 comm="syz.3.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[   43.836279][   T29] audit: type=1400 audit(1763207097.053:914): avc:  denied  { mounton } for  pid=3786 comm="syz.4.88" path="/24/file1" dev="tmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   43.879377][ T3789] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   44.338617][ T3797] netlink: 20 bytes leftover after parsing attributes in process `syz.0.89'.
[   44.347503][ T3797] netlink: 20 bytes leftover after parsing attributes in process `syz.0.89'.
[   44.440408][   T29] audit: type=1326 audit(1763207097.623:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3773 comm="syz.1.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   44.463798][   T29] audit: type=1326 audit(1763207097.623:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3773 comm="syz.1.83" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   44.532938][ T3801] netlink: 36 bytes leftover after parsing attributes in process `syz.1.91'.
[   44.580862][   T29] audit: type=1326 audit(1763207097.743:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3798 comm="syz.0.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   44.583274][ T3801] lo speed is unknown, defaulting to 1000
[   44.605495][   T29] audit: type=1326 audit(1763207097.743:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3798 comm="syz.0.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   44.635376][   T29] audit: type=1326 audit(1763207097.743:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3798 comm="syz.0.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   44.658534][   T29] audit: type=1326 audit(1763207097.743:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3798 comm="syz.0.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   44.692648][ T3803] loop0: detected capacity change from 0 to 1024
[   44.720200][ T3803] EXT4-fs: Ignoring removed orlov option
[   44.762620][ T3803] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.804820][ T3785] loop9: detected capacity change from 0 to 7
[   44.811377][ T3785] Buffer I/O error on dev loop9, logical block 0, async page read
[   44.819748][ T3785] Buffer I/O error on dev loop9, logical block 0, async page read
[   44.827626][ T3785]  loop9: unable to read partition table
[   44.861882][ T3785] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   44.861882][ T3785] 
) failed (rc=-5)
[   44.862989][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   44.886509][ T3810] netlink: 36 bytes leftover after parsing attributes in process `syz.4.93'.
[   44.915423][ T3810] lo speed is unknown, defaulting to 1000
[   44.938890][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   44.951497][ T3813] netlink: 32 bytes leftover after parsing attributes in process `syz.1.94'.
[   44.972465][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   45.000798][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   45.018189][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   45.162484][ T3818] loop3: detected capacity change from 0 to 2048
[   45.222289][ T3580]  loop3: p1 < > p4
[   45.229768][ T3580] loop3: p4 size 722688 extends beyond EOD, truncated
[   45.243372][ T3818]  loop3: p1 < > p4
[   45.260887][ T3818] loop3: p4 size 722688 extends beyond EOD, truncated
[   45.279372][ T3004]  loop3: p1 < > p4
[   45.290135][ T3004] loop3: p4 size 722688 extends beyond EOD, truncated
[   45.316837][ T3822] netlink: 56 bytes leftover after parsing attributes in process `syz.4.97'.
[   45.340541][ T3580] udevd[3580]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   45.351942][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   45.393130][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   45.403609][ T3580] udevd[3580]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   45.422180][ T3826] netlink: 36 bytes leftover after parsing attributes in process `syz.3.99'.
[   45.432067][ T3580] udevd[3580]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   45.441974][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   45.492049][ T3826] lo speed is unknown, defaulting to 1000
[   45.566684][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.617272][ T3832] siw: device registration error -23
[   45.623602][ T3834] netlink: 156 bytes leftover after parsing attributes in process `syz.0.101'.
[   45.650287][ T3834] siw: device registration error -23
[   45.752986][ T3841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.104'.
[   45.919017][ T3855] loop0: detected capacity change from 0 to 512
[   45.939188][ T3855] EXT4-fs: Invalid want_extra_isize 7
[   45.976132][ T3858] loop3: detected capacity change from 0 to 2048
[   45.992549][ T3858] ext4: Unknown parameter 'fowner'
[   45.999379][ T3851] loop9: detected capacity change from 0 to 7
[   46.005790][ T3851] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.013828][ T3851] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.021694][ T3851]  loop9: unable to read partition table
[   46.031922][ T3851] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   46.031922][ T3851] 
) failed (rc=-5)
[   46.046363][ T3306] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.170797][ T3859] loop3: detected capacity change from 0 to 512
[   46.394248][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.676764][ T3875] siw: device registration error -23
[   46.793734][ T3885] siw: device registration error -23
[   47.030964][ T3903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   47.038612][ T3903] batman_adv: batadv0: Removing interface: batadv_slave_0
[   47.046489][ T3903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   47.046737][ T3872] loop9: detected capacity change from 0 to 7
[   47.054089][ T3903] batman_adv: batadv0: Removing interface: batadv_slave_1
[   47.060397][ T3872]  loop9: unable to read partition table
[   47.073349][ T3872] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   47.073349][ T3872] 
) failed (rc=-5)
[   47.083922][ T3556] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   47.286967][ T3918] siw: device registration error -23
[   47.319361][ T3912] lo speed is unknown, defaulting to 1000
[   47.378319][ T3927] netlink: 'syz.1.130': attribute type 3 has an invalid length.
[   47.388942][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.396889][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.404803][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.412721][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.420743][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.428827][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.436693][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.444497][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.452394][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.460290][ T3928] ICMPv6: RA: ndisc_router_discovery failed to add default route
[   47.470664][ T3927] netlink: 'syz.1.130': attribute type 3 has an invalid length.
[   47.548123][ T3927] lo speed is unknown, defaulting to 1000
[   47.578820][ T3932] usb usb1: check_ctrlrecip: process 3932 (syz.1.130) requesting ep 01 but needs 81
[   47.594818][ T3932] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   47.635091][ T3936] lo speed is unknown, defaulting to 1000
[   47.804337][ T3941] lo speed is unknown, defaulting to 1000
[   47.850046][ T3944] loop0: detected capacity change from 0 to 512
[   47.898508][ T3944] EXT4-fs: Invalid want_extra_isize 7
[   48.124218][   T29] kauditd_printk_skb: 222 callbacks suppressed
[   48.124237][   T29] audit: type=1400 audit(1763207101.343:1143): avc:  denied  { shutdown } for  pid=3949 comm="syz.2.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   48.150111][   T29] audit: type=1400 audit(1763207101.343:1144): avc:  denied  { getopt } for  pid=3949 comm="syz.2.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   48.169577][   T29] audit: type=1400 audit(1763207101.353:1145): avc:  denied  { listen } for  pid=3949 comm="syz.2.141" lport=56492 faddr=::ffff:100.1.1.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   48.240262][   T29] audit: type=1326 audit(1763207101.453:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.301647][ T3959] random: crng reseeded on system resumption
[   48.371243][   T29] audit: type=1326 audit(1763207101.453:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.394623][   T29] audit: type=1326 audit(1763207101.483:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.418033][   T29] audit: type=1326 audit(1763207101.483:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.441425][   T29] audit: type=1326 audit(1763207101.483:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.464817][   T29] audit: type=1326 audit(1763207101.493:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.488068][   T29] audit: type=1326 audit(1763207101.493:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3958 comm="syz.3.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   48.495355][ T3973] vlan2: entered allmulticast mode
[   48.567622][ T3971] loop2: detected capacity change from 0 to 512
[   48.659620][ T3971] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #3: comm syz.2.147: corrupted inode contents
[   48.715645][ T3981] loop4: detected capacity change from 0 to 512
[   48.722003][ T3971] EXT4-fs (loop2): Remounting filesystem read-only
[   48.726883][ T3981] EXT4-fs: Ignoring removed nobh option
[   48.729197][ T3971] EXT4-fs (loop2): 1 truncate cleaned up
[   48.761036][ T3971] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.788210][ T3981] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[   48.798246][ T3971] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.811911][ T3981] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #13: comm syz.4.149: attempt to clear invalid blocks 1 len 1
[   48.824559][ T3971] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.851859][ T3981] EXT4-fs (loop4): Remounting filesystem read-only
[   48.858532][ T3981] EXT4-fs (loop4): 1 truncate cleaned up
[   48.983408][ T3981] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.069224][ T3987] FAULT_INJECTION: forcing a failure.
