last executing test programs:

4m37.070331655s ago: executing program 4 (id=5):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xffd}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000003c0)={'gretap0\x00', &(0x7f0000000200)={'syztnl0\x00', <r4=>0x0, 0x8, 0x40, 0x900, 0x2, {{0x3b, 0x4, 0x2, 0x1, 0xec, 0x68, 0x0, 0x5, 0x2f, 0x0, @local, @loopback, {[@ssrr={0x89, 0x17, 0x42, [@dev={0xac, 0x14, 0x14, 0x39}, @empty, @multicast2, @remote, @dev={0xac, 0x14, 0x14, 0x20}]}, @cipso={0x86, 0x34, 0x0, [{0x7, 0xc, "d537db25fe6df6a1833c"}, {0x7, 0x5, "9b4590"}, {0x5, 0xe, "3f8914bce563d51847431f79"}, {0x2, 0xf, "9443f058eb86b598777fe5b7b3"}]}, @timestamp_addr={0x44, 0x2c, 0xec, 0x1, 0xd, [{@multicast2, 0x6}, {@local, 0x39d}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xff}, {@multicast2, 0x9}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x400}]}, @ssrr={0x89, 0xb, 0xe0, [@rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x29}]}, @timestamp_prespec={0x44, 0xc, 0xdb, 0x3, 0x4, [{@rand_addr=0x64010100, 0x1000}]}, @rr={0x7, 0xb, 0x5a, [@local, @dev={0xac, 0x14, 0x14, 0x26}]}, @timestamp={0x44, 0x14, 0x86, 0x0, 0xe, [0x9, 0x2, 0x9, 0x4]}, @noop, @lsrr={0x83, 0x27, 0x4b, [@private=0xa010102, @dev={0xac, 0x14, 0x14, 0x2b}, @private=0xa010100, @remote, @private=0xa010100, @broadcast, @multicast1, @multicast2, @broadcast]}]}}}}})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x100000, @empty}, 0x1c)
sendmmsg(r6, &(0x7f0000010c40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x24008094)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRESDEC=0x0, @ANYRES32=r3], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$tipc(0x1e, 0x5, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r10=>0x0})
setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f0000000140)={r10, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f00000002c0)={r10, 0x11, 0x6, @random="0002000953aa"}, 0x10)
setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f0000000200)={r10, 0x1, 0x6, @local}, 0x10)
bind$tipc(r8, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r8, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='svcrdma_decode_rqst\x00', r2}, 0x18)
r11 = socket(0x1e, 0x1, 0x0)
write$binfmt_misc(r11, &(0x7f0000000080), 0x2000011a)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r12=>0x0)
sched_setscheduler(r12, 0x1, &(0x7f0000000080)=0x9)
gettid()

4m36.872594884s ago: executing program 4 (id=12):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2cc, &(0x7f0000000240)={[{@errors_remount}, {@nomblk_io_submit}]}, 0xfd, 0x4c3, &(0x7f0000000d80)="$eJzs3M1rHOUfAPDvbDZJ35P215/aWm20isWXpEmrFhSsguBBQdBDPUlM0lKbNtJEaEswqZR6EbTgXQQvon+BJ0+ingSvepdCkV5aPa3M7sy6SXbztkk2L58PTDJP5tl9nu888+w8M89OAtiyetIfScSuiPg9IroiolCbYXtlSfPduzM59PedyaEkSqW3/krSl8XdO5NDedYk+72zkiimb1S4nsSpOuWOX7l6fnB0dORSlu6buPBB3/iVq8+cuzB4duTsyMWBkydPHO9//rmBZ1ckzrROdw9+NHbowGvv3Hxj6PTN937+LonYkW+vjaNJL3RVVyer+2S2x1eosPVid816Upy9ddvaVoZF64yItLnay/2/K9qu76lu64pXP25p5YBVVSqVSgONN0+XgE0siVbXAGiN/ESfXv/myxoNPdaF2y9XLoDSuO9lS2VLsXIfpLNybbR7lcrviYjT0/98mS6x5PsQ7atUKwBgM/shHf88XWf8V4y4rybfnmxuqDsi9kbEvoj4X0Tsj4j/RyXv/RHxwOwC9pZnQHrebVB+z6z03PFP4VazMc4nHf+9mM1tzRz/VWfButuy1O5y/O3JmXOjI8eyfXI02jvTdH/dd08iptPfv33WqPza8V+6pOXnY8GsHreKnTNfMzw4Mdh04Jnb1yIOFuvFn0TxvyjiQEQcXGYZ55785tDMv7RV1xaOfx5z5pmWrvRVxBOV9p+OWfGXZft+LBrOT/Zti9GRY335UTHXL7/eeLNR+ZX4CzF//NubD7SBtP131Dv+X8riz/Zxdb52fM5bdCxUxo0/Pml4TbPc478jeXtG4ZcHJyYu9Ud0JK/P/XvNDe48fXn423L+NP6jR+r3/33Za9I98WBEpAfxQxHxcEQczur+SEQ8GhFH5on/p1cee79h/IebOP6j1Gh6edHS+Ifrfv5V37o7mdH+S1jJp33P//h9o/Kr7Z83WN32P5EnypUqf/4t0CUWW9Pl7TUAAADYWAoRsSuSQm91vVDo7a18X35/7CiMjo1PPHVm7MOLw5VnBLqjvZDf6eqquR/an90bztMDWXoqSx/P7ht/0ba9nO4dGhsdbnXwsMXtjDgVdfp/6s+2VtcOWHVz5tFKXa2pCLDmVmAeHdiglt//fXLARrdALy6sVT2AtecsDltXvf4/VZtIovIteWDTcf6Hrava/z9fROaax71mP7wJbDzznf99FQA2N+N/2JKW9Vz/elqJryPmz5Osl6ouaeXTZl5eXDjPVDRZwyi0cP90tKRRBtoiWnhIFBf7Xy3iSmmq6UIbfWJcq/mvoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOvfvwEAAP//vX/hVQ==")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x3d, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
fchdir(0xffffffffffffffff)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'vcan0\x00', {0x2, 0x4e24, @empty}})

4m36.483302953s ago: executing program 4 (id=17):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x20000000000000fc, 0x0, &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
set_mempolicy(0x8006, 0x0, 0x5)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x402, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000007, 0x30, 0xffffffffffffffff, 0x568d5000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff0000"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

4m35.553270385s ago: executing program 4 (id=23):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410884, &(0x7f00000001c0)={[{@nouid32}, {@acl}]}, 0x1, 0x77c, &(0x7f0000001900)="$eJzs3ctrXFUYAPDvTpKmTWsTQdC6CggaKJ2YGlsFFxUXIlgo6Np2mExDzSRTMpPShIAWEVwoqLgQdNO1j7pz62Or/4ULsVRNixVBidzJ3HbaTNIknWSi8/vBTc65jznnm/s4Z+Ye7gTQtYbTP7mIQxHxfhIx2JifRERfPdUbcWJlvZtLi8V0SmJ5+ZXfkvo6N5YWi9G0TWp/I/NIRHz3dsTh3Opyq/MLU4VyuTTbyI/Wps+PVucXjpybLkyWJkszx8bGx48ef/r4sfbF+sePCweufvDiE1+e+Outh6+8930SJ+JAY1lzHO0yHMON96QvfQvv8EK7C+uwpNMVYEvSU7Nn5SyPQzEYPfUUAPB/9kZELAMAXSbR/gNAl8m+B7ixtFjMps5+I7Gzrj0fEXtX4s/ub64s6W3cs9tbvw86cCO5485IEhFDbSh/OCI+/fq1z9Mptuk+JEArb16KiDNDw6uv/8mqMQub9eQ6y/Y0/g/fNd/1D3bON2n/55lW/b/crf5PtOj/9Lc4d7finuf/vjYUso60//dc09i2m03xNwz1NHIP1Pt8fcnZc+VSem07GBEj0def5sfWKWPk+j/X756XvXq9//f3Sv/v9w9f/ywtP/3ftOYvvf13bjtRqBXuN+7MtUsRj/a2ij+5tf+TNfq/pzZYxkvPvvPJWsvS+NN4s2l1/NEYnbQ9li9HPN5y/98e0ZasOz5xtH44jGYHRQtf/fTxwFrlN/f/0yktP/sssBPS/T+wfvxDSfN4zermy/jh8uC3ay27d/ytj/89yav1dNaPuFio1WbHIvYkL6+ef/T2tlk+Wz+Nf+Sx1uf/esd/+pnwzAbj77366xfvHtxq/NsrjX9iU/t/84krN6d61ip/Y/t/vJ4aaczZyPVvoxW8n/cOAAAAAAAAAAAAAAAAAAAAAAAAADYqFxEHIsnlb6VzuXx+5Te8H4qBXLlSrR0+W5mbmYj6b2UPRV8ue9TlYNPzUMcaz8PP8kfvyj8VEQ9GxEf9+5LsOYoTHY4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL71/j9/9TP/Z2uHQCwbfZ2ugIAwI7T/gNA99H+A0D30f4DQPfR/gNA99H+AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsM1OnTyZTst/Li0W0/zEhfm5qcqFIxOl6lR+eq6YL1Zmz+cnK5XJcilfrEzf6/XKlcr58ZiZuzhaK1Vro9X5hdPTlbmZ2ulz04XJ0ulS345EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbU51fmCqUy6VZiS0klu9r82SXRNGGRE/jcNot9dnRRLI7qtHmRIcvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ef8GAAD//+GAI2c=")
r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000480)="61979e7abd86215d9e012b66522e9570f08aaf3535ce48f3c90f19896195939ccc0536346f7def4ebcb959165b041a0cd90b3059ce092f68f58e36c4411e01d8062e51b28595571ebece919176bcc8059296e11da73a68929c1ab645c1946fbd08249c9e2d", 0x65, 0x3)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet(0x2, 0xa, 0x8f4)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000001040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x97a3}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a30000000001400078005001500f0ffffff080012400000000011000300686173683a69702c6d61726b000000000500050002000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000000306030600000000000000000a0000030500010007"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20004000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r6, @ANYRES16], 0x2c}}, 0x0)
fallocate(r0, 0x8, 0x0, 0x10000)