[   49.069224][ T3987] name failslab, interval 1, probability 0, space 0, times 0
[   49.082384][ T3987] CPU: 0 UID: 0 PID: 3987 Comm: syz.1.151 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.082416][ T3987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   49.082429][ T3987] Call Trace:
[   49.082446][ T3987]  <TASK>
[   49.082453][ T3987]  __dump_stack+0x1d/0x30
[   49.082474][ T3987]  dump_stack_lvl+0xe8/0x140
[   49.082492][ T3987]  dump_stack+0x15/0x1b
[   49.082510][ T3987]  should_fail_ex+0x265/0x280
[   49.082588][ T3987]  should_failslab+0x8c/0xb0
[   49.082643][ T3987]  kmem_cache_alloc_noprof+0x50/0x480
[   49.082739][ T3987]  ? audit_log_start+0x342/0x720
[   49.082762][ T3987]  audit_log_start+0x342/0x720
[   49.082787][ T3987]  ? kstrtouint+0x76/0xc0
[   49.082822][ T3987]  audit_seccomp+0x48/0x100
[   49.082890][ T3987]  ? __seccomp_filter+0x82d/0x1250
[   49.083044][ T3987]  __seccomp_filter+0x83e/0x1250
[   49.083073][ T3987]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   49.083179][ T3987]  ? vfs_write+0x7e8/0x960
[   49.083271][ T3987]  __secure_computing+0x82/0x150
[   49.083302][ T3987]  syscall_trace_enter+0xcf/0x1e0
[   49.083355][ T3987]  do_syscall_64+0xac/0x200
[   49.083374][ T3987]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   49.083405][ T3987]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   49.083442][ T3987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.083474][ T3987] RIP: 0033:0x7fbd1be1f6c9
[   49.083491][ T3987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.083507][ T3987] RSP: 002b:00007fbd1a87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000043
[   49.083529][ T3987] RAX: ffffffffffffffda RBX: 00007fbd1c075fa0 RCX: 00007fbd1be1f6c9
[   49.083544][ T3987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   49.083558][ T3987] RBP: 00007fbd1a87f090 R08: 0000000000000000 R09: 0000000000000000
[   49.083639][ T3987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.083702][ T3987] R13: 00007fbd1c076038 R14: 00007fbd1c075fa0 R15: 00007ffe8bc17428
[   49.083720][ T3987]  </TASK>
[   49.362693][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.412972][ T4000] __nla_validate_parse: 14 callbacks suppressed
[   49.413029][ T4000] netlink: 56 bytes leftover after parsing attributes in process `syz.1.155'.
[   49.415507][ T3997] vlan2: entered allmulticast mode
[   49.462419][ T4003] netlink: 20 bytes leftover after parsing attributes in process `syz.0.156'.
[   49.471342][ T4003] netlink: 20 bytes leftover after parsing attributes in process `syz.0.156'.
[   49.504782][ T3997] loop4: detected capacity change from 0 to 512
[   49.537131][ T4008] vlan2: entered allmulticast mode
[   49.556895][ T3997] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #3: comm syz.4.154: corrupted inode contents
[   49.557059][ T3997] EXT4-fs (loop4): Remounting filesystem read-only
[   49.577251][ T3997] EXT4-fs (loop4): 1 truncate cleaned up
[   49.577673][ T3997] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.577793][ T3997] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.580468][ T3997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.588291][ T4012] loop1: detected capacity change from 0 to 512
[   49.594371][ T4012] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.158: corrupted inode contents
[   49.594486][ T4012] EXT4-fs (loop1): Remounting filesystem read-only
[   49.594842][ T4012] EXT4-fs (loop1): 1 truncate cleaned up
[   49.605540][ T4012] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.605611][ T4012] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.609421][ T4012] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.688805][ T4019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.161'.
[   49.701610][ T4021] FAULT_INJECTION: forcing a failure.
[   49.701610][ T4021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.701642][ T4021] CPU: 1 UID: 0 PID: 4021 Comm: syz.3.160 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.701669][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   49.701682][ T4021] Call Trace:
[   49.701690][ T4021]  <TASK>
[   49.701697][ T4021]  __dump_stack+0x1d/0x30
[   49.701776][ T4021]  dump_stack_lvl+0xe8/0x140
[   49.701802][ T4021]  dump_stack+0x15/0x1b
[   49.701903][ T4021]  should_fail_ex+0x265/0x280
[   49.701936][ T4021]  should_fail+0xb/0x20
[   49.702080][ T4021]  should_fail_usercopy+0x1a/0x20
[   49.702103][ T4021]  _copy_from_user+0x1c/0xb0
[   49.702128][ T4021]  __sys_bpf+0x183/0x7c0
[   49.702155][ T4021]  __x64_sys_bpf+0x41/0x50
[   49.702187][ T4021]  x64_sys_call+0x2aee/0x3000
[   49.702250][ T4021]  do_syscall_64+0xd2/0x200
[   49.702270][ T4021]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   49.702295][ T4021]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   49.702326][ T4021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.702406][ T4021] RIP: 0033:0x7f27ecdaf6c9
[   49.702423][ T4021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.702438][ T4021] RSP: 002b:00007f27eb80f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   49.702458][ T4021] RAX: ffffffffffffffda RBX: 00007f27ed005fa0 RCX: 00007f27ecdaf6c9
[   49.702471][ T4021] RDX: 0000000000000018 RSI: 00002000000021c0 RDI: 0000000000000007
[   49.702516][ T4021] RBP: 00007f27eb80f090 R08: 0000000000000000 R09: 0000000000000000
[   49.702529][ T4021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.702543][ T4021] R13: 00007f27ed006038 R14: 00007f27ed005fa0 R15: 00007ffdbf97dd48
[   49.702649][ T4021]  </TASK>
[   49.831682][ T4040] loop0: detected capacity change from 0 to 512
[   49.832321][ T4040] EXT4-fs: Invalid want_extra_isize 7
[   49.907284][ T4043] netlink: 56 bytes leftover after parsing attributes in process `syz.1.169'.
[   49.956067][ T4045] netlink: 56 bytes leftover after parsing attributes in process `syz.3.170'.
[   50.079784][ T4051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'.
[   50.080201][ T4051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'.
[   50.139663][ T4053] lo speed is unknown, defaulting to 1000
[   50.198372][ T4057] vlan0: entered allmulticast mode
[   50.263000][ T4057] loop3: detected capacity change from 0 to 512
[   50.330306][ T4057] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #3: comm syz.3.174: corrupted inode contents
[   50.330546][ T4057] EXT4-fs (loop3): Remounting filesystem read-only
[   50.330959][ T4057] EXT4-fs (loop3): 1 truncate cleaned up
[   50.331368][ T4057] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.331440][ T4057] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.331938][ T4057] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.370902][ T4065] loop0: detected capacity change from 0 to 256
[   50.371548][ T4065] vfat: Unknown parameter '��y���6�̪����_�>�0ق3�B���(�6��?^/[{��\SG'O<�TҒ��yc�~k�O`gI$���;�P���~���
����%� [mg�����S����b:	�r`�'
[   50.466177][ T4069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.177'.
[   50.507539][ T4073] netlink: 24 bytes leftover after parsing attributes in process `syz.3.178'.
[   50.547781][ T4076] vlan2: entered allmulticast mode
[   50.610926][ T4076] loop0: detected capacity change from 0 to 512
[   50.673988][ T4076] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.179: corrupted inode contents
[   50.686333][ T4076] EXT4-fs (loop0): Remounting filesystem read-only
[   50.706458][ T4080] loop2: detected capacity change from 0 to 512
[   50.709768][ T4076] EXT4-fs (loop0): 1 truncate cleaned up
[   50.726196][ T4080] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.180: error while reading EA inode 32 err=-116
[   50.739215][ T4076] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.768251][ T4076] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.772759][ T4085] vlan2: entered allmulticast mode
[   50.779200][ T4080] EXT4-fs (loop2): Remounting filesystem read-only
[   50.784491][ T4076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.790406][ T4080] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   50.812331][ T4080] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   50.823110][ T4080] EXT4-fs (loop2): 1 orphan inode deleted
[   50.829247][ T4080] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.888461][ T4086] loop4: detected capacity change from 0 to 512
[   50.897902][ T4088] random: crng reseeded on system resumption
[   50.904228][ T4080] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   50.927039][ T4086] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #3: comm syz.4.182: corrupted inode contents
[   50.957565][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.966737][ T4086] EXT4-fs (loop4): Remounting filesystem read-only
[   50.967377][ T4086] EXT4-fs (loop4): 1 truncate cleaned up
[   50.967941][ T4086] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.968000][ T4086] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.968526][ T4086] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.005955][ T4098] loop2: detected capacity change from 0 to 512
[   51.006446][ T4098] EXT4-fs: Invalid want_extra_isize 7
[   51.085023][ T4097] vlan2: entered allmulticast mode
[   51.142562][ T4102] loop1: detected capacity change from 0 to 512
[   51.175015][ T4102] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.187: corrupted inode contents
[   51.203277][ T4102] EXT4-fs (loop1): Remounting filesystem read-only
[   51.257691][ T4102] EXT4-fs (loop1): 1 truncate cleaned up
[   51.282177][ T4102] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.308964][ T4102] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.322132][ T4102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.411376][ T4111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   51.418880][ T4111] batman_adv: batadv0: Removing interface: batadv_slave_0
[   51.428127][ T4111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   51.435669][ T4111] batman_adv: batadv0: Removing interface: batadv_slave_1
[   51.531738][ T4101] loop9: detected capacity change from 0 to 7
[   51.543269][ T4101] buffer_io_error: 11 callbacks suppressed
[   51.543285][ T4101] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.557688][ T4101] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.565583][ T4101]  loop9: unable to read partition table
[   51.572240][ T4101] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   51.572240][ T4101] 
) failed (rc=-5)
[   51.573195][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.629558][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.662013][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.680792][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.699440][ T3580] Buffer I/O error on dev loop9, logical block 0, async page read
[   51.717755][ T4125] hub 9-0:1.0: USB hub found
[   51.732529][ T4125] hub 9-0:1.0: 8 ports detected
[   51.788383][ T4130] FAULT_INJECTION: forcing a failure.
[   51.788383][ T4130] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   51.801568][ T4130] CPU: 0 UID: 0 PID: 4130 Comm: syz.1.197 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   51.801596][ T4130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   51.801609][ T4130] Call Trace:
[   51.801617][ T4130]  <TASK>
[   51.801625][ T4130]  __dump_stack+0x1d/0x30
[   51.801658][ T4130]  dump_stack_lvl+0xe8/0x140
[   51.801755][ T4130]  dump_stack+0x15/0x1b
[   51.801772][ T4130]  should_fail_ex+0x265/0x280
[   51.801812][ T4130]  should_fail+0xb/0x20
[   51.801844][ T4130]  should_fail_usercopy+0x1a/0x20
[   51.801885][ T4130]  _copy_from_user+0x1c/0xb0
[   51.801910][ T4130]  proc_ioctl_default+0x43/0xa0
[   51.801942][ T4130]  usbdev_ioctl+0xe8b/0x1700
[   51.802027][ T4130]  ? __pfx_usbdev_ioctl+0x10/0x10
[   51.802055][ T4130]  __se_sys_ioctl+0xce/0x140
[   51.802087][ T4130]  __x64_sys_ioctl+0x43/0x50
[   51.802126][ T4130]  x64_sys_call+0x1816/0x3000
[   51.802153][ T4130]  do_syscall_64+0xd2/0x200
[   51.802196][ T4130]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   51.802228][ T4130]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   51.802256][ T4130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.802403][ T4130] RIP: 0033:0x7fbd1be1f6c9
[   51.802422][ T4130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.802442][ T4130] RSP: 002b:00007fbd1a87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   51.802462][ T4130] RAX: ffffffffffffffda RBX: 00007fbd1c075fa0 RCX: 00007fbd1be1f6c9
[   51.802474][ T4130] RDX: 0000200000000000 RSI: 00000000c0105512 RDI: 0000000000000003
[   51.802515][ T4130] RBP: 00007fbd1a87f090 R08: 0000000000000000 R09: 0000000000000000
[   51.802529][ T4130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.802543][ T4130] R13: 00007fbd1c076038 R14: 00007fbd1c075fa0 R15: 00007ffe8bc17428
[   51.802583][ T4130]  </TASK>
[   52.031305][ T4133] vlan2: entered allmulticast mode
[   52.036563][ T4133] gretap0: entered allmulticast mode
[   52.067367][ T4135] siw: device registration error -23
[   52.097998][ T4131] loop9: detected capacity change from 0 to 7
[   52.107166][ T4131] Buffer I/O error on dev loop9, logical block 0, async page read
[   52.115504][ T4131] Buffer I/O error on dev loop9, logical block 0, async page read
[   52.123523][ T4131]  loop9: unable to read partition table
[   52.129377][ T4131] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   52.129377][ T4131] 
) failed (rc=-5)
[   52.141266][ T3306] Buffer I/O error on dev loop9, logical block 0, async page read
[   52.324717][ T4149] loop3: detected capacity change from 0 to 512
[   52.368133][ T4149] EXT4-fs: Invalid want_extra_isize 7
[   52.779909][ T4157] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   52.967560][ T4169] hub 9-0:1.0: USB hub found
[   52.987744][ T4169] hub 9-0:1.0: 8 ports detected
[   53.054682][ T4173] vlan3: entered allmulticast mode
[   53.106396][ T4178] loop1: detected capacity change from 0 to 512
[   53.191845][   T29] kauditd_printk_skb: 307 callbacks suppressed
[   53.191864][   T29] audit: type=1326 audit(1763207106.403:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.221562][   T29] audit: type=1326 audit(1763207106.403:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.245595][   T29] audit: type=1326 audit(1763207106.403:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.268967][   T29] audit: type=1326 audit(1763207106.403:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.292314][   T29] audit: type=1326 audit(1763207106.403:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.315745][   T29] audit: type=1326 audit(1763207106.403:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.339154][   T29] audit: type=1326 audit(1763207106.403:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.362563][   T29] audit: type=1326 audit(1763207106.403:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.386267][   T29] audit: type=1326 audit(1763207106.403:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.409720][   T29] audit: type=1326 audit(1763207106.403:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4179 comm="syz.0.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   53.452642][ T4178] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.213: corrupted inode contents
[   53.464820][ T4185] loop0: detected capacity change from 0 to 2048
[   53.482022][ T4178] EXT4-fs (loop1): Remounting filesystem read-only
[   53.517579][ T4178] EXT4-fs (loop1): 1 truncate cleaned up
[   53.527173][ T4178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.554270][ T4178] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.587234][ T4185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.601850][ T4178] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.652390][ T4185] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.784210][ T4185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   53.837753][ T4185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   53.883428][ T4185] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.215: bg 0: block 345: padding at end of block bitmap is not set
[   53.913604][ T4185] EXT4-fs (loop0): Remounting filesystem read-only
[   53.938536][ T4204] lo speed is unknown, defaulting to 1000
[   54.015970][ T4205] loop9: detected capacity change from 0 to 7
[   54.028589][ T4205]  loop9: unable to read partition table
[   54.035988][ T4208] loop1: detected capacity change from 0 to 8192
[   54.051071][ T4205] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   54.051071][ T4205] 
) failed (rc=-5)
[   54.051228][ T4211] lo speed is unknown, defaulting to 1000
[   54.091918][ T4208] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   54.308139][ T4220] loop4: detected capacity change from 0 to 1024
[   54.329576][ T4220] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   54.339426][ T4220] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   54.356964][ T4220] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   54.370255][ T4220] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: inode #5: comm syz.4.226: unexpected bad inode w/o EXT4_IGET_BAD
[   54.391841][ T4220] EXT4-fs (loop4): no journal found
[   54.397175][ T4220] EXT4-fs (loop4): can't get journal size
[   54.404906][ T4220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   54.467128][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.533047][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.552580][ T4217] loop9: detected capacity change from 0 to 7
[   54.560821][ T4217]  loop9: unable to read partition table
[   54.569092][ T4217] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   54.569092][ T4217] 
) failed (rc=-5)
[   54.685838][ T4239] vlan0: entered allmulticast mode
[   54.752073][ T4239] loop3: detected capacity change from 0 to 512
[   54.781692][ T4239] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #3: comm syz.3.234: corrupted inode contents
[   54.812155][ T4239] EXT4-fs (loop3): Remounting filesystem read-only
[   54.836145][ T4239] EXT4-fs (loop3): 1 truncate cleaned up
[   54.860959][ T4239] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.890805][ T4239] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.909135][ T4239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.965983][ T4250] random: crng reseeded on system resumption
[   55.028239][ T4257] __nla_validate_parse: 10 callbacks suppressed
[   55.028257][ T4257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.239'.