4m35.552877925s ago: executing program 32 (id=23):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410884, &(0x7f00000001c0)={[{@nouid32}, {@acl}]}, 0x1, 0x77c, &(0x7f0000001900)="$eJzs3ctrXFUYAPDvTpKmTWsTQdC6CggaKJ2YGlsFFxUXIlgo6Np2mExDzSRTMpPShIAWEVwoqLgQdNO1j7pz62Or/4ULsVRNixVBidzJ3HbaTNIknWSi8/vBTc65jznnm/s4Z+Ye7gTQtYbTP7mIQxHxfhIx2JifRERfPdUbcWJlvZtLi8V0SmJ5+ZXfkvo6N5YWi9G0TWp/I/NIRHz3dsTh3Opyq/MLU4VyuTTbyI/Wps+PVucXjpybLkyWJkszx8bGx48ef/r4sfbF+sePCweufvDiE1+e+Outh6+8930SJ+JAY1lzHO0yHMON96QvfQvv8EK7C+uwpNMVYEvSU7Nn5SyPQzEYPfUUAPB/9kZELAMAXSbR/gNAl8m+B7ixtFjMps5+I7Gzrj0fEXtX4s/ub64s6W3cs9tbvw86cCO5485IEhFDbSh/OCI+/fq1z9Mptuk+JEArb16KiDNDw6uv/8mqMQub9eQ6y/Y0/g/fNd/1D3bON2n/55lW/b/crf5PtOj/9Lc4d7finuf/vjYUso60//dc09i2m03xNwz1NHIP1Pt8fcnZc+VSem07GBEj0def5sfWKWPk+j/X756XvXq9//f3Sv/v9w9f/ywtP/3ftOYvvf13bjtRqBXuN+7MtUsRj/a2ij+5tf+TNfq/pzZYxkvPvvPJWsvS+NN4s2l1/NEYnbQ9li9HPN5y/98e0ZasOz5xtH44jGYHRQtf/fTxwFrlN/f/0yktP/sssBPS/T+wfvxDSfN4zermy/jh8uC3ay27d/ytj/89yav1dNaPuFio1WbHIvYkL6+ef/T2tlk+Wz+Nf+Sx1uf/esd/+pnwzAbj77366xfvHtxq/NsrjX9iU/t/84krN6d61ip/Y/t/vJ4aaczZyPVvoxW8n/cOAAAAAAAAAAAAAAAAAAAAAAAAADYqFxEHIsnlb6VzuXx+5Te8H4qBXLlSrR0+W5mbmYj6b2UPRV8ue9TlYNPzUMcaz8PP8kfvyj8VEQ9GxEf9+5LsOYoTHY4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL71/j9/9TP/Z2uHQCwbfZ2ugIAwI7T/gNA99H+A0D30f4DQPfR/gNA99H+AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsM1OnTyZTst/Li0W0/zEhfm5qcqFIxOl6lR+eq6YL1Zmz+cnK5XJcilfrEzf6/XKlcr58ZiZuzhaK1Vro9X5hdPTlbmZ2ulz04XJ0ulS345EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbU51fmCqUy6VZiS0klu9r82SXRNGGRE/jcNot9dnRRLI7qtHmRIcvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ef8GAAD//+GAI2c=")
r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000480)="61979e7abd86215d9e012b66522e9570f08aaf3535ce48f3c90f19896195939ccc0536346f7def4ebcb959165b041a0cd90b3059ce092f68f58e36c4411e01d8062e51b28595571ebece919176bcc8059296e11da73a68929c1ab645c1946fbd08249c9e2d", 0x65, 0x3)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet(0x2, 0xa, 0x8f4)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000001040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x97a3}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a30000000001400078005001500f0ffffff080012400000000011000300686173683a69702c6d61726b000000000500050002000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000000306030600000000000000000a0000030500010007"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x20004000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0), 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r6, @ANYRES16], 0x2c}}, 0x0)
fallocate(r0, 0x8, 0x0, 0x10000)

50.953161154s ago: executing program 1 (id=3553):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$sock_cred(r0, 0x1, 0x11, 0xfffffffffffffffd, &(0x7f0000000300)=0x2a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42000)
ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f00000002c0))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
wait4(0x0, 0x0, 0x40000000, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x1, 0x1a, 0x0, 0x0, 0x0, 0x1, 0x20010, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7993, 0x1, @perf_bp={&(0x7f0000000280), 0x5}, 0x90, 0x5, 0x4, 0x5, 0x81, 0x2, 0x5, 0x0, 0x101, 0x0, 0x5}, 0x0, 0xb, 0xffffffffffffffff, 0x2)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

50.69822296s ago: executing program 1 (id=3557):
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, 0x0, 0x310)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4800)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x1, @mcast1, 0x8000}}, {{0xa, 0x0, 0xb53, @mcast1, 0x80}}}, 0xfffffffffffffe76)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000400)=0xa)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, 0x0, &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f00000003c0)=ANY=[@ANYRES16=r5], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0xa1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0xc)
sendmsg$AUDIT_SET(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x3c, 0x3e9, 0x806, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0x1, r0, 0xd, 0x9, 0x6, 0xffffffff, 0x0, 0x7fff, 0x9}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x9, &(0x7f0000000580)=0x80094, 0xfffffdaf)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x800, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @mcast2, 0x8}, 0x1c)
sendto$inet6(r7, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffe57, 0x8000, 0x0, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r8, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3})

49.651458343s ago: executing program 1 (id=3568):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x10b5, &(0x7f0000000200)={0x0, 0x4d9, 0x800, 0x4, 0xb}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x50, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)={0x49cf02, 0x4, 0x5}, &(0x7f0000000180)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r3}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x6}, 0x8)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd<r=\x00\x00\x00\x00', @ANYRESHEX=r4, @ANYBLOB=',wfd', @ANYRESHEX=r4, @ANYBLOB])
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r6 = syz_io_uring_setup(0x213e, &(0x7f0000000080)={0x0, 0x81df, 0x400, 0x1, 0x40000333}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001800)=""/195, 0xc3}, {0x0}], 0x2, 0x0, 0x1})
io_uring_enter(r6, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

48.675721979s ago: executing program 1 (id=3575):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000180)=[@sack_perm, @window={0x3, 0x1, 0x7}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='kmem_cache_free\x00', r2}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000007c0)=@ipv4_delrule={0x4c, 0x21, 0xb12becd5a2b54ddf, 0x70bd2a, 0x0, {0x2, 0x0, 0x10}, [@FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'netdevsim0\x00'}, @FRA_SRC={0x8, 0x2, @rand_addr=0x64010101}, @FRA_GENERIC_POLICY=@FRA_IIFNAME={0x14, 0x3, 'macvlan1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0)

48.604954826s ago: executing program 1 (id=3578):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64], 0x50)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
r0 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x1000, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = socket$pppoe(0x18, 0x1, 0x0)
recvmsg(r3, &(0x7f00000015c0)={0x0, 0x0, 0x0}, 0x1)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000002040)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r8}, 0x18)
pipe2(&(0x7f0000001cc0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}, 0x2c, {[{@access_uid}]}})

48.394598047s ago: executing program 1 (id=3585):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000b80)='sched_switch\x00', r1, 0x0, 0xb1b8}, 0x18)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x10040, 0x2600)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file1\x00', 0x8086, &(0x7f00000001c0)={[{@fat=@nfs}, {@fat=@dos1xfloppy}, {@nodots}, {@nodots}, {@fat=@check_normal}]}, 0x0, 0x1fd, &(0x7f0000000840)="$eJzs3E1rU1kYB/DTTt+mMy1ZDcwsZg7jRjcX27ULi7RQDCjaiC8gpDTFkJjU3CwSEYxbV34OEdwILgRx4bbfwl0RSleuvKKxrS2tVu1LqL/fJg/8zyHnuRcOl3Phrpx5dLuymCaLYSSEkb7QfzZ0wlAIudAf1nXCqadX1x5evnb9/FQ+P30pxpmpuYnJGP8d/+/ljXtP/n/V/OPKs/EXw2E5d3NldfLN8l/Lf6+8n7tVTmM5jbV6MxbjfL3eLM5XS3GhnFaSGC9WS8W0FMu1tNTYki9W60tL7VisLYyNLjVKaRqLtXaslNqxWY/NRjsW74cQYpIkcWw0sIM/9zqw8PhdloXVLMuy4U7Ismz3oa/3aW30lD3ff46lLzb1kRDedlqFVqH7281nZvPTp+Mnuc1Za61W4beNfKKbx635YBj9nE/umA+Fkye6+cfs3IX8tvz3sHDw7QMAAAAAwLGUxA07nu8nyW55t5qZXX9PvP18fyD8M3AoLQAAAADfkLbvVorVaqnxw8VgCOEnpvdIcTy62L140BvL2JeiLxzkX+SOvMHnPXGdj3pnAgAA9tvmQ/93TrzTd0ArAgAAAAAAAAAAAAAAAAAAgF/PYXxO7Kh7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4mg8BAAD//+HNaaM=")
ioctl$SG_IO(r2, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r3}, 0x18)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)

48.337326083s ago: executing program 33 (id=3585):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000b80)='sched_switch\x00', r1, 0x0, 0xb1b8}, 0x18)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x10040, 0x2600)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file1\x00', 0x8086, &(0x7f00000001c0)={[{@fat=@nfs}, {@fat=@dos1xfloppy}, {@nodots}, {@nodots}, {@fat=@check_normal}]}, 0x0, 0x1fd, &(0x7f0000000840)="$eJzs3E1rU1kYB/DTTt+mMy1ZDcwsZg7jRjcX27ULi7RQDCjaiC8gpDTFkJjU3CwSEYxbV34OEdwILgRx4bbfwl0RSleuvKKxrS2tVu1LqL/fJg/8zyHnuRcOl3Phrpx5dLuymCaLYSSEkb7QfzZ0wlAIudAf1nXCqadX1x5evnb9/FQ+P30pxpmpuYnJGP8d/+/ljXtP/n/V/OPKs/EXw2E5d3NldfLN8l/Lf6+8n7tVTmM5jbV6MxbjfL3eLM5XS3GhnFaSGC9WS8W0FMu1tNTYki9W60tL7VisLYyNLjVKaRqLtXaslNqxWY/NRjsW74cQYpIkcWw0sIM/9zqw8PhdloXVLMuy4U7Ismz3oa/3aW30lD3ff46lLzb1kRDedlqFVqH7281nZvPTp+Mnuc1Za61W4beNfKKbx635YBj9nE/umA+Fkye6+cfs3IX8tvz3sHDw7QMAAAAAwLGUxA07nu8nyW55t5qZXX9PvP18fyD8M3AoLQAAAADfkLbvVorVaqnxw8VgCOEnpvdIcTy62L140BvL2JeiLxzkX+SOvMHnPXGdj3pnAgAA9tvmQ/93TrzTd0ArAgAAAAAAAAAAAAAAAAAAgF/PYXxO7Kh7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4mg8BAAD//+HNaaM=")
ioctl$SG_IO(r2, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r3}, 0x18)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)

3.924401663s ago: executing program 3 (id=4279):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000060a272b8f6b9d7ff07253595c8e6103c6eb954bfc97f874b2914542d21e0ac7b0ac5bc62db0f9604291b21519a16afd3283b60104a509e83532ef4a4aa44d9aa15522ff1ad6e9647e21efb9704e5abf88c3497f03de0ca75812b626e899a9cbb4abc409661ce4d1ef14f4926515b73d6914a0f8ec2314188d52175e25a5d6b0e693be96ddbc1f64264f0"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/25, @ANYRES64=r1, @ANYRESOCT=r2, @ANYRESOCT=r2], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095f96553543ee7cb01e96b8721516bf753d0250e32c1ed2829c59e2024621da58197446419ab293b1fb73fbb0aedeb3bf292605ba6b1c4cc8f423f814ba2043261bc2ddabe9bf589aa9ad1caaafa49f5041c6145c2c7bf9f4cc8a9a52e37b04698bfb41faae4a04a2c0039aaed723a95d2a5375650a6138739db56a0671ec7e9b492d7e18f68108cbe66e0db10044b4e633e17ee5255647c03cb9fbfb8ac05ec21fa574bd214632cf2f62f21ccf350a033dc41aa9ba644"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00}, 0x94)
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r3, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x4000005)
r4 = mq_open(&(0x7f0000000040)='!seli\x1a\x1d!\xa7\x00\x00inux\x00G\xd0\xc6(X', 0x6e93ebbbcc0884f2, 0x10, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedreceive(r4, &(0x7f00000003c0)=""/83, 0x53, 0x8000000000002003, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x11, &(0x7f0000000000)={0x2, 0xffff, @multicast1}, 0x10)
mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f00000001c0)='cpu<20\t||')
sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/43, @ANYRES32=0x0], 0x30, 0x80}], 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r9 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r10, 0x84, 0x10, &(0x7f00000004c0)=@assoc_value={0x0, 0xa490}, 0x8)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r9, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x4008040}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000500)={[], [{@audit}, {@euid_lt}, {@appraise}, {@smackfstransmute={'smackfstransmute', 0x3d, '@%/([-/!.\x03'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@fsname={'fsname', 0x3d, '$,@$'}}, {@euid_gt}]}, 0x2, 0x50d, &(0x7f0000001240)="$eJzs3c9vI1cdAPDvTJJ1Nk2bFHoAVGAphQWt1k68bVT1QjlVCFVC9MhhGxIniuLEUeyUJuwhe+SORCVOcOIfAIkDUk/ckTjAjUs5IPFjBWqQOBjNeJw6v91tYu/Gn4808pv3Yn/fszXvWV/vzgtgZN2KiP2IuBER70TETFGfFEe80Tmyv/vo0YOlg0cPlpJot9/+Z5K3Z3XR85zMM8VrTkbE99+M+GFyLOgfI5q7e+uL9Xptu6iqtDa2Ks3dvbtrG4urtdXaZrW6ML8w99q9V6uXNNJfH5Z+99svfviH/W/+OOvWdFHXO46IuHlJQYv3ZOIwTmY8Ir57WQGGbKwYz43HefJjPYnLlEbEZyLipfz6n4mx/NM86ujH9K0oLm0A4CnVbs9Ee6b3HAC47tI8B5ak5SIXMB1pWi53cngvxFRabzRbd1YaO5vLnVzZbEykK2v12lyRK5yNiWRlbbw2n5e75/Va9dj5vYh4PiJ+WrqZn5eXGvXlYX7xAYAR9syx9f8/pc76DwBccz2/5peG2Q8AYHD8az4AGD3WfwAYPdZ/ABg91n8AGD3WfwAYPdZ/ABgp33vrrexoHxT3v15+d3dnvfHu3eVac728sbNUXmpsb5VXG43V/J49Gxe9Xr3R2Jp/JXbeq7RqzValubt3f6Oxs9m6n9/X+35tYiCjAgDO8/yXP/hzEhH7r9/Mj+i53/+Fa/WLV9074Cqlw+4AMDRjw+4AMDQnd/sCRoV8PNCzRe/DnurJE4Xj3u/r5dNi31DgCXL7858i/w881eT/YXQ9Xv7fd3m4DuT/YXS124k9/wFgxMjxA8kF7b2//8+1e076+/0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArqXp/EjScrEX+HSkabkc8WxEzMZEsrJWr81FxHMR8afSRCk7n48I+wYBwNMs/VtS7P91e+bl6eOtN0r/LeWPEfGjn7/9s/cWW63t+Ygbyb8O61vvF/XVYfQfALhId53uruNdHz16sNQ9Btmfv3+7s7loFvegODot4zGeP07muYapfyfFeUf2fWXsEuLvP4yIz502/iTPjcwWO58ej5/Ffnag8dMj8dO8rfOYvRefvTCSjA0c90E2/7xx2vWXxq388fTrfzKfoT697vx3cGL+Sw/nv7Ez5r9b/cZ45fffOVHZnum0PYz4wnjEQffFe+afbvykkyM+Ef/lPuP/5cUvvXRWW/sXEbfjtPEnR2JVWhtblebu3t21jcXV2mpts1pdmF+Ye+3eq9VKnqOudDPVJ/3j9TvPnRU/G//UGfEne8Z/2vv/tT7H/8v/vfODr5wT/xtfPf3zf+Gc+Nls/vU+4y9O/WbyrLYs/vIZ4x8/J35Wd6fP+B/+dW+5zz8FAAagubu3vliv17avupBefYi8kETsD2A4nULpVz95c1CxPknh5id7VjwJfVZ4sgrDnpmAq/bxRT/sngAAAAAAAAAAAAAAAGcZxH8nGvYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuL7+HwAA//9uB9Gw")

3.044856899s ago: executing program 3 (id=4299):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042dbd7000fbdbdf254a0000000800020005000000080004000003000048000680080006000000000507181200020000000800066c46fb8000060005004e230000060005004e20000014000400fe80000000000000000000000000000c060005004e230b00"], 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x1)
sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="0100000001000000ffffffff00001c00", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=<r4=>0x0, @ANYBLOB="00000000019d39f39d55a4b717fd5490a3fce362118e315a0b6558829634a7177d7e0de5fc29a3883fa5dce013be3a4e654f5e2020ad3a33662568d5a242dec7683728cf3f2e5f4d8217ed1fc5bb2fe803180bd5ed958f8d251118d23305af687a4fee0e8aadd7b124618dacf3b3ac72ea8e9287a80ea793e126cef483a13c26a899de746b0e0a6c0557aad879c4ab"], 0x48}, 0x1, 0x0, 0x0, 0x881}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES64=r0, @ANYRES64=r2, @ANYRES16=r4, @ANYRESDEC=r2], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r6, 0x0, 0xf7}, 0x18)
mmap(&(0x7f0000f20000/0x5000)=nil, 0x5000, 0x3000000, 0x31, 0xffffffffffffffff, 0xfe61d000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r7, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
mbind(&(0x7f00004c9000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x20, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x100010, 0xffffffffffffffff, 0xffffc000)
r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r9}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r10}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00'}, 0x10)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r11, &(0x7f0000000180), 0x40010)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)

2.661367387s ago: executing program 3 (id=4303):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x1, 0x7ffc0002}]})
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, 0x0, 0x4024000)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000800018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r3, 0x0, 0x6048800)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r6}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r7, 0x11, 0x1, &(0x7f0000000100), 0x4)
io_uring_setup(0x7ac9, &(0x7f00000000c0)={0x0, 0x45d6})
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001900)="2e00000011008188040900000000000000a1810031000000000f000000048002002d1f00000000000000e2000000", 0x2e}], 0x1}, 0x20000000)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, 0x0)

2.598181444s ago: executing program 3 (id=4306):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
ioprio_get$uid(0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
r2 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0xdd860600, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0xb}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0xb0, 0x2, 0x0, 0x1, {0x9, 0x1, 0x0, 0x1, [{0xc}, {0x8}, {0x1b}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x9, 0xd}, {0x8, 0x0, 0x0, 0x0, 0x38}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000040)='name', &(0x7f00000000c0)='_\xd0A\x15\xecp\xcfOZ\xdf~', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRESDEC=r2, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a0000002bbd70000000000000000200000000000000000008000020ffffffdf2c0027cc"], 0x124}}, 0x0)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x11, 0x18}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r9}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
io_setup(0xfffffff9, &(0x7f0000000000)=<r10=>0x0)
r11 = eventfd(0x66fe62c8)
r12 = socket$inet_udp(0x2, 0x2, 0x0)
r13 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000300)={'bond0\x00', <r14=>0x0})
r15 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r15, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x8c, 0x24, 0xd0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r14, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x200, 0x0, 0xfffd]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20004045}, 0x0)
setsockopt$inet_mreqn(r12, 0x0, 0x24, &(0x7f00000001c0)={@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, r14}, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000880)={0x0, 0x0, 0xfffffffffffffe3d}, 0x28)
io_cancel(r10, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0xc6, r0, &(0x7f0000000040)="03c1ec23e21d9c01ad07d1b203", 0xd, 0x83f0, 0x0, 0x1, r11}, &(0x7f0000000180))

2.505420543s ago: executing program 3 (id=4310):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)

2.467325087s ago: executing program 3 (id=4311):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

1.737815608s ago: executing program 2 (id=4321):
r0 = openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$selinux_access(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:ld_so'], 0x41)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)={<r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r7}, &(0x7f0000000880), &(0x7f00000008c0)=r6}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, r3, 0x0, 0xffffffffffffffff}, 0x18)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000780)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@ipv4={""/10, ""/2, @empty}}, 0x0, @in6=@empty}}, &(0x7f00000001c0)=0xe8)
fsetxattr$security_capability(r5, &(0x7f0000000180), &(0x7f0000000340)=@v3={0x3000000, [{0xf, 0x81}, {0x9, 0x57eb}], r8}, 0x18, 0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0x11, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}]}, 0x88}, 0x1, 0x7}, 0x0)
r10 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x17, 0x40, 0x6, 0x0, 0x0, 0x10609, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x108bcf, 0x7ff, 0xffff, 0x8, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x100, 0x3}, 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r11}, 0x18)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x100000b, 0x12011, r10, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'macvlan0\x00', @random="0100"})

1.700020252s ago: executing program 0 (id=4322):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$sock_cred(r0, 0x1, 0x11, 0xfffffffffffffffd, &(0x7f0000000300)=0x2a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42000)
ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f00000002c0))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
wait4(0x0, 0x0, 0x40000000, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x1, 0x1a, 0x0, 0x0, 0x0, 0x1, 0x20010, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7993, 0x1, @perf_bp={&(0x7f0000000280), 0x5}, 0x90, 0x5, 0x4, 0x5, 0x81, 0x2, 0x5, 0x0, 0x101, 0x0, 0x5}, 0x0, 0xb, 0xffffffffffffffff, 0x2)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x80)

1.682956834s ago: executing program 5 (id=4323):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x10b5, &(0x7f0000000200)={0x0, 0x4d9, 0x800, 0x4, 0xb}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x50, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)={0x49cf02, 0x4, 0x5}, &(0x7f0000000180)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r3}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x6}, 0x8)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd<r=\x00\x00\x00\x00', @ANYRESHEX=r4, @ANYBLOB=',wfd', @ANYRESHEX=r4, @ANYBLOB])
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r5 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r6 = syz_io_uring_setup(0x213e, &(0x7f0000000080)={0x0, 0x81df, 0x400, 0x1, 0x40000333}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001800)=""/195, 0xc3}, {0x0}], 0x2, 0x0, 0x1})
io_uring_enter(r6, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

1.363299976s ago: executing program 2 (id=4324):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20000090)

1.291028113s ago: executing program 2 (id=4325):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xf9db8c0706283ef1, 0x6, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mm_page_free\x00', r0, 0x0, 0xfff}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20)
sendmmsg$inet6(r1, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x18000}], 0x11}}], 0x2, 0x0)

1.290309653s ago: executing program 0 (id=4327):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000009300000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800001965ba917c62e1e6902300000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000000c0)=0x550b6c)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000004c0)="80fd02ef0600", 0x6}], 0x1, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x1c}, 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

1.260899286s ago: executing program 2 (id=4328):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xf7}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f00004c9000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x20, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)

1.176995174s ago: executing program 0 (id=4331):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f00000007c0)={[{@nodioread_nolock}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000001140)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
rt_sigpending(0x0, 0xfe9b)
getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000001c0)=""/97, &(0x7f0000000040)=0x61)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x121100, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000001480)={[{@data_journal}]}, 0x1, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
dup(0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socket$inet(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0005}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
r4 = open(&(0x7f0000000780)='./bus\x00', 0x145c7e, 0x0)
fchown(r4, 0x0, 0xffffffffffffffff)

1.166212565s ago: executing program 6 (id=4332):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r3, 0x0, 0xc}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
pidfd_getfd(r7, r7, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000080)={0x0, 0x12, &(0x7f0000000000)={&(0x7f0000000240)={0x38, 0x1403, 0x1, 0x70bd29, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bridge\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r9}, 0x10)
signalfd(0xffffffffffffffff, 0x0, 0x0)

1.125413139s ago: executing program 0 (id=4333):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a500000050000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x84, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1.089725643s ago: executing program 5 (id=4334):
r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1067, 0x80, 0x4, 0x224}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0) (async)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000008000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000080851000000600000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r4, 0x58, &(0x7f0000000500)}, 0x10) (async)
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x18) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xf05, 0x0, 0x4)
io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0)

1.053521736s ago: executing program 0 (id=4335):
r0 = openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$selinux_access(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:ld_so'], 0x41)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)={<r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r7}, &(0x7f0000000880), &(0x7f00000008c0)=r6}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, r3, 0x0, 0xffffffffffffffff}, 0x18)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000780)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@ipv4={""/10, ""/2, @empty}}, 0x0, @in6=@empty}}, &(0x7f00000001c0)=0xe8)
fsetxattr$security_capability(r5, &(0x7f0000000180), &(0x7f0000000340)=@v3={0x3000000, [{0xf, 0x81}, {0x9, 0x57eb}], r8}, 0x18, 0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0x11, 0x0, 0x70bd2c, 0x25dfdbfc, [@sadb_key={0x3, 0x9, 0x80, 0x0, "1cdc0dca1d9f68846960e56de42944af"}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3, 0xc}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback, 0x7}}]}, 0x88}, 0x1, 0x7}, 0x0)
r10 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x17, 0x40, 0x6, 0x0, 0x0, 0x10609, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x108bcf, 0x7ff, 0xffff, 0x8, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x100, 0x3}, 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r11}, 0x18)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x100000b, 0x12011, r10, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'macvlan0\x00', @random="0100"})