[   55.141045][ T4247] loop9: detected capacity change from 0 to 7
[   55.148251][ T3580]  loop9: unable to read partition table
[   55.167441][ T4255] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   55.192778][ T4247]  loop9: unable to read partition table
[   55.203110][ T4247] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   55.203110][ T4247] 
) failed (rc=-5)
[   55.306029][ T4272] lo speed is unknown, defaulting to 1000
[   55.693470][ T4285] loop1: detected capacity change from 0 to 2048
[   55.716341][ T4285] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096)
[   55.844304][ T4283] loop9: detected capacity change from 0 to 7
[   55.858533][ T3580]  loop9: unable to read partition table
[   56.203326][ T4283]  loop9: unable to read partition table
[   56.309470][ T4283] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   56.309470][ T4283] 
) failed (rc=-5)
[   56.425590][ T4298] netlink: 56 bytes leftover after parsing attributes in process `syz.4.251'.
[   56.527951][ T4299] lo speed is unknown, defaulting to 1000
[   56.650407][ T4299] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   56.662041][ T4299] Cannot find add_set index 0 as target
[   56.763353][ T4304] loop4: detected capacity change from 0 to 512
[   56.913072][ T4303] netlink: 20 bytes leftover after parsing attributes in process `syz.3.253'.
[   56.922011][ T4303] netlink: 20 bytes leftover after parsing attributes in process `syz.3.253'.
[   56.954398][ T4304] EXT4-fs: Invalid want_extra_isize 7
[   56.989015][ T4303] loop3: detected capacity change from 0 to 1024
[   57.008436][ T4303] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   57.019481][ T4303] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   57.047266][ T4303] JBD2: no valid journal superblock found
[   57.053095][ T4303] EXT4-fs (loop3): Could not load journal inode
[   57.095899][ T4303] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   57.167285][ T4314] loop3: detected capacity change from 0 to 512
[   57.200043][ T4314] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.257: error while reading EA inode 32 err=-116
[   57.242431][ T4314] EXT4-fs (loop3): Remounting filesystem read-only
[   57.269165][ T4314] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   57.309414][ T4314] EXT4-fs (loop3): 1 orphan inode deleted
[   57.315636][ T4314] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.352081][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.438777][ T4326] netlink: 156 bytes leftover after parsing attributes in process `syz.3.261'.
[   57.501306][ T4331] netlink: 56 bytes leftover after parsing attributes in process `syz.3.262'.
[   57.576148][ T4306] loop9: detected capacity change from 0 to 7
[   57.582472][ T4306] buffer_io_error: 36 callbacks suppressed
[   57.582487][ T4306] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.596501][ T4306] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.604475][ T4306]  loop9: unable to read partition table
[   57.673031][ T4306] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   57.673031][ T4306] 
) failed (rc=-5)
[   57.748061][ T4340] netlink: 156 bytes leftover after parsing attributes in process `syz.0.265'.
[   57.860681][ T4344] siw: device registration error -23
[   57.945640][ T4323] loop9: detected capacity change from 0 to 7
[   57.958340][ T4323] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.968288][ T4323] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.976178][ T4323]  loop9: unable to read partition table
[   58.001887][ T4323] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   58.001887][ T4323] 
) failed (rc=-5)
[   58.101276][ T4348] loop2: detected capacity change from 0 to 32768
[   58.142208][ T4348]  loop2: p1 p2 p3 < p5 p6 >
[   58.147556][ T4348] loop2: p2 size 16775168 extends beyond EOD, truncated
[   58.155991][ T4348] loop2: p5 start 4294970168 is beyond EOD, truncated
[   58.181475][ T4348] bridge_slave_0: left promiscuous mode
[   58.187357][ T4348] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.195278][ T4360] FAULT_INJECTION: forcing a failure.
[   58.195278][ T4360] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.208462][ T4360] CPU: 0 UID: 0 PID: 4360 Comm: syz.1.270 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.208517][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   58.208529][ T4360] Call Trace:
[   58.208535][ T4360]  <TASK>
[   58.208542][ T4360]  __dump_stack+0x1d/0x30
[   58.208566][ T4360]  dump_stack_lvl+0xe8/0x140
[   58.208588][ T4360]  dump_stack+0x15/0x1b
[   58.208608][ T4360]  should_fail_ex+0x265/0x280
[   58.208651][ T4360]  should_fail+0xb/0x20
[   58.208668][ T4360]  should_fail_usercopy+0x1a/0x20
[   58.208682][ T4360]  _copy_to_user+0x20/0xa0
[   58.208702][ T4360]  simple_read_from_buffer+0xb5/0x130
[   58.208733][ T4360]  proc_fail_nth_read+0x10e/0x150
[   58.208764][ T4360]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   58.208898][ T4360]  vfs_read+0x1a8/0x770
[   58.208994][ T4360]  ? __rcu_read_unlock+0x4f/0x70
[   58.209010][ T4360]  ? __fget_files+0x184/0x1c0
[   58.209058][ T4360]  ksys_read+0xda/0x1a0
[   58.209074][ T4360]  __x64_sys_read+0x40/0x50
[   58.209092][ T4360]  x64_sys_call+0x27c0/0x3000
[   58.209106][ T4360]  do_syscall_64+0xd2/0x200
[   58.209126][ T4360]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   58.209222][ T4360]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.209236][ T4360] RIP: 0033:0x7fbd1be1e0dc
[   58.209248][ T4360] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   58.209270][ T4360] RSP: 002b:00007fbd1a83d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   58.209285][ T4360] RAX: ffffffffffffffda RBX: 00007fbd1c076180 RCX: 00007fbd1be1e0dc
[   58.209294][ T4360] RDX: 000000000000000f RSI: 00007fbd1a83d0a0 RDI: 0000000000000006
[   58.209302][ T4360] RBP: 00007fbd1a83d090 R08: 0000000000000000 R09: 0000000000000000
[   58.209382][ T4360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.209390][ T4360] R13: 00007fbd1c076218 R14: 00007fbd1c076180 R15: 00007ffe8bc17428
[   58.209402][ T4360]  </TASK>
[   58.210978][ T4348] bridge_slave_1: left allmulticast mode
[   58.250171][ T4363] loop9: detected capacity change from 0 to 7
[   58.250524][ T4348] bridge_slave_1: left promiscuous mode
[   58.269905][ T4363] Buffer I/O error on dev loop9, logical block 0, async page read
[   58.275341][ T4348] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.287614][ T4364] loop1: detected capacity change from 0 to 128
[   58.291762][ T4363] Buffer I/O error on dev loop9, logical block 0, async page read
[   58.451384][ T4363]  loop9: unable to read partition table
[   58.482786][ T4348] bond0: (slave bond_slave_0): Releasing backup interface
[   58.513458][ T4348] bond0: (slave bond_slave_1): Releasing backup interface
[   58.527883][ T4348] team0: Port device team_slave_0 removed
[   58.537841][ T4348] team0: Port device team_slave_1 removed
[   58.547978][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.555459][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_0
[   58.588567][ T4348] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   58.596339][ T4348] batman_adv: batadv0: Removing interface: batadv_slave_1
[   58.614836][ T4363] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   58.614836][ T4363] 
) failed (rc=-5)
[   58.681059][ T4371] loop0: detected capacity change from 0 to 512
[   58.724166][ T4371] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.273: corrupted inode contents
[   58.751597][ T4371] EXT4-fs (loop0): Remounting filesystem read-only
[   58.782885][ T4371] __quota_error: 280 callbacks suppressed
[   58.782906][ T4371] Quota error (device loop0): write_blk: dquota write failed
[   58.840974][ T4371] Quota error (device loop0): qtree_write_dquot: Error -30 occurred while creating quota
[   58.875879][ T4370] vlan2: entered allmulticast mode
[   58.892330][ T4371] EXT4-fs (loop0): 1 truncate cleaned up
[   58.913295][ T4371] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   58.927891][   T29] audit: type=1326 audit(1763207112.143:1730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   58.951365][   T29] audit: type=1326 audit(1763207112.143:1731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.016535][ T4371] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.056394][ T4371] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.077867][   T29] audit: type=1326 audit(1763207112.193:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.101235][   T29] audit: type=1326 audit(1763207112.193:1733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.124787][   T29] audit: type=1326 audit(1763207112.193:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.129474][ T4386] loop3: detected capacity change from 0 to 2048
[   59.148648][   T29] audit: type=1326 audit(1763207112.193:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.179017][   T29] audit: type=1326 audit(1763207112.193:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.202502][   T29] audit: type=1326 audit(1763207112.193:1737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4383 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ecdaf6c9 code=0x7ffc0000
[   59.282623][ T4386] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.341910][ T4386] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.440512][ T4398] loop0: detected capacity change from 0 to 2048
[   59.447702][ T4386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.502494][ T4403] loop1: detected capacity change from 0 to 2048
[   59.535725][ T4386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.561969][ T4398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.580893][ T4398] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.593427][ T4403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.618017][ T4403] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.642002][ T4386] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.277: bg 0: block 345: padding at end of block bitmap is not set
[   59.656480][ T4394] loop9: detected capacity change from 0 to 7
[   59.664414][ T4394] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.691640][ T4398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.704588][ T4398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.718209][ T4386] EXT4-fs (loop3): Remounting filesystem read-only
[   59.731864][ T4394] Buffer I/O error on dev loop9, logical block 0, async page read
[   59.739874][ T4394]  loop9: unable to read partition table
[   59.745630][ T4394] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   59.745630][ T4394] 
) failed (rc=-5)
[   59.746466][ T4403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.767524][ T4398] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.281: bg 0: block 345: padding at end of block bitmap is not set
[   59.801926][ T4403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.840358][ T4398] EXT4-fs (loop0): Remounting filesystem read-only
[   59.968592][ T4403] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.282: bg 0: block 345: padding at end of block bitmap is not set
[   60.003290][ T4422] lo speed is unknown, defaulting to 1000
[   60.042550][ T4425] loop2: detected capacity change from 0 to 2048
[   60.076722][ T4425] EXT4-fs (loop2): cluster size (2048) smaller than block size (4096)
[   60.092536][ T4428] netlink: 20 bytes leftover after parsing attributes in process `syz.4.288'.