1.001376191s ago: executing program 6 (id=4336):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20000090)

1.001012221s ago: executing program 5 (id=4337):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
lchown(0x0, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_crash_size', 0x200000, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000680)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0xb, 0x0, "f6a7346a1ca3caf66200f0e70b995efa20d5ddc09c0bc0c88e00bdea5e6998967d569964c8b68dae57dea91c0e3ef03a96483bcaaa5ab222d1993083e8e3619fbbff30da0288a8b78a3f921c40fdc06a"}, 0xd8)
getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x4, 0x56e8, 0x2, 0x1, 0x2, 0x4, 0x1, {<r4=>0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0xdd4, 0x32c, 0x200, 0x10001, 0x91d5}}, &(0x7f0000000280)=0xb0)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000002c0)={r4}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)

998.008492ms ago: executing program 6 (id=4338):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$sock_cred(r0, 0x1, 0x11, 0xfffffffffffffffd, &(0x7f0000000300)=0x2a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42000)
ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f00000002c0))
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
wait4(0x0, 0x0, 0x40000000, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x1, 0x1a, 0x0, 0x0, 0x0, 0x1, 0x20010, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7993, 0x1, @perf_bp={&(0x7f0000000280), 0x5}, 0x90, 0x5, 0x4, 0x5, 0x81, 0x2, 0x5, 0x0, 0x101, 0x0, 0x5}, 0x0, 0xb, 0xffffffffffffffff, 0x2)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x80)

943.324507ms ago: executing program 5 (id=4339):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xf9db8c0706283ef1, 0x6, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mm_page_free\x00', r0, 0x0, 0xfff}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20)
sendmmsg$inet6(r1, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x18000}], 0x11}}], 0x2, 0x0)

924.835819ms ago: executing program 5 (id=4340):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r1, 0x0, 0x4ab}, 0x18)
syz_mount_image$ext4(&(0x7f0000000280)='ext3\x00', &(0x7f0000000480)='./file1\x00', 0xc0ed000a, &(0x7f0000000780)={[{@lazytime}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@journal_async_commit}, {@jqfmt_vfsv1}]}, 0xfe, 0x483, &(0x7f0000001d40)="$eJzs3c1vFOUfAPDvTF/oj5dfK+ILCFpFI761tLzIwYMaTThgNNEDxlNtF1JZqKE1EUK0esCjIfFuvPsHGE96MerJxKveDQkxXEBPa2ZnBvqyW7ply1L280mm+zwzz/I835l5dp+ZZ3cJoGsNZ3+SiK0R8UdEDObZxQWG84frVy9M/nP1wmQStdrbfyf1cteuXpgsi5bP25JnarUiv6lBvRffi5ioVitni/zo3OkPR2fPnX9h+vTEycrJypnxI0cOHtjTf3j80MKnDaw1ziyua7s+mdm98+i7l96YPH7p/V++zdq7tdi+MI52Gc73bkNPtbuyDtu2IJ30drAhtKQnIrLD1Vfv/4PRE/+7sW0wXv+8o40D1lWtVqs1en8uzNeAe1gSnW4B0BnlG312/Vsud2jocVe48kp+AZTFfb1Y8i29keaJx/qWXN+203BEHJ//9+tsiXW6DwEAsNAP2fjn+UbjvzQezBP92Z//F3MoQxFxX0Rsj4j7I2JHRDwQUS/7UEQ83GL9S2dIlo9/0strDm4VsvHfS8Xc1uLxX1oWGeopctvq8fclJ6arlf3FPtkXfZtOTCeVsRXq+PG1379cvra+WxeN/7Ilq78cCxbtuNy75Abd1MTcxO3GXbryWcSu3kbxJ1FO4yQRsTMidq2xjulnm08I3Tr+FbRhnqn2TcTT+fGfjyXxl5Km85NjLx4ePzQ6ENXK/tHyrFju198uvtWs/sXxx0BL8bdBdvw3Nzz/b8Q/lAxEzJ47f6o+Xzvbeh0X//yi6TVNi+f/0W3F+d+fvFNf0V9s+Hhibu7sWER/cmz5+vGb/1qZL8tn8e/b27j/b4+be+KRiNgdEXsi4tHsorBo++MR8URE7F0h/p9fffKD1uNf4a58G2XxT93q+MfC4996oufUT9+3Hn8pO/4H66l9xZrVvP6ttoG3s+8AAABgo0jrn4FP0pEb6TQdGck/w78jNqfVmdm5507MfHRmKv+s/FD0peWdrsEF90PHinvDZX58Sf5Acd/4q543k+zqfGRypjrV6eChy21p0v8zf/V0unXAulvDPNrL69EO4M7zfU3oXvo/dKdE/4eutvr+nyz+cSBgw2vU/z9tWnrku3VtDHBHGf9D91pF/5/PH5qPCoCNyfs/dC/9H7pS0+/Gp7f1lX+JtiWOPZPEXdCMZYlI74pm3PuJ3lX/mMUtE+V/n1Gt1AbzVLZpU8PCnXxVAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaJ//AgAA//+ZVdzv")
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x5, 0x2, &(0x7f0000fd7ff0)={0x0, 0x3938700}, 0x0, 0xfffffffd)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0)
write$char_usb(r2, &(0x7f0000000000)='-0', 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x890)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7bd, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @value=r2}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020500090e0000002cbd70000000000005000600000000000a00000040000000ff01000000000000000000000000000100000000000000000200010000000000000000000000000005000500000000000a00000000000100fe8000"/112], 0x70}, 0x1, 0x7}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r3, 0x0, 0x1034}, 0x18)
fadvise64(0xffffffffffffffff, 0x3, 0x0, 0x5)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x4)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Le1cYB/CTgIRCJSKCgx0Eg0ujQhx0SAYrMWQxIlYcnAUHHQQHB0mJzr78A4pvIC5iZ0cxgijESTKKc0FxyZTS9hZq7dIWU/rj81ku55znuc89fG/gfy0efmo2m7EQQjPx97u/P8tPFHunxqZnQoiF+RBC/puvfz2JRRW/v/UiWpeidTGRqR3cjr+eddz1PVRTR/Ho/DIewg8hhKWn4+S/vRtfvvPcdXJjc6WwtZZbfCysPw8vDOR7tvPLuyOH2fJsd3Yu+rEu462Zn6qNntw3Sy977YNt1VojcxPVpWOfM5//1p/z3++q1CuNyf7T1aF0Z/2qvBPl/iZ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgk53nrpMbmyuFrbXc4mNh/Xl4YSDfs51f3h05zJZnu7Nz8d/qLuOtmZ+qjZ7cN0sve+2DbdVaI3MT1aVjH1q/+/FzPokW+ja8z3+/q1KvNCb7T1eH0p31q/JOlPvbx/wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5SfqLYOzU2PRNCLMyHEMbjHce/7DcT7+suomcp2i8mMrWD2/HXs467vodq6mgqEcIfW5aejpNfteoS/GM/BwAA//8394ZP")

851.729976ms ago: executing program 2 (id=4341):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000000)="f0", 0x1}], 0x1)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000540))
ptrace$cont(0x21, r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='kmem_cache_free\x00', r6}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0xffffffffffff3395, 0x9, 0x0, 0x0, 0x7fffffff, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000400)={0xa})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0xe112, 0x0, 0x0)

841.816987ms ago: executing program 0 (id=4342):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

458.139495ms ago: executing program 6 (id=4343):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58) (fail_nth: 1)

446.031857ms ago: executing program 6 (id=4344):
pipe2(&(0x7f0000001cc0), 0x800)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0, 0x0, 0x6}, 0x18)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)

426.191778ms ago: executing program 6 (id=4345):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
listen(r2, 0x0)
r3 = socket(0x1e, 0x805, 0x0)
sendmsg$tipc(r3, &(0x7f0000000080)={&(0x7f0000000100)=@name, 0x10, 0x0}, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000440)='kmem_cache_free\x00', r4}, 0x18)
accept4$inet6(r2, 0x0, 0x0, 0x0)
sendmsg$tipc(r3, &(0x7f0000000640)={&(0x7f0000000300)=@nameseq={0x1e, 0x1, 0x2, {0x43, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0)
close(0xffffffffffffffff)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$L2TP_CMD_SESSION_MODIFY(r5, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}}, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00'}, 0x10)
readlink(0x0, &(0x7f0000000040)=""/230, 0xe6)

73.932353ms ago: executing program 5 (id=4346):
r0 = open(&(0x7f0000000780)='./bus\x00', 0x145c7e, 0x0)
io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x22, 0x0, 0x4, r0, 0x0}])
bpf$MAP_CREATE(0x0, 0x0, 0x48)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000280), &(0x7f0000048000)=0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000000}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_io_uring_setup(0x2421, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, 0x10}, &(0x7f0000000100), &(0x7f0000000080))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x5, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x6}, 0x0, 0x100, 0x1})
r2 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0xc, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

0s ago: executing program 2 (id=4347):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x6048800)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814)
close(r3)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x18)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000040)=0x654a, 0x4)
connect$inet(r8, &(0x7f0000000000)={0x2, 0xfffe, @multicast2}, 0x10)
sendmmsg(r8, &(0x7f0000007fc0), 0x800001d, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r9}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000001a00010029bd70000000000002202000000000000020000004001e"], 0x2c}, 0x1, 0x0, 0x0, 0x20004004}, 0x0)

kernel console output (not intermixed with test programs):

  256.642224][T14353]  ? __rcu_read_unlock+0x4f/0x70
[  256.642268][T14353]  ? avc_has_perm_noaudit+0x1b1/0x200
[  256.642382][T14353]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[  256.642423][T14353]  ipv6_setsockopt+0x59/0x130
[  256.642455][T14353]  tcp_setsockopt+0x98/0xb0
[  256.642514][T14353]  sock_common_setsockopt+0x69/0x80
[  256.642542][T14353]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  256.642572][T14353]  __sys_setsockopt+0x184/0x200
[  256.642625][T14353]  __x64_sys_setsockopt+0x64/0x80
[  256.642653][T14353]  x64_sys_call+0x20ec/0x3000
[  256.642674][T14353]  do_syscall_64+0xd2/0x200
[  256.642705][T14353]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  256.642785][T14353]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  256.642814][T14353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.642839][T14353] RIP: 0033:0x7fb43c08eec9
[  256.642853][T14353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.642935][T14353] RSP: 002b:00007fb43aaf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  256.642954][T14353] RAX: ffffffffffffffda RBX: 00007fb43c2e5fa0 RCX: 00007fb43c08eec9
[  256.642967][T14353] RDX: 0000000000000039 RSI: 0000000000000029 RDI: 0000000000000006
[  256.642984][T14353] RBP: 00007fb43aaf7090 R08: 0000000000000008 R09: 0000000000000000
[  256.643000][T14353] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.643016][T14353] R13: 00007fb43c2e6038 R14: 00007fb43c2e5fa0 R15: 00007ffd2ce893d8
[  256.643043][T14353]  </TASK>
[  256.930784][T14344] lo speed is unknown, defaulting to 1000
[  256.991968][T14344] lo speed is unknown, defaulting to 1000
[  257.030968][T14344] lo speed is unknown, defaulting to 1000
[  257.072702][T14359] loop1: detected capacity change from 0 to 512
[  257.109572][T14344] lo speed is unknown, defaulting to 1000
[  257.156437][T14344] lo speed is unknown, defaulting to 1000
[  257.163250][T14372] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3506'.
[  257.258539][T14376] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3508'.
[  257.322595][T14378] loop5: detected capacity change from 0 to 2048
[  257.380388][T14378] Alternate GPT is invalid, using primary GPT.
[  257.386696][T14378]  loop5: p1 p2 p3
[  257.470326][T14374] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  257.496478][T14374] SELinux: failed to load policy
[  257.565893][T14384] loop5: detected capacity change from 0 to 1024
[  257.589344][T14384] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  257.610620][T14384] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  257.622987][T14384] EXT4-fs (loop5): failed to initialize system zone (-117)
[  257.630382][T14384] EXT4-fs (loop5): mount failed
[  257.748988][T14389] lo speed is unknown, defaulting to 1000
[  257.948611][T14403] 9pnet: Could not find request transport: fd<r=
[  257.982445][T14407] loop9: detected capacity change from 0 to 7
[  257.988764][T14407] Buffer I/O error on dev loop9, logical block 0, async page read
[  258.027298][T14401] loop1: detected capacity change from 0 to 1024
[  258.042874][T14409] SELinux: failed to load policy
[  258.047184][T14407] Buffer I/O error on dev loop9, logical block 0, async page read
[  258.055818][T14407]  loop9: unable to read partition table
[  258.081296][T14401] EXT4-fs (loop1): filesystem is read-only
[  258.090777][T14407] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  258.090777][T14407] 
) failed (rc=-5)
[  258.109755][T14401] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  258.120914][T14401] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  258.146996][T14401] EXT4-fs error (device loop1): ext4_get_journal_inode:5808: comm syz.1.3518: inode #1: comm syz.1.3518: iget: illegal inode #
[  258.162644][T14401] EXT4-fs (loop1): no journal found
[  258.167926][T14401] EXT4-fs (loop1): can't get journal size
[  258.176838][T14401] EXT4-fs (loop1): failed to initialize system zone (-22)
[  258.192040][T14401] EXT4-fs (loop1): mount failed
[  258.261521][T14423] netlink: 'syz.1.3526': attribute type 6 has an invalid length.
[  258.363138][T14414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.382500][T14414] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.441792][T14434] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3532'.
[  258.462837][T14414] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3523'.
[  258.511207][T14442] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3535'.
[  258.786256][T14469] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3547'.
[  258.828890][T14475] netlink: 'syz.1.3550': attribute type 6 has an invalid length.
[  258.840640][T14477] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3551'.
[  258.948912][T14486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.966694][T14486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.976864][T14482] lo speed is unknown, defaulting to 1000
[  259.666416][T14507] syz0: rxe_newlink: already configured on bond_slave_0
[  259.722839][T14513] SELinux: failed to load policy
[  259.731675][T14515] ------------[ cut here ]------------
[  259.737174][T14515] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000)
[  259.757338][T14515] WARNING: CPU: 0 PID: 14515 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680
[  259.767827][T14515] Modules linked in:
[  259.771786][T14515] CPU: 0 UID: 0 PID: 14515 Comm: syz.3.3564 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  259.783238][T14515] Tainted: [W]=WARN
[  259.787055][T14515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  259.797187][T14515] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[  259.803633][T14515] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 72 02 bb ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[  259.823338][T14515] RSP: 0018:ffffc90000a07408 EFLAGS: 00010282
[  259.829435][T14515] RAX: a0d1fcd59128cf00 RBX: ffff88811ba10040 RCX: 0000000000080000
[  259.837470][T14515] RDX: ffffc900021a2000 RSI: 000000000001294d RDI: 000000000001294e
[  259.845628][T14515] RBP: 0000000000000000 R08: 0001c90000a07257 R09: 0000000000000000
[  259.853733][T14515] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff88811ba10000
[  259.861747][T14515] R13: ffff888198a88000 R14: ffff888198a88000 R15: ffff88811ba10038
[  259.869768][T14515] FS:  00007f3ae87e76c0(0000) GS:ffff8882aee3a000(0000) knlGS:0000000000000000
[  259.878784][T14515] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  259.885414][T14515] CR2: 00002000000054c0 CR3: 000000011031a000 CR4: 00000000003506f0
[  259.893434][T14515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  259.901529][T14515] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  259.909550][T14515] Call Trace:
[  259.912878][T14515]  <TASK>
[  259.915891][T14515]  reg_set_min_max+0x1eb/0x260
[  259.920787][T14515]  check_cond_jmp_op+0x1370/0x19e0
[  259.925939][T14515]  do_check+0x3363/0x8460
[  259.930404][T14515]  do_check_common+0xc5e/0x12b0
[  259.935364][T14515]  bpf_check+0xaaae/0xd9d0
[  259.939876][T14515]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  259.946002][T14515]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[  259.952004][T14515]  ? try_charge_memcg+0x215/0xa10
[  259.957082][T14515]  ? pcpu_block_update+0x232/0x3b0
[  259.962413][T14515]  ? pcpu_block_refresh_hint+0x157/0x170
[  259.968113][T14515]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  259.974331][T14515]  ? css_rstat_updated+0xb7/0x240
[  259.979388][T14515]  ? __rcu_read_unlock+0x4f/0x70
[  259.984459][T14515]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  259.990331][T14515]  ? bpf_prog_alloc+0x5b/0x150
[  259.995148][T14515]  ? pcpu_alloc_noprof+0xd29/0x1250
[  260.000599][T14515]  ? should_fail_ex+0x30/0x280
[  260.005475][T14515]  ? should_failslab+0x8c/0xb0
[  260.010303][T14515]  ? __kmalloc_noprof+0x2a2/0x570
[  260.015367][T14515]  ? security_bpf_prog_load+0x60/0x140
[  260.018960][T14522] batadv_slave_1: entered promiscuous mode
[  260.020881][T14515]  ? selinux_bpf_prog_load+0xad/0xd0
[  260.032090][T14515]  ? security_bpf_prog_load+0x9e/0x140
[  260.032136][T14515]  bpf_prog_load+0xf6e/0x1100
[  260.032176][T14515]  ? security_bpf+0x2b/0x90
[  260.032224][T14515]  __sys_bpf+0x469/0x7c0
[  260.032272][T14515]  __x64_sys_bpf+0x41/0x50
[  260.032311][T14515]  x64_sys_call+0x2aee/0x3000
[  260.032343][T14515]  do_syscall_64+0xd2/0x200
[  260.032396][T14515]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  260.032434][T14515]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  260.032464][T14515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.032560][T14515] RIP: 0033:0x7f3ae9d7eec9
[  260.032576][T14515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.032646][T14515] RSP: 002b:00007f3ae87e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  260.032673][T14515] RAX: ffffffffffffffda RBX: 00007f3ae9fd5fa0 RCX: 00007f3ae9d7eec9
[  260.032698][T14515] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  260.032711][T14515] RBP: 00007f3ae9e01f91 R08: 0000000000000000 R09: 0000000000000000
[  260.032726][T14515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  260.032786][T14515] R13: 00007f3ae9fd6038 R14: 00007f3ae9fd5fa0 R15: 00007ffcd1ab4468
[  260.032807][T14515]  </TASK>
[  260.032814][T14515] ---[ end trace 0000000000000000 ]---
[  260.036649][T14522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.232879][T14522] batadv_slave_1 (unregistering): left promiscuous mode
[  260.244403][T14523] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  260.250847][T14523] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  260.269802][T14522] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.287247][T14528] 9pnet: Could not find request transport: fd<r=
[  260.585025][   T29] kauditd_printk_skb: 460 callbacks suppressed
[  260.585168][   T29] audit: type=1400 audit(1760574832.927:51091): avc:  denied  { map_create } for  pid=14533 comm="syz.2.3570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  260.659835][   T29] audit: type=1400 audit(1760574832.957:51092): avc:  denied  { map_read map_write } for  pid=14533 comm="syz.2.3570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  260.679986][   T29] audit: type=1400 audit(1760574832.967:51093): avc:  denied  { perfmon } for  pid=14533 comm="syz.2.3570" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  260.701082][   T29] audit: type=1400 audit(1760574832.967:51094): avc:  denied  { prog_run } for  pid=14533 comm="syz.2.3570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  260.796416][   T29] audit: type=1326 audit(1760574833.137:51095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.851439][   T29] audit: type=1326 audit(1760574833.137:51096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.875213][   T29] audit: type=1326 audit(1760574833.137:51097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.899155][   T29] audit: type=1326 audit(1760574833.167:51098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.923040][   T29] audit: type=1326 audit(1760574833.177:51099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.946649][   T29] audit: type=1326 audit(1760574833.177:51100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14538 comm="syz.2.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  260.949163][T14541] FAULT_INJECTION: forcing a failure.
[  260.949163][T14541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.983358][T14541] CPU: 0 UID: 0 PID: 14541 Comm: syz.5.3572 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  260.983477][T14541] Tainted: [W]=WARN
[  260.983484][T14541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  260.983498][T14541] Call Trace:
[  260.983505][T14541]  <TASK>
[  260.983513][T14541]  __dump_stack+0x1d/0x30
[  260.983581][T14541]  dump_stack_lvl+0xe8/0x140
[  260.983625][T14541]  dump_stack+0x15/0x1b
[  260.983647][T14541]  should_fail_ex+0x265/0x280
[  260.983751][T14541]  should_fail+0xb/0x20
[  260.983867][T14541]  should_fail_usercopy+0x1a/0x20
[  260.983891][T14541]  _copy_from_user+0x1c/0xb0
[  260.983973][T14541]  memdup_user+0x5e/0xd0
[  260.984028][T14541]  strndup_user+0x68/0xb0
[  260.984064][T14541]  __se_sys_mount+0x4d/0x2e0
[  260.984128][T14541]  ? fput+0x8f/0xc0
[  260.984170][T14541]  ? ksys_write+0x192/0x1a0
[  260.984249][T14541]  __x64_sys_mount+0x67/0x80
[  260.984278][T14541]  x64_sys_call+0x2b51/0x3000
[  260.984306][T14541]  do_syscall_64+0xd2/0x200
[  260.984338][T14541]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  260.984430][T14541]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  260.984463][T14541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.984491][T14541] RIP: 0033:0x7fe1f9dfeec9
[  260.984522][T14541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.984544][T14541] RSP: 002b:00007fe1f8867038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  260.984564][T14541] RAX: ffffffffffffffda RBX: 00007fe1fa055fa0 RCX: 00007fe1f9dfeec9
[  260.984577][T14541] RDX: 0000200000000540 RSI: 0000200000000500 RDI: 00002000000004c0
[  260.984594][T14541] RBP: 00007fe1f8867090 R08: 0000000000000000 R09: 0000000000000000
[  260.984610][T14541] R10: 0000000002001c12 R11: 0000000000000246 R12: 0000000000000001
[  260.984635][T14541] R13: 00007fe1fa056038 R14: 00007fe1fa055fa0 R15: 00007fffd1771dc8
[  260.984698][T14541]  </TASK>
[  261.244379][T14546] __nla_validate_parse: 4 callbacks suppressed