[   60.101468][ T4428] netlink: 20 bytes leftover after parsing attributes in process `syz.4.288'.
[   60.122013][ T4403] EXT4-fs (loop1): Remounting filesystem read-only
[   60.154565][ T4430] loop4: detected capacity change from 0 to 1024
[   60.161885][ T4430] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   60.172804][ T4430] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   60.213748][ T4430] JBD2: no valid journal superblock found
[   60.219692][ T4430] EXT4-fs (loop4): Could not load journal inode
[   60.311291][ T4428] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   60.425698][ T4432] lo speed is unknown, defaulting to 1000
[   60.685794][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.801181][ T4436] lo speed is unknown, defaulting to 1000
[   60.853526][ T4436] Cannot find add_set index 0 as target
[   61.071677][ T4439] netlink: 156 bytes leftover after parsing attributes in process `syz.3.290'.
[   61.100484][ T4443] loop4: detected capacity change from 0 to 512
[   61.109372][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.145866][ T4439] siw: device registration error -23
[   61.157987][ T4443] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.185317][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.214149][ T4443] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.354743][ T4456] netlink: 20 bytes leftover after parsing attributes in process `syz.2.296'.
[   61.363805][ T4456] netlink: 20 bytes leftover after parsing attributes in process `syz.2.296'.
[   61.411844][ T4458] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   61.641878][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.746768][ T4479] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   61.844544][ T4482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.303'.
[   61.855089][ T4488] siw: device registration error -23
[   61.879741][ T4492] netlink: 32 bytes leftover after parsing attributes in process `syz.4.307'.
[   61.922833][   T52] Bluetooth: hci0: Frame reassembly failed (-84)
[   62.015358][ T4508] loop3: detected capacity change from 0 to 512
[   62.022724][ T4508] EXT4-fs: Invalid want_extra_isize 7
[   62.116491][ T4512] vlan2: entered allmulticast mode
[   62.169258][ T4515] loop0: detected capacity change from 0 to 512
[   62.184166][ T4515] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.315: corrupted inode contents
[   62.212541][ T4515] EXT4-fs (loop0): Remounting filesystem read-only
[   62.239684][ T4515] EXT4-fs (loop0): 1 truncate cleaned up
[   62.254599][ T4515] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.267293][ T4515] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.279288][ T4515] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.537791][ T4530] loop0: detected capacity change from 0 to 512
[   62.582862][ T4530] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.321: error while reading EA inode 32 err=-116
[   62.615503][ T4530] EXT4-fs (loop0): Remounting filesystem read-only
[   62.634331][ T4530] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   62.667254][ T4530] EXT4-fs (loop0): 1 orphan inode deleted
[   62.677849][ T4530] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   62.763208][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.820659][ T4538] loop2: detected capacity change from 0 to 1024
[   62.827805][ T4538] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   62.838851][ T4538] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   62.850019][ T4523] loop9: detected capacity change from 0 to 7
[   62.856374][ T4523] Buffer I/O error on dev loop9, logical block 0, async page read
[   62.860596][ T4538] JBD2: no valid journal superblock found
[   62.864338][ T4523] Buffer I/O error on dev loop9, logical block 0, async page read
[   62.870097][ T4538] EXT4-fs (loop2): Could not load journal inode
[   62.877924][ T4523]  loop9: unable to read partition table
[   62.879269][ T4523] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   62.879269][ T4523] 
) failed (rc=-5)
[   62.927572][ T4538] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   62.965412][ T4547] vlan2: entered allmulticast mode
[   62.976061][ T4551] netlink: 20 bytes leftover after parsing attributes in process `syz.3.328'.
[   62.985034][ T4551] netlink: 20 bytes leftover after parsing attributes in process `syz.3.328'.
[   63.005816][ T4551] loop3: detected capacity change from 0 to 1024
[   63.016484][ T4551] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   63.016514][ T4551] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   63.017163][ T4551] JBD2: no valid journal superblock found
[   63.017182][ T4551] EXT4-fs (loop3): Could not load journal inode
[   63.022293][ T4547] loop0: detected capacity change from 0 to 512
[   63.023127][ T4551] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   63.025098][ T4555] netlink: 20 bytes leftover after parsing attributes in process `syz.1.330'.
[   63.045187][ T4547] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.326: corrupted inode contents
[   63.071973][ T4561] loop1: detected capacity change from 0 to 1024
[   63.076218][ T4547] EXT4-fs (loop0): Remounting filesystem read-only
[   63.097134][ T4561] EXT4-fs: Ignoring removed orlov option
[   63.103585][ T4547] EXT4-fs (loop0): 1 truncate cleaned up
[   63.121306][ T4547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.121406][ T4547] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.121906][ T4547] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.145789][ T4561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.191004][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.217189][ T4565] loop2: detected capacity change from 0 to 512
[   63.244401][ T4569] loop3: detected capacity change from 0 to 2048
[   63.253344][ T4569] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   63.264982][ T4565] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.334: error while reading EA inode 32 err=-116
[   63.303229][ T4565] EXT4-fs (loop2): Remounting filesystem read-only
[   63.323351][ T4576] loop1: detected capacity change from 0 to 1024
[   63.329829][ T4565] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   63.341326][ T4576] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   63.352492][ T4576] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   63.366673][ T4565] EXT4-fs (loop2): 1 orphan inode deleted
[   63.375579][ T4576] JBD2: no valid journal superblock found
[   63.381371][ T4576] EXT4-fs (loop1): Could not load journal inode
[   63.397799][ T4565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.240008][ T3556] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   64.246212][ T3507] Bluetooth: hci0: command 0x1003 tx timeout
[   64.261830][ T4565] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   64.285237][ T4578] lo speed is unknown, defaulting to 1000
[   64.324007][ T4576] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   64.334556][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.408380][  T316] Bluetooth: hci0: Frame reassembly failed (-84)
[   64.433219][   T29] kauditd_printk_skb: 263 callbacks suppressed
[   64.433236][   T29] audit: type=1326 audit(1763207117.653:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.509676][   T29] audit: type=1326 audit(1763207117.723:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.523433][ T4607] loop3: detected capacity change from 0 to 2048
[   64.533117][   T29] audit: type=1326 audit(1763207117.723:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.563524][   T29] audit: type=1326 audit(1763207117.723:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.586905][   T29] audit: type=1326 audit(1763207117.723:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.610287][   T29] audit: type=1326 audit(1763207117.723:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.630376][ T4607] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   64.633622][   T29] audit: type=1326 audit(1763207117.723:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.664628][ T4611] loop4: detected capacity change from 0 to 2048
[   64.665288][   T29] audit: type=1326 audit(1763207117.723:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.695098][   T29] audit: type=1326 audit(1763207117.723:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.718509][   T29] audit: type=1326 audit(1763207117.723:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4602 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fbd1be1f6c9 code=0x7ffc0000
[   64.844121][ T4611] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.856377][ T4611] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.368074][ T4611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.670465][ T4611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.730209][ T4627] loop3: detected capacity change from 0 to 1024
[   65.745190][ T4623] loop0: detected capacity change from 0 to 2048
[   65.751960][ T4611] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.351: bg 0: block 345: padding at end of block bitmap is not set
[   65.752040][ T4627] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   65.777336][ T4627] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   65.789947][ T4623] EXT4-fs (loop0): cluster size (2048) smaller than block size (4096)
[   65.801856][ T4611] EXT4-fs (loop4): Remounting filesystem read-only
[   65.908618][ T4627] JBD2: no valid journal superblock found
[   65.914476][ T4627] EXT4-fs (loop3): Could not load journal inode
[   65.936118][ T4627] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   66.020942][ T4629] lo speed is unknown, defaulting to 1000
[   66.230467][ T4639] loop3: detected capacity change from 0 to 2048
[   66.301273][ T4639] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   66.431829][ T3507] Bluetooth: hci0: command 0x1003 tx timeout
[   66.437920][ T3556] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   66.575674][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.612612][ T4646] loop9: detected capacity change from 0 to 7
[   66.630107][ T4646] Buffer I/O error on dev loop9, logical block 0, async page read
[   66.737413][ T4646] Buffer I/O error on dev loop9, logical block 0, async page read
[   66.745534][ T4646]  loop9: unable to read partition table
[   66.870726][ T4646] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   66.870726][ T4646] 
) failed (rc=-5)
[   67.004078][ T4653] __nla_validate_parse: 3 callbacks suppressed
[   67.004096][ T4653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.363'.