[  261.244401][T14546] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3574'.
[  261.303318][T14554] netlink: 52 bytes leftover after parsing attributes in process `+}[@'.
[  261.311940][T14554] netlink: 7 bytes leftover after parsing attributes in process `+}[@'.
[  261.320358][T14554] netlink: 52 bytes leftover after parsing attributes in process `+}[@'.
[  261.328767][T14554] netlink: 7 bytes leftover after parsing attributes in process `+}[@'.
[  261.337151][T14554] netlink: 52 bytes leftover after parsing attributes in process `+}[@'.
[  261.387855][T14561] SELinux: failed to load policy
[  261.410583][T14563] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3582'.
[  261.487771][ T6880] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.562928][ T6880] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.631036][ T6880] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.689477][ T6880] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.795042][ T6880] bridge_slave_1: left allmulticast mode
[  261.800965][ T6880] bridge_slave_1: left promiscuous mode
[  261.806897][ T6880] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.811489][T14586] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  261.823765][T14586] SELinux: failed to load policy
[  261.851627][ T6880] bridge_slave_0: left promiscuous mode
[  261.857338][ T6880] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.944186][ T6880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  261.954341][ T6880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  261.964314][ T6880] bond0 (unregistering): Released all slaves
[  261.973967][T14588] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3589'.
[  261.983031][T14574] lo speed is unknown, defaulting to 1000
[  262.021250][T14597] FAULT_INJECTION: forcing a failure.
[  262.021250][T14597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.034368][T14597] CPU: 0 UID: 0 PID: 14597 Comm: syz.0.3592 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  262.034472][T14597] Tainted: [W]=WARN
[  262.034479][T14597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  262.034495][T14597] Call Trace:
[  262.034503][T14597]  <TASK>
[  262.034512][T14597]  __dump_stack+0x1d/0x30
[  262.034560][T14597]  dump_stack_lvl+0xe8/0x140
[  262.034587][T14597]  dump_stack+0x15/0x1b
[  262.034614][T14597]  should_fail_ex+0x265/0x280
[  262.034711][T14597]  should_fail+0xb/0x20
[  262.034759][T14597]  should_fail_usercopy+0x1a/0x20
[  262.034788][T14597]  _copy_to_user+0x20/0xa0
[  262.034813][T14597]  simple_read_from_buffer+0xb5/0x130
[  262.034905][T14597]  proc_fail_nth_read+0x10e/0x150
[  262.034968][T14597]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  262.035075][T14597]  vfs_read+0x1a8/0x770
[  262.035103][T14597]  ? __rcu_read_unlock+0x4f/0x70
[  262.035192][T14597]  ? __fget_files+0x184/0x1c0
[  262.035238][T14597]  ksys_read+0xda/0x1a0
[  262.035260][T14597]  __x64_sys_read+0x40/0x50
[  262.035280][T14597]  x64_sys_call+0x27c0/0x3000
[  262.035305][T14597]  do_syscall_64+0xd2/0x200
[  262.035447][T14597]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  262.035480][T14597]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  262.035502][T14597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.035521][T14597] RIP: 0033:0x7fa1d370d8dc
[  262.035536][T14597] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  262.035624][T14597] RSP: 002b:00007fa1d216f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  262.035641][T14597] RAX: ffffffffffffffda RBX: 00007fa1d3965fa0 RCX: 00007fa1d370d8dc
[  262.035708][T14597] RDX: 000000000000000f RSI: 00007fa1d216f0a0 RDI: 0000000000000007
[  262.035723][T14597] RBP: 00007fa1d216f090 R08: 0000000000000000 R09: 0000000000000000
[  262.035738][T14597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.035753][T14597] R13: 00007fa1d3966038 R14: 00007fa1d3965fa0 R15: 00007fff9a86ceb8
[  262.035781][T14597]  </TASK>
[  262.271652][ T6880] hsr_slave_0: left promiscuous mode
[  262.289228][ T6880] hsr_slave_1: left promiscuous mode
[  262.298362][ T6880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.306309][ T6880] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.315258][ T6880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.322720][ T6880] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.328159][T14609] loop5: detected capacity change from 0 to 512
[  262.344097][T14609] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.3596: inode has both inline data and extents flags
[  262.357897][ T6880] veth1_macvtap: left promiscuous mode
[  262.361531][T14609] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.3596: couldn't read orphan inode 15 (err -117)
[  262.363973][ T6880] veth0_macvtap: left promiscuous mode
[  262.381227][ T6880] veth1_vlan: left promiscuous mode
[  262.386538][ T6880] veth0_vlan: left promiscuous mode
[  262.393256][T14609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.435960][T13561] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.509282][ T6880] team0 (unregistering): Port device team_slave_1 removed
[  262.519862][ T6880] team0 (unregistering): Port device team_slave_0 removed
[  262.541247][T14628] netlink: 'syz.5.3602': attribute type 6 has an invalid length.
[  262.562514][T14607] bridge0: entered promiscuous mode
[  262.567804][T14607] macsec1: entered promiscuous mode
[  262.574092][T14607] bridge0: port 3(macsec1) entered blocking state
[  262.580621][T14607] bridge0: port 3(macsec1) entered disabled state
[  262.587255][T14607] macsec1: entered allmulticast mode
[  262.592575][T14607] bridge0: entered allmulticast mode
[  262.598362][T14607] macsec1: left allmulticast mode
[  262.603500][T14607] bridge0: left allmulticast mode
[  262.609186][T14607] bridge0: left promiscuous mode
[  262.621256][T14574] chnl_net:caif_netlink_parms(): no params data found
[  262.669287][T14574] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.676596][T14574] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.683841][T14574] bridge_slave_0: entered allmulticast mode
[  262.692085][T14574] bridge_slave_0: entered promiscuous mode
[  262.698985][T14574] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.706143][T14574] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.713374][T14574] bridge_slave_1: entered allmulticast mode
[  262.719945][T14574] bridge_slave_1: entered promiscuous mode
[  262.813759][T14641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3606'.
[  262.842638][T14641] GUP no longer grows the stack in syz.2.3606 (14641): 200000005000-200000008000 (200000004000)
[  262.853143][T14641] CPU: 1 UID: 0 PID: 14641 Comm: syz.2.3606 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  262.853225][T14641] Tainted: [W]=WARN
[  262.853235][T14641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  262.853252][T14641] Call Trace:
[  262.853337][T14641]  <TASK>
[  262.853347][T14641]  __dump_stack+0x1d/0x30
[  262.853376][T14641]  dump_stack_lvl+0xe8/0x140
[  262.853397][T14641]  dump_stack+0x15/0x1b
[  262.853419][T14641]  fixup_user_fault+0x50e/0x560
[  262.853459][T14641]  fault_in_user_writeable+0x5d/0xd0
[  262.853496][T14641]  futex_lock_pi+0x597/0x780
[  262.853582][T14641]  ? __pfx_futex_wake_mark+0x10/0x10
[  262.853657][T14641]  do_futex+0x21f/0x380
[  262.853716][T14641]  __se_sys_futex+0x2ed/0x360
[  262.853814][T14641]  ? xfd_validate_state+0x45/0xf0
[  262.853916][T14641]  __x64_sys_futex+0x78/0x90
[  262.853962][T14641]  x64_sys_call+0x2e48/0x3000
[  262.853987][T14641]  do_syscall_64+0xd2/0x200
[  262.854011][T14641]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  262.854048][T14641]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  262.854208][T14641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.854237][T14641] RIP: 0033:0x7ff5d1dceec9
[  262.854257][T14641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.854282][T14641] RSP: 002b:00007ff5d0816038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  262.854305][T14641] RAX: ffffffffffffffda RBX: 00007ff5d2026090 RCX: 00007ff5d1dceec9
[  262.854379][T14641] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  262.854396][T14641] RBP: 00007ff5d1e51f91 R08: 0000000000000000 R09: 0000000000000000
[  262.854414][T14641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  262.854495][T14641] R13: 00007ff5d2026128 R14: 00007ff5d2026090 R15: 00007ffc7c130ce8
[  262.854522][T14641]  </TASK>
[  263.046040][T14574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  263.057882][T14574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  263.223885][T14644] lo speed is unknown, defaulting to 1000
[  263.339401][T14574] team0: Port device team_slave_0 added
[  263.372256][T14574] team0: Port device team_slave_1 added
[  263.420881][T14574] batman_adv: batadv0: Adding interface: batadv_slave_0
[  263.427855][T14574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  263.454296][T14574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  263.472963][T14643] loop5: detected capacity change from 0 to 1024
[  263.513556][T14643] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  263.611914][T14574] batman_adv: batadv0: Adding interface: batadv_slave_1
[  263.618961][T14574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  263.645051][T14574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  263.656342][T14643] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  263.665433][T14643] EXT4-fs (loop5): failed to initialize system zone (-117)
[  263.679972][T14643] EXT4-fs (loop5): mount failed
[  263.822772][T14574] hsr_slave_0: entered promiscuous mode
[  263.829035][T14574] hsr_slave_1: entered promiscuous mode
[  264.143526][T14574] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  264.189935][T14574] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  264.222705][T14662] netlink: 'syz.5.3612': attribute type 6 has an invalid length.
[  264.241808][T14574] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  264.384784][T14574] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  264.442961][T14666] FAULT_INJECTION: forcing a failure.
[  264.442961][T14666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.456356][T14666] CPU: 1 UID: 0 PID: 14666 Comm: syz.3.3614 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  264.456398][T14666] Tainted: [W]=WARN
[  264.456407][T14666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  264.456488][T14666] Call Trace:
[  264.456495][T14666]  <TASK>
[  264.456504][T14666]  __dump_stack+0x1d/0x30
[  264.456526][T14666]  dump_stack_lvl+0xe8/0x140
[  264.456546][T14666]  dump_stack+0x15/0x1b
[  264.456563][T14666]  should_fail_ex+0x265/0x280
[  264.456601][T14666]  should_fail+0xb/0x20
[  264.456755][T14666]  should_fail_usercopy+0x1a/0x20
[  264.456782][T14666]  _copy_from_user+0x1c/0xb0
[  264.456816][T14666]  ___sys_sendmsg+0xc1/0x1d0
[  264.456858][T14666]  __x64_sys_sendmsg+0xd4/0x160
[  264.456901][T14666]  x64_sys_call+0x191e/0x3000
[  264.457002][T14666]  do_syscall_64+0xd2/0x200
[  264.457033][T14666]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  264.457108][T14666]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  264.457151][T14666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.457180][T14666] RIP: 0033:0x7f3ae9d7eec9
[  264.457195][T14666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.457219][T14666] RSP: 002b:00007f3ae87e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  264.457244][T14666] RAX: ffffffffffffffda RBX: 00007f3ae9fd5fa0 RCX: 00007f3ae9d7eec9
[  264.457261][T14666] RDX: 0000000020004804 RSI: 0000200000000000 RDI: 0000000000000004
[  264.457287][T14666] RBP: 00007f3ae87e7090 R08: 0000000000000000 R09: 0000000000000000
[  264.457358][T14666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.457371][T14666] R13: 00007f3ae9fd6038 R14: 00007f3ae9fd5fa0 R15: 00007ffcd1ab4468
[  264.457396][T14666]  </TASK>
[  264.667762][T14574] 8021q: adding VLAN 0 to HW filter on device bond0
[  264.851735][T14574] 8021q: adding VLAN 0 to HW filter on device team0
[  264.859438][T14685] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3618'.
[  265.245489][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.252715][ T6868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.288995][T14574] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  265.299533][T14574] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  265.405829][T14686] lo speed is unknown, defaulting to 1000
[  265.410888][ T6919] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.418776][ T6919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.430765][T14689] SELinux: failed to load policy
[  265.562907][T14574] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.593466][   T29] kauditd_printk_skb: 551 callbacks suppressed
[  265.593481][   T29] audit: type=1400 audit(1760574837.937:51652): avc:  denied  { connect } for  pid=14702 comm="syz.2.3624" lport=252 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  265.657239][T14706] SELinux: failed to load policy
[  265.663502][T14707] netlink: 'syz.0.3623': attribute type 6 has an invalid length.