[   67.022722][ T4658] loop1: detected capacity change from 0 to 512
[   67.032372][ T4660] loop9: detected capacity change from 0 to 7
[   67.039420][ T4658] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.365: error while reading EA inode 32 err=-116
[   67.101508][ T4660] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.122806][ T4663] loop3: detected capacity change from 0 to 512
[   67.135040][ T4658] EXT4-fs (loop1): Remounting filesystem read-only
[   67.143971][ T4663] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.367: error while reading EA inode 32 err=-116
[   67.156708][ T4660] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.164572][ T4660]  loop9: unable to read partition table
[   67.170604][ T4658] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   67.180984][ T4658] EXT4-fs (loop1): 1 orphan inode deleted
[   67.187313][ T4658] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.199492][ T4660] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   67.199492][ T4660] 
) failed (rc=-5)
[   67.233497][ T4663] EXT4-fs (loop3): Remounting filesystem read-only
[   67.240206][ T4663] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   67.250523][ T4663] EXT4-fs (loop3): 1 orphan inode deleted
[   67.256965][ T4663] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.269346][ T4658] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   67.286265][ T4670] netlink: 20 bytes leftover after parsing attributes in process `syz.0.369'.
[   67.298094][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.307770][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.334044][ T4674] netlink: 32 bytes leftover after parsing attributes in process `syz.3.371'.
[   67.351640][ T4676] loop0: detected capacity change from 0 to 512
[   67.362119][   T37] Bluetooth: hci0: Frame reassembly failed (-84)
[   67.379523][ T4676] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.374: error while reading EA inode 32 err=-116
[   67.392980][ T4676] EXT4-fs (loop0): Remounting filesystem read-only
[   67.399638][ T4676] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   67.410058][ T4676] EXT4-fs (loop0): 1 orphan inode deleted
[   67.416409][ T4676] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.442738][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.490447][ T4688] random: crng reseeded on system resumption
[   67.523202][ T4693] loop0: detected capacity change from 0 to 512
[   67.529906][ T4691] loop2: detected capacity change from 0 to 2048
[   67.531710][ T4693] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.379: error while reading EA inode 32 err=-116
[   67.549381][ T4693] EXT4-fs (loop0): Remounting filesystem read-only
[   67.549456][ T4691] EXT4-fs (loop2): cluster size (2048) smaller than block size (4096)
[   67.556834][ T4693] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   67.566452][ T4684] loop9: detected capacity change from 0 to 7
[   67.575025][ T4693] EXT4-fs (loop0): 1 orphan inode deleted
[   67.587287][ T4684] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.590745][ T4693] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.595280][ T4684] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.615073][ T4684]  loop9: unable to read partition table
[   67.644021][ T4684] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   67.644021][ T4684] 
) failed (rc=-5)
[   67.658884][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.712280][ T4697] loop0: detected capacity change from 0 to 512
[   67.718843][ T4697] EXT4-fs: Invalid want_extra_isize 7
[   68.247638][ T4700] siw: device registration error -23
[   68.299614][ T4706] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.478556][ T4714] vlan2: entered allmulticast mode
[   68.527160][ T4719] loop2: detected capacity change from 0 to 512
[   68.536873][ T4720] Illegal XDP return value 4294967274 on prog  (id 311) dev N/A, expect packet loss!
[   68.543848][ T4719] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #3: comm syz.2.386: corrupted inode contents
[   68.558294][ T4719] EXT4-fs (loop2): Remounting filesystem read-only
[   68.566071][ T4719] EXT4-fs (loop2): 1 truncate cleaned up
[   68.573232][ T4719] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.586373][ T4719] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.597249][ T4719] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.644215][ T4724] loop4: detected capacity change from 0 to 2048
[   68.664308][ T4724] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.683526][ T4731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.391'.
[   68.716920][ T4724] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.917053][ T4724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.943946][ T4724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.999721][ T4724] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.387: bg 0: block 345: padding at end of block bitmap is not set
[   69.028179][ T4724] EXT4-fs (loop4): Remounting filesystem read-only
[   69.137356][ T4741] random: crng reseeded on system resumption
[   69.152770][ T4738] loop9: detected capacity change from 0 to 7
[   69.159091][ T4738] Buffer I/O error on dev loop9, logical block 0, async page read
[   69.167016][ T4738] Buffer I/O error on dev loop9, logical block 0, async page read
[   69.175203][ T4738]  loop9: unable to read partition table
[   69.191939][ T4738] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   69.191939][ T4738] 
) failed (rc=-5)
[   69.237056][ T4745] loop1: detected capacity change from 0 to 2048
[   69.244211][ T4745] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096)
[   69.391836][ T3556] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   69.662395][ T4756] loop0: detected capacity change from 0 to 2048
[   69.670867][ T4756] EXT4-fs (loop0): cluster size (2048) smaller than block size (4096)
[   69.802054][ T4758] loop3: detected capacity change from 0 to 1024
[   69.819361][   T29] kauditd_printk_skb: 302 callbacks suppressed
[   69.819380][   T29] audit: type=1326 audit(1763207123.033:2307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.849019][   T29] audit: type=1326 audit(1763207123.033:2308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.872430][   T29] audit: type=1326 audit(1763207123.033:2309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.885488][ T4758] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   69.896099][   T29] audit: type=1326 audit(1763207123.033:2310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.906901][ T4758] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   69.930312][   T29] audit: type=1326 audit(1763207123.033:2311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.943080][ T4760] xt_CT: No such helper "snmp_trap"
[   69.964996][   T29] audit: type=1326 audit(1763207123.033:2312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.992053][   T29] audit: type=1326 audit(1763207123.033:2313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   69.992915][ T4758] JBD2: no valid journal superblock found
[   70.015442][   T29] audit: type=1326 audit(1763207123.033:2314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   70.015489][   T29] audit: type=1326 audit(1763207123.073:2315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   70.021217][ T4758] EXT4-fs (loop3): Could not load journal inode
[   70.049571][   T29] audit: type=1326 audit(1763207123.103:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4759 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbbb28f6c9 code=0x7ffc0000
[   70.183828][ T4758] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   70.244333][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.290359][ T4768] netlink: 24 bytes leftover after parsing attributes in process `syz.2.401'.
[   70.629220][ T4781] siw: device registration error -23
[   70.711005][ T4785] random: crng reseeded on system resumption
[   70.820010][ T4791] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   70.878489][ T4797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.408'.
[   70.945847][ T4806] FAULT_INJECTION: forcing a failure.
[   70.945847][ T4806] name failslab, interval 1, probability 0, space 0, times 0
[   70.958617][ T4806] CPU: 0 UID: 0 PID: 4806 Comm: syz.2.413 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.958678][ T4806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   70.958691][ T4806] Call Trace:
[   70.958697][ T4806]  <TASK>
[   70.958705][ T4806]  __dump_stack+0x1d/0x30
[   70.958730][ T4806]  dump_stack_lvl+0xe8/0x140
[   70.958750][ T4806]  dump_stack+0x15/0x1b
[   70.958789][ T4806]  should_fail_ex+0x265/0x280
[   70.958822][ T4806]  should_failslab+0x8c/0xb0
[   70.958894][ T4806]  __kmalloc_noprof+0xa5/0x570
[   70.958924][ T4806]  ? usb_alloc_urb+0x42/0xc0
[   70.958955][ T4806]  usb_alloc_urb+0x42/0xc0
[   70.959024][ T4806]  do_proc_control+0x1a8/0x8b0
[   70.959056][ T4806]  ? should_fail_ex+0xdb/0x280
[   70.959109][ T4806]  proc_control_compat+0xae/0xe0
[   70.959141][ T4806]  usbdev_ioctl+0xed5/0x1700
[   70.959185][ T4806]  ? __pfx_usbdev_ioctl+0x10/0x10
[   70.959215][ T4806]  __se_sys_ioctl+0xce/0x140
[   70.959311][ T4806]  __x64_sys_ioctl+0x43/0x50
[   70.959449][ T4806]  x64_sys_call+0x1816/0x3000
[   70.959473][ T4806]  do_syscall_64+0xd2/0x200
[   70.959494][ T4806]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.959530][ T4806]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   70.959641][ T4806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.959665][ T4806] RIP: 0033:0x7ffbbb28f6c9
[   70.959682][ T4806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.959702][ T4806] RSP: 002b:00007ffbb9cef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.959724][ T4806] RAX: ffffffffffffffda RBX: 00007ffbbb4e5fa0 RCX: 00007ffbbb28f6c9
[   70.959737][ T4806] RDX: 0000200000000140 RSI: 00000000c0105500 RDI: 0000000000000003
[   70.959752][ T4806] RBP: 00007ffbb9cef090 R08: 0000000000000000 R09: 0000000000000000
[   70.959765][ T4806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.959777][ T4806] R13: 00007ffbbb4e6038 R14: 00007ffbbb4e5fa0 R15: 00007ffdef39c118
[   70.959797][ T4806]  </TASK>
[   70.970014][ T4802] vlan0: entered allmulticast mode
[   70.975239][ T4808] loop4: detected capacity change from 0 to 512
[   71.079864][ T4811] loop3: detected capacity change from 0 to 512
[   71.086137][ T4808] EXT4-fs: Invalid want_extra_isize 7
[   71.225836][ T4811] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #3: comm syz.3.412: corrupted inode contents
[   71.242905][ T4811] EXT4-fs (loop3): Remounting filesystem read-only
[   71.267612][ T4811] EXT4-fs (loop3): 1 truncate cleaned up
[   71.282453][ T4811] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.300934][ T4818] loop0: detected capacity change from 0 to 2048
[   71.307465][ T4811] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.319025][ T4818] EXT4-fs (loop0): cluster size (2048) smaller than block size (4096)
[   71.343633][ T4811] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.377599][ T4822] loop1: detected capacity change from 0 to 2048
[   71.427386][ T4822] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096)
[   71.599432][ T4825] Cannot find add_set index 0 as target
[   72.449133][ T4827] lo speed is unknown, defaulting to 1000
[   72.493458][ T4827] Cannot find add_set index 0 as target
[   72.540040][ T4835] netlink: 156 bytes leftover after parsing attributes in process `syz.3.420'.
[   72.596223][ T4835] siw: device registration error -23
[   72.703323][ T4850] loop1: detected capacity change from 0 to 512
[   72.709867][ T4847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'.
[   72.719536][ T4850] EXT4-fs: Invalid want_extra_isize 7
[   72.733185][ T4852] random: crng reseeded on system resumption
[   72.790700][ T4854] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   72.936223][ T4859] loop3: detected capacity change from 0 to 1024
[   72.952860][ T4862] random: crng reseeded on system resumption
[   72.962875][ T4859] EXT4-fs: Ignoring removed orlov option
[   72.982887][ T4859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.013302][ T4869] netlink: 56 bytes leftover after parsing attributes in process `syz.4.431'.
[   73.053994][ T4871] loop4: detected capacity change from 0 to 2048
[   73.061478][ T4871] EXT4-fs (loop4): cluster size (2048) smaller than block size (4096)
[   73.282249][ T4877] Cannot find add_set index 0 as target
[   73.427631][ T4879] loop2: detected capacity change from 0 to 512
[   73.659584][ T4879] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.433: error while reading EA inode 32 err=-116
[   73.682019][ T4879] EXT4-fs (loop2): Remounting filesystem read-only
[   73.691129][ T4879] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   73.723069][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.735531][ T4879] EXT4-fs (loop2): 1 orphan inode deleted
[   73.743385][ T4879] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.770461][ T4892] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   73.780840][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.826375][ T4896] loop2: detected capacity change from 0 to 2048
[   73.836488][ T4896] EXT4-fs (loop2): cluster size (2048) smaller than block size (4096)
[   73.929297][ T4889] loop9: detected capacity change from 0 to 7
[   73.953880][ T4889] Buffer I/O error on dev loop9, logical block 0, async page read
[   73.966108][ T4889] Buffer I/O error on dev loop9, logical block 0, async page read
[   73.974005][ T4889]  loop9: unable to read partition table
[   73.994250][ T4889] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   73.994250][ T4889] 
) failed (rc=-5)
[   74.012440][ T4902] netlink: 56 bytes leftover after parsing attributes in process `syz.3.442'.
[   74.117137][ T4906] loop3: detected capacity change from 0 to 2048
[   74.125116][ T4906] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   74.164983][ T4907] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   74.486430][ T4910] netlink: 20 bytes leftover after parsing attributes in process `syz.1.444'.
[   74.495546][ T4910] netlink: 20 bytes leftover after parsing attributes in process `syz.1.444'.
[   74.535398][ T4913] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   74.545593][ T4914] loop1: detected capacity change from 0 to 512
[   74.552425][ T4914] EXT4-fs: Invalid want_extra_isize 7
[   74.894663][ T4922] loop2: detected capacity change from 0 to 1024
[   75.122302][ T4922] EXT4-fs: Ignoring removed orlov option
[   75.306884][ T4922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.517302][ T4931] lo speed is unknown, defaulting to 1000
[   75.747632][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.809526][ T4940] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[   75.817789][ T4940] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[   75.911341][ T4942] loop2: detected capacity change from 0 to 512
[   75.933089][ T4942] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.453: error while reading EA inode 32 err=-116
[   75.949480][ T4920] loop9: detected capacity change from 0 to 7
[   75.956041][ T4920] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.964238][ T4942] EXT4-fs (loop2): Remounting filesystem read-only
[   75.970924][ T4920] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.978792][ T4920]  loop9: unable to read partition table
[   75.992829][ T4942] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   76.003013][ T4920] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   76.003013][ T4920] 
) failed (rc=-5)
[   76.016290][ T4942] EXT4-fs (loop2): 1 orphan inode deleted
[   76.032288][ T4942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.093418][ T4948] loop3: detected capacity change from 0 to 2048
[   76.122585][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.142044][ T4948] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   76.256721][   T29] kauditd_printk_skb: 247 callbacks suppressed
[   76.256739][   T29] audit: type=1326 audit(1763207129.473:2562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.337225][   T29] audit: type=1326 audit(1763207129.493:2563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fba176062b7 code=0x7ffc0000
[   76.360776][   T29] audit: type=1326 audit(1763207129.493:2564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fba17606316 code=0x7ffc0000
[   76.384076][   T29] audit: type=1326 audit(1763207129.493:2565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fba1764f2cb code=0x7ffc0000
[   76.407489][   T29] audit: type=1326 audit(1763207129.493:2566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.430832][   T29] audit: type=1326 audit(1763207129.493:2567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.454348][   T29] audit: type=1326 audit(1763207129.493:2568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.477841][   T29] audit: type=1326 audit(1763207129.513:2569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.501241][   T29] audit: type=1326 audit(1763207129.513:2570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.524620][   T29] audit: type=1326 audit(1763207129.513:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4951 comm="syz.0.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba1764f6c9 code=0x7ffc0000
[   76.550596][ T4953] netlink: 4 bytes leftover after parsing attributes in process `syz.0.457'.