[  265.684220][   T29] audit: type=1400 audit(1760574838.007:51653): avc:  denied  { write } for  pid=14702 comm="syz.2.3624" laddr=::ac14:142b lport=252 faddr=fe80::41 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  265.769025][T14715] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  265.776323][   T29] audit: type=1400 audit(1760574838.107:51654): avc:  denied  { open } for  pid=14712 comm="syz.0.3627" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=44187 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  265.800901][   T29] audit: type=1400 audit(1760574838.107:51655): avc:  denied  { create } for  pid=14714 comm="syz.5.3628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  265.821452][   T29] audit: type=1400 audit(1760574838.107:51656): avc:  denied  { write } for  pid=14714 comm="syz.5.3628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  265.872303][T14713] 9pnet: Could not find request transport: fd<r=
[  265.945740][T14725] loop5: detected capacity change from 0 to 1024
[  265.984822][   T29] audit: type=1400 audit(1760574838.117:51657): avc:  denied  { watch watch_reads } for  pid=14714 comm="syz.5.3628" path="/93" dev="tmpfs" ino=504 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  266.007979][   T29] audit: type=1326 audit(1760574838.217:51658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14710 comm="syz.2.3626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  266.031676][   T29] audit: type=1326 audit(1760574838.217:51659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14710 comm="syz.2.3626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  266.055501][   T29] audit: type=1326 audit(1760574838.227:51660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14710 comm="syz.2.3626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  266.079256][   T29] audit: type=1326 audit(1760574838.227:51661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14710 comm="syz.2.3626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  266.105790][T14725] EXT4-fs (loop5): filesystem is read-only
[  266.124606][T14725] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  266.140690][T14725] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  266.163216][T14725] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.3629: inode #1: comm syz.5.3629: iget: illegal inode #
[  266.186669][T14725] EXT4-fs (loop5): no journal found
[  266.192020][T14725] EXT4-fs (loop5): can't get journal size
[  266.200149][T14725] EXT4-fs (loop5): failed to initialize system zone (-22)
[  266.212589][T14725] EXT4-fs (loop5): mount failed
[  266.265093][T14574] veth0_vlan: entered promiscuous mode
[  266.273748][T14574] veth1_vlan: entered promiscuous mode
[  266.304937][T14742] __nla_validate_parse: 3 callbacks suppressed
[  266.305035][T14742] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3633'.
[  266.323977][T14574] veth0_macvtap: entered promiscuous mode
[  266.333037][T14574] veth1_macvtap: entered promiscuous mode
[  266.356936][T14574] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.377586][T14574] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.388786][ T6899] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.400358][ T6919] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.419328][T14751] netlink: 'syz.0.3637': attribute type 6 has an invalid length.
[  266.440528][ T6880] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.450647][ T6868] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.531243][T14754] lo speed is unknown, defaulting to 1000
[  266.562764][T14764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3639'.
[  266.571480][T14757] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  266.675523][ T6880] Bluetooth: hci0: Frame reassembly failed (-84)
[  266.678249][T12210] Bluetooth: hci0: Malformed Event: 0x02
[  266.683994][T14770] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3643'.
[  266.707635][T14770] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.715082][T14770] batman_adv: batadv0: Removing interface: batadv_slave_0
[  266.723186][T14770] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.730833][T14770] batman_adv: batadv0: Removing interface: batadv_slave_1
[  266.788568][T14768] loop9: detected capacity change from 0 to 7
[  266.834070][T14768] Buffer I/O error on dev loop9, logical block 0, async page read
[  266.861943][T14768] Buffer I/O error on dev loop9, logical block 0, async page read
[  266.869923][T14768]  loop9: unable to read partition table
[  266.899784][T14768] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  266.899784][T14768] 
) failed (rc=-5)
[  267.076368][ T2965] kernel write not supported for file /235/oom_adj (pid: 2965 comm: kworker/1:2)
[  267.121881][T14781] blktrace: Concurrent blktraces are not allowed on loop1
[  267.256006][T14783] netlink: 'syz.0.3648': attribute type 2 has an invalid length.
[  267.263833][T14783] netlink: 51 bytes leftover after parsing attributes in process `syz.0.3648'.
[  267.406771][T14793] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  267.546458][T14799] SELinux: failed to load policy
[  267.608609][T14806] netlink: 'syz.5.3658': attribute type 6 has an invalid length.
[  267.622933][T14806] loop9: detected capacity change from 0 to 7
[  267.630921][T14806] Buffer I/O error on dev loop9, logical block 0, async page read
[  267.638795][T14806] Buffer I/O error on dev loop9, logical block 0, async page read
[  267.646764][T14806]  loop9: unable to read partition table
[  267.653149][T14806] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  267.653149][T14806] 
) failed (rc=-5)
[  267.898642][T14837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.908213][T14831] 9pnet: Could not find request transport: fd<r=
[  267.925260][T14837] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.992644][ T6880] Bluetooth: hci1: Frame reassembly failed (-84)
[  267.992811][T14841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3670'.
[  268.284837][T14851] hub 9-0:1.0: USB hub found
[  268.289577][T14851] hub 9-0:1.0: 8 ports detected
[  268.682595][T14863] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3682'.
[  268.709144][T14867] netlink: 'syz.3.3683': attribute type 6 has an invalid length.
[  268.719860][ T3524] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  268.719860][T14843] Bluetooth: hci0: command 0x1003 tx timeout
[  268.726543][T14867] loop9: detected capacity change from 0 to 7
[  268.739193][T14867] Buffer I/O error on dev loop9, logical block 0, async page read
[  268.749040][T14867] Buffer I/O error on dev loop9, logical block 0, async page read
[  268.750576][T14870] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3685'.
[  268.757029][T14867]  loop9: unable to read partition table
[  268.774362][T14867] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  268.774362][T14867] 
) failed (rc=-5)
[  268.825721][T14877] nfs4: Bad value for 'source'
[  268.895577][T14886] 9pnet: Could not find request transport: fd<r=
[  269.027900][T14890] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  269.036446][T14890] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3691'.
[  269.172775][T14898] loop5: detected capacity change from 0 to 1024
[  269.179893][T14898] EXT4-fs (loop5): filesystem is read-only
[  269.185965][T14898] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  269.196370][T14898] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  269.207800][T14898] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.3695: inode #1: comm syz.5.3695: iget: illegal inode #
[  269.221880][T14898] EXT4-fs (loop5): no journal found
[  269.227114][T14898] EXT4-fs (loop5): can't get journal size
[  269.238943][T14898] EXT4-fs (loop5): failed to initialize system zone (-22)
[  269.247653][T14898] EXT4-fs (loop5): mount failed
[  269.264303][T14898] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3695'.
[  269.632935][T14930] 9pnet: Could not find request transport: fd<r=
[  269.737936][T14936] 9pnet: Could not find request transport: fd<r=
[  269.914003][T14939] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  269.999846][T12210] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  270.067559][T14955] loop5: detected capacity change from 0 to 1024
[  270.074302][T14955] EXT4-fs: inline encryption not supported
[  270.080300][T14955] EXT4-fs: Ignoring removed i_version option
[  270.086796][T14955] ext4: Bad value for 'barrier'
[  270.097429][T14955] loop5: detected capacity change from 0 to 512
[  270.104435][T14955] EXT4-fs (loop5): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[  270.213422][T14959] 9pnet: Could not find request transport: fd<r=
[  270.280611][T14964] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3718'.
[  270.363283][T14970] 9pnet: Could not find request transport: fd<r=
[  270.750236][T14979] pim6reg1: entered promiscuous mode
[  270.755591][T14979] pim6reg1: entered allmulticast mode
[  270.785594][   T29] kauditd_printk_skb: 321 callbacks suppressed
[  270.785627][   T29] audit: type=1400 audit(1760574843.127:51983): avc:  denied  { create } for  pid=14983 comm="syz.0.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  270.824373][   T29] audit: type=1400 audit(1760574843.167:51984): avc:  denied  { write } for  pid=14983 comm="syz.0.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  270.844766][   T29] audit: type=1400 audit(1760574843.167:51985): avc:  denied  { nlmsg_write } for  pid=14983 comm="syz.0.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  270.957593][T14987] netlink: 'syz.6.3726': attribute type 6 has an invalid length.
[  270.977492][T14989] netlink: 'syz.2.3727': attribute type 6 has an invalid length.
[  270.990850][T14987] loop9: detected capacity change from 0 to 7
[  271.007414][T14989] Buffer I/O error on dev loop9, logical block 0, async page read
[  271.025554][T14989] Buffer I/O error on dev loop9, logical block 0, async page read
[  271.033485][T14989]  loop9: unable to read partition table
[  271.051854][T14987] Buffer I/O error on dev loop9, logical block 0, async page read
[  271.065394][T14987] Buffer I/O error on dev loop9, logical block 0, async page read
[  271.073325][T14987]  loop9: unable to read partition table
[  271.088355][T14987] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  271.088355][T14987] 
) failed (rc=-5)
[  271.193126][T15003] netlink: 'syz.6.3734': attribute type 6 has an invalid length.
[  271.202476][   T29] audit: type=1326 audit(1760574843.547:51986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.226615][   T29] audit: type=1326 audit(1760574843.547:51987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.281899][   T29] audit: type=1326 audit(1760574843.617:51988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.305614][   T29] audit: type=1326 audit(1760574843.617:51989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.329322][   T29] audit: type=1326 audit(1760574843.617:51990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.352990][   T29] audit: type=1326 audit(1760574843.617:51991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.376767][   T29] audit: type=1326 audit(1760574843.617:51992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15004 comm="syz.5.3735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  271.427266][T15005] loop5: detected capacity change from 0 to 512
[  271.442114][T15011] 9pnet: Could not find request transport: fd<r=
[  271.555246][T15019] SELinux: failed to load policy
[  271.629009][T15005] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.3735: error while reading EA inode 32 err=-116
[  271.655639][T15005] EXT4-fs (loop5): 1 orphan inode deleted
[  271.670512][T15005] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  271.700625][T15005] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.840064][T14997] SELinux: ebitmap: truncated map
[  271.850288][T14997] SELinux: failed to load policy
[  271.965834][T15037] __nla_validate_parse: 2 callbacks suppressed
[  271.965851][T15037] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3745'.
[  272.044123][T15045] hub 9-0:1.0: USB hub found
[  272.051709][T15045] hub 9-0:1.0: 8 ports detected
[  272.110746][T15054] netlink: 'syz.3.3753': attribute type 6 has an invalid length.
[  272.160640][T15058] loop5: detected capacity change from 0 to 1024
[  272.181637][T15058] EXT4-fs (loop5): filesystem is read-only
[  272.198716][T15058] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  272.218628][T15058] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  272.236360][T15066] FAULT_INJECTION: forcing a failure.
[  272.236360][T15066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.238295][T15058] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.3754: inode #1: comm syz.5.3754: iget: illegal inode #
[  272.249534][T15066] CPU: 1 UID: 0 PID: 15066 Comm: syz.6.3759 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  272.249635][T15066] Tainted: [W]=WARN
[  272.249645][T15066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  272.249662][T15066] Call Trace:
[  272.249736][T15066]  <TASK>
[  272.249746][T15066]  __dump_stack+0x1d/0x30
[  272.249798][T15066]  dump_stack_lvl+0xe8/0x140
[  272.249827][T15066]  dump_stack+0x15/0x1b
[  272.249847][T15066]  should_fail_ex+0x265/0x280
[  272.249905][T15066]  should_fail+0xb/0x20
[  272.250006][T15066]  should_fail_usercopy+0x1a/0x20
[  272.250085][T15066]  strncpy_from_user+0x25/0x230
[  272.250130][T15066]  strncpy_from_user_nofault+0x68/0xf0
[  272.250218][T15066]  bpf_probe_read_user_str+0x2a/0x70
[  272.250280][T15066]  bpf_prog_d933f32c224d87b2+0x3e/0x44
[  272.250309][T15066]  bpf_trace_run3+0x10f/0x1d0
[  272.250349][T15066]  ? __alloc_skb+0x299/0x320