[   76.664704][ T4959] loop9: detected capacity change from 0 to 7
[   76.671004][ T4959] Buffer I/O error on dev loop9, logical block 0, async page read
[   76.685485][ T4959] Buffer I/O error on dev loop9, logical block 0, async page read
[   76.693370][ T4959]  loop9: unable to read partition table
[   76.734562][ T4959] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   76.734562][ T4959] 
) failed (rc=-5)
[   76.953373][ T4964] loop1: detected capacity change from 0 to 512
[   76.967873][ T4964] EXT4-fs: Invalid want_extra_isize 7
[   77.102221][ T4969] netlink: 156 bytes leftover after parsing attributes in process `syz.0.461'.
[   77.157619][ T4969] siw: device registration error -23
[   77.190305][ T4976] loop3: detected capacity change from 0 to 2048
[   77.213788][ T4976] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   77.275854][ T4983] loop0: detected capacity change from 0 to 2048
[   77.283065][ T4983] EXT4-fs (loop0): cluster size (2048) smaller than block size (4096)
[   77.363212][ T4985] loop2: detected capacity change from 0 to 512
[   77.383255][ T4985] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.468: error while reading EA inode 32 err=-116
[   77.544261][ T4989] lo speed is unknown, defaulting to 1000
[   77.574252][ T4989] SET target dimension over the limit!
[   78.311329][ T4991] Cannot find add_set index 0 as target
[   78.320689][ T4985] EXT4-fs (loop2): Remounting filesystem read-only
[   78.327318][ T4985] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   78.338549][ T4985] EXT4-fs (loop2): 1 orphan inode deleted
[   78.372203][ T4985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.559112][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.643340][ T5001] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   78.938193][ T5012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.475'.
[   78.949221][ T5012] ip6gre1: entered allmulticast mode
[   78.958187][ T5012] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[   78.966463][ T5012] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[   79.094716][ T4996] loop9: detected capacity change from 0 to 7
[   79.101038][ T4996] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.109244][ T4996] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.117171][ T4996]  loop9: unable to read partition table
[   79.123004][ T4996] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   79.123004][ T4996] 
) failed (rc=-5)
[   79.162093][ T5026] netlink: 56 bytes leftover after parsing attributes in process `syz.1.481'.
[   79.181389][ T5024] netlink: 32 bytes leftover after parsing attributes in process `syz.0.480'.
[   79.192080][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   79.204250][ T5017] loop9: detected capacity change from 0 to 7
[   79.210482][ T5017] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.218527][ T5017] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.226473][ T5017]  loop9: unable to read partition table
[   79.237875][ T5017] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   79.237875][ T5017] 
) failed (rc=-5)
[   79.283461][ T5030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.483'.
[   79.345722][ T5035] vlan0: entered allmulticast mode
[   79.406875][ T5035] loop3: detected capacity change from 0 to 512
[   79.444067][ T5035] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #3: comm syz.3.484: corrupted inode contents
[   79.467881][ T5035] EXT4-fs (loop3): Remounting filesystem read-only
[   79.475371][ T5035] EXT4-fs (loop3): 1 truncate cleaned up
[   79.484264][ T5035] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.497142][ T5035] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.509265][ T5035] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.531413][ T5037] 9pnet: Could not find request transport: fd(rfdno=0x0000000000000006
[   79.630974][ T5049] loop3: detected capacity change from 0 to 2048
[   79.654888][ T5049] EXT4-fs (loop3): cluster size (2048) smaller than block size (4096)
[   79.949288][ T5061] netlink: 32 bytes leftover after parsing attributes in process `syz.2.492'.
[   79.963146][ T5062] loop9: detected capacity change from 0 to 7
[   79.982532][ T5062] Buffer I/O error on dev loop9, logical block 0, async page read
[   80.111206][ T5062] Buffer I/O error on dev loop9, logical block 0, async page read
[   80.119126][ T5062]  loop9: unable to read partition table
[   80.180807][ T5065] netlink: 56 bytes leftover after parsing attributes in process `syz.2.493'.
[   80.264076][ T5062] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   80.264076][ T5062] 
) failed (rc=-5)
[   80.306809][ T5067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.494'.
[   80.334210][ T5073] loop2: detected capacity change from 0 to 512
[   80.342921][ T5075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.497'.
[   80.342989][ T5073] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.496: error while reading EA inode 32 err=-116
[   80.354273][ T5075] ip6gre1: entered allmulticast mode
[   80.364503][ T5073] EXT4-fs (loop2): Remounting filesystem read-only
[   80.377112][ T5073] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   80.395905][ T5073] EXT4-fs (loop2): 1 orphan inode deleted
[   80.402082][ T5073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.488077][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.509490][ T5080] ==================================================================
[   80.517626][ T5080] BUG: KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
[   80.526619][ T5080] 
[   80.528967][ T5080] read to 0xffff88811ae1dc20 of 4 bytes by task 5079 on cpu 0:
[   80.536518][ T5080]  selinux_inode_permission+0x334/0x740
[   80.542084][ T5080]  security_inode_permission+0x6d/0xb0
[   80.547550][ T5080]  inode_permission+0x106/0x310
[   80.552497][ T5080]  link_path_walk+0x162/0x900
[   80.557214][ T5080]  path_openat+0x1de/0x2170
[   80.561725][ T5080]  do_filp_open+0x109/0x230
[   80.566229][ T5080]  io_openat2+0x272/0x390
[   80.570568][ T5080]  io_openat+0x1b/0x30
[   80.574647][ T5080]  __io_issue_sqe+0xfe/0x2e0
[   80.579248][ T5080]  io_issue_sqe+0x56/0xa80
[   80.583674][ T5080]  io_submit_sqes+0x675/0x1060
[   80.588452][ T5080]  __se_sys_io_uring_enter+0x1c1/0x1b70
[   80.594010][ T5080]  __x64_sys_io_uring_enter+0x78/0x90
[   80.599400][ T5080]  x64_sys_call+0x2df0/0x3000
[   80.604082][ T5080]  do_syscall_64+0xd2/0x200
[   80.608643][ T5080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.614546][ T5080] 
[   80.616900][ T5080] write to 0xffff88811ae1dc20 of 4 bytes by task 5080 on cpu 1:
[   80.624549][ T5080]  selinux_inode_permission+0x3ac/0x740
[   80.630205][ T5080]  security_inode_permission+0x6d/0xb0
[   80.635685][ T5080]  inode_permission+0x106/0x310
[   80.640562][ T5080]  link_path_walk+0x162/0x900
[   80.645264][ T5080]  path_openat+0x1de/0x2170
[   80.649772][ T5080]  do_filp_open+0x109/0x230
[   80.654280][ T5080]  io_openat2+0x272/0x390
[   80.658614][ T5080]  io_openat+0x1b/0x30
[   80.662685][ T5080]  __io_issue_sqe+0xfe/0x2e0
[   80.667292][ T5080]  io_issue_sqe+0x56/0xa80
[   80.671714][ T5080]  io_wq_submit_work+0x3f7/0x5f0
[   80.676665][ T5080]  io_worker_handle_work+0x44e/0x9b0
[   80.681958][ T5080]  io_wq_worker+0x22e/0x860
[   80.686474][ T5080]  ret_from_fork+0x122/0x1b0
[   80.691068][ T5080]  ret_from_fork_asm+0x1a/0x30
[   80.695866][ T5080] 
[   80.698188][ T5080] value changed: 0x00000000 -> 0x00000001
[   80.703899][ T5080] 
[   80.706224][ T5080] Reported by Kernel Concurrency Sanitizer on:
[   80.712369][ T5080] CPU: 1 UID: 0 PID: 5080 Comm: iou-wrk-5079 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   80.722262][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   80.732321][ T5080] ==================================================================
[   80.835344][ T5086] mmap: syz.3.500 (5086) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   81.231846][ T3556] Bluetooth: hci0: command 0x1003 tx timeout
[   81.231850][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110