[  272.250386][T15066]  ? __alloc_skb+0x299/0x320
[  272.250418][T15066]  __traceiter_kmem_cache_free+0x38/0x60
[  272.250458][T15066]  ? __alloc_skb+0x299/0x320
[  272.250556][T15066]  kmem_cache_free+0x329/0x3d0
[  272.250690][T15066]  ? kmalloc_reserve+0x16e/0x190
[  272.250726][T15066]  __alloc_skb+0x299/0x320
[  272.250761][T15066]  virtual_ncidev_write+0x3b/0x1a0
[  272.250844][T15066]  ? __pfx_virtual_ncidev_write+0x10/0x10
[  272.250882][T15066]  vfs_write+0x269/0x960
[  272.250914][T15066]  ? __rcu_read_unlock+0x4f/0x70
[  272.250949][T15066]  ? __fget_files+0x184/0x1c0
[  272.250999][T15066]  ksys_write+0xda/0x1a0
[  272.251035][T15066]  __x64_sys_write+0x40/0x50
[  272.251099][T15066]  x64_sys_call+0x2802/0x3000
[  272.251130][T15066]  do_syscall_64+0xd2/0x200
[  272.251163][T15066]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  272.251268][T15066]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  272.251373][T15066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.251405][T15066] RIP: 0033:0x7f3d458feec9
[  272.251441][T15066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.251473][T15066] RSP: 002b:00007f3d4435f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  272.251500][T15066] RAX: ffffffffffffffda RBX: 00007f3d45b55fa0 RCX: 00007f3d458feec9
[  272.251518][T15066] RDX: 00000000fffffeea RSI: 0000000000000000 RDI: 0000000000000005
[  272.251535][T15066] RBP: 00007f3d4435f090 R08: 0000000000000000 R09: 0000000000000000
[  272.251553][T15066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.251647][T15066] R13: 00007f3d45b56038 R14: 00007f3d45b55fa0 R15: 00007fffee17b0d8
[  272.251740][T15066]  </TASK>
[  272.269509][T15072] 9pnet: Could not find request transport: fd<r=
[  272.315732][T15058] EXT4-fs (loop5): no journal found
[  272.530287][T15058] EXT4-fs (loop5): can't get journal size
[  272.546397][T15058] EXT4-fs (loop5): failed to initialize system zone (-22)
[  272.569474][T15058] EXT4-fs (loop5): mount failed
[  272.583450][T15058] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3754'.
[  272.732025][T15096] loop5: detected capacity change from 0 to 512
[  272.741201][T15096] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.3764: error while reading EA inode 32 err=-116
[  272.754240][T15096] EXT4-fs (loop5): 1 orphan inode deleted
[  272.760744][T15096] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.774348][T15096] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.933264][T15115] 9pnet: Unknown protocol version 9p20\++}
[  273.008615][T15119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3774'.
[  273.849297][T15143] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3784'.
[  273.904841][T15145] IPv6: Can't replace route, no match found
[  274.123818][T15148] SELinux: ebitmap: truncated map
[  274.167727][T15148] SELinux: failed to load policy
[  274.337721][T15165] loop5: detected capacity change from 0 to 2048
[  274.380693][T15165] Alternate GPT is invalid, using primary GPT.
[  274.387062][T15165]  loop5: p1 p2 p3
[  274.579457][T15172] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3795'.
[  274.662916][T15175] loop9: detected capacity change from 0 to 7
[  274.669303][T15175] Buffer I/O error on dev loop9, logical block 0, async page read
[  274.677655][T15175] Buffer I/O error on dev loop9, logical block 0, async page read
[  274.685607][T15175]  loop9: unable to read partition table
[  274.691600][T15175] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  274.691600][T15175] 
) failed (rc=-5)
[  275.167806][T15178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3798'.
[  275.200197][T15178] hsr_slave_0: left promiscuous mode
[  275.222421][T15178] hsr_slave_1: left promiscuous mode
[  275.373197][T15196] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3806'.
[  275.733384][T15220] hub 9-0:1.0: USB hub found
[  275.743228][T15220] hub 9-0:1.0: 8 ports detected
[  275.796808][   T29] kauditd_printk_skb: 590 callbacks suppressed
[  275.796828][   T29] audit: type=1326 audit(1760574848.137:52583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15211 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  275.826813][   T29] audit: type=1326 audit(1760574848.137:52584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15211 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  275.950945][T15231] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  275.968038][T15229] netlink: 'syz.6.3818': attribute type 6 has an invalid length.
[  275.978225][T15227] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3817'.
[  275.988189][T15231] SELinux: failed to load policy
[  276.044432][   T29] audit: type=1326 audit(1760574848.387:52585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.068186][   T29] audit: type=1326 audit(1760574848.387:52586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.099951][   T29] audit: type=1326 audit(1760574848.437:52587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.123595][   T29] audit: type=1326 audit(1760574848.437:52588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.147554][   T29] audit: type=1326 audit(1760574848.437:52589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.171474][   T29] audit: type=1326 audit(1760574848.437:52590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.195369][   T29] audit: type=1326 audit(1760574848.437:52591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.219060][   T29] audit: type=1326 audit(1760574848.437:52592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15238 comm="syz.6.3822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  276.281906][T15237] sit0: left promiscuous mode
[  276.286740][T15237] sit0: left allmulticast mode
[  276.382970][T15256] 9pnet: Could not find request transport: fd<r=
[  276.391700][T15237] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.399055][T15237] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.490686][T15237] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  276.510484][T15237] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.568220][T15267] netlink: 'syz.0.3828': attribute type 6 has an invalid length.
[  276.578887][ T6919] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.589693][T15269] loop9: detected capacity change from 0 to 7
[  276.603680][T15269] Buffer I/O error on dev loop9, logical block 0, async page read
[  276.611678][ T6919] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.631083][T15269] Buffer I/O error on dev loop9, logical block 0, async page read
[  276.639020][T15269]  loop9: unable to read partition table
[  276.645073][ T6919] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.654131][T15275] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3831'.
[  276.659685][T15269] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  276.659685][T15269] 
) failed (rc=-5)
[  276.663337][ T6884] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.697919][T15272] loop5: detected capacity change from 0 to 1024
[  276.714353][T15272] EXT4-fs (loop5): filesystem is read-only
[  276.734782][T15272] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  276.765125][T15272] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  276.783247][T15272] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.3830: inode #1: comm syz.5.3830: iget: illegal inode #
[  276.796787][T15272] EXT4-fs (loop5): no journal found
[  276.802189][T15272] EXT4-fs (loop5): can't get journal size
[  276.809422][T15272] EXT4-fs (loop5): failed to initialize system zone (-22)
[  276.816664][T15272] EXT4-fs (loop5): mount failed
[  276.834579][T15272] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3830'.
[  276.854611][ T2965] kernel write not supported for file /597/oom_adj (pid: 2965 comm: kworker/1:2)
[  276.882316][T15298] blktrace: Concurrent blktraces are not allowed on loop5
[  276.911150][T15307] batman_adv: batadv0: adding TT local entry 06:e1:05:00:07:00 to non-existent VLAN 768
[  276.933156][T15309] 9pnet: Could not find request transport: fd<r=
[  276.974002][T15314] loop5: detected capacity change from 0 to 2048
[  277.011354][T15314] EXT4-fs (loop5): failed to initialize system zone (-117)
[  277.028800][T15314] EXT4-fs (loop5): mount failed
[  277.349178][T15331] batman_adv: batadv0: adding TT local entry 06:e1:05:00:07:00 to non-existent VLAN 768
[  277.551891][T15345] __nla_validate_parse: 1 callbacks suppressed
[  277.551911][T15345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3851'.
[  277.600925][T15350] FAULT_INJECTION: forcing a failure.
[  277.600925][T15350] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.614331][T15350] CPU: 1 UID: 0 PID: 15350 Comm: syz.2.3853 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  277.614374][T15350] Tainted: [W]=WARN
[  277.614426][T15350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  277.614442][T15350] Call Trace:
[  277.614448][T15350]  <TASK>
[  277.614457][T15350]  __dump_stack+0x1d/0x30
[  277.614485][T15350]  dump_stack_lvl+0xe8/0x140
[  277.614550][T15350]  dump_stack+0x15/0x1b
[  277.614568][T15350]  should_fail_ex+0x265/0x280
[  277.614608][T15350]  should_fail+0xb/0x20
[  277.614680][T15350]  should_fail_usercopy+0x1a/0x20
[  277.614707][T15350]  _copy_from_user+0x1c/0xb0
[  277.614740][T15350]  __copy_msghdr+0x244/0x300
[  277.614823][T15350]  ___sys_sendmsg+0x109/0x1d0
[  277.614921][T15350]  __x64_sys_sendmsg+0xd4/0x160
[  277.614967][T15350]  x64_sys_call+0x191e/0x3000
[  277.615008][T15350]  do_syscall_64+0xd2/0x200
[  277.615098][T15350]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  277.615131][T15350]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  277.615162][T15350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.615219][T15350] RIP: 0033:0x7ff5d1dceec9
[  277.615238][T15350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.615351][T15350] RSP: 002b:00007ff5d0837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.615377][T15350] RAX: ffffffffffffffda RBX: 00007ff5d2025fa0 RCX: 00007ff5d1dceec9
[  277.615438][T15350] RDX: 0000000020000800 RSI: 0000200000000200 RDI: 0000000000000006
[  277.615520][T15350] RBP: 00007ff5d0837090 R08: 0000000000000000 R09: 0000000000000000
[  277.615537][T15350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.615552][T15350] R13: 00007ff5d2026038 R14: 00007ff5d2025fa0 R15: 00007ffc7c130ce8
[  277.615615][T15350]  </TASK>
[  277.893346][T15363] 9pnet: Could not find request transport: fd<r=
[  278.147156][T15375] 9pnet: Could not find request transport: fd<r=
[  278.165831][ T4018] kernel write not supported for file /611/oom_adj (pid: 4018 comm: kworker/0:5)
[  278.182881][T15379] blktrace: Concurrent blktraces are not allowed on loop5
[  278.454702][T15399] netlink: 'syz.0.3869': attribute type 6 has an invalid length.
[  278.519149][T15378] SELinux: ebitmap: truncated map
[  278.562494][T15378] SELinux: failed to load policy
[  278.566130][T15404] 9pnet: Could not find request transport: fd<r=
[  278.752966][T15407] lo speed is unknown, defaulting to 1000
[  278.806498][T15412] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  278.995668][ T1037] kernel write not supported for file /624/oom_adj (pid: 1037 comm: kworker/0:2)
[  279.013363][T15420] blktrace: Concurrent blktraces are not allowed on loop5
[  279.747295][T15440] SELinux: ebitmap: truncated map
[  279.762148][T15440] SELinux: failed to load policy
[  279.830290][T15444] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  279.892296][ T4018] kernel write not supported for file /639/oom_adj (pid: 4018 comm: kworker/0:5)
[  279.906705][T15446] 9pnet: Could not find request transport: fd<r=
[  279.921711][T15448] blktrace: Concurrent blktraces are not allowed on loop5
[  280.120253][T15456] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  280.139802][T15456] SELinux: failed to load policy
[  280.330477][T15464] vhci_hcd: invalid port number 255
[  280.827371][T15476] loop5: detected capacity change from 0 to 512
[  280.871848][T15476] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.899776][T15476] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.922179][   T29] kauditd_printk_skb: 231 callbacks suppressed
[  280.922197][   T29] audit: type=1400 audit(1760574853.267:52822): avc:  denied  { add_name } for  pid=15475 comm="syz.5.3895" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  280.949160][   T29] audit: type=1400 audit(1760574853.267:52823): avc:  denied  { create } for  pid=15475 comm="syz.5.3895" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  281.020020][T15476] SELinux:  policydb string length 16777224 does not match expected length 8
[  281.042841][T15476] SELinux: failed to load policy
[  281.084488][   T29] audit: type=1400 audit(1760574853.337:52824): avc:  denied  { write open } for  pid=15475 comm="syz.5.3895" path="/143/file1/bus" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  281.107827][   T29] audit: type=1400 audit(1760574853.337:52825): avc:  denied  { read write } for  pid=15475 comm="syz.5.3895" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  281.130702][   T29] audit: type=1400 audit(1760574853.337:52826): avc:  denied  { open } for  pid=15475 comm="syz.5.3895" path="/143/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  281.154063][   T29] audit: type=1400 audit(1760574853.357:52827): avc:  denied  { ioctl } for  pid=15475 comm="syz.5.3895" path="/143/file1/file1" dev="loop5" ino=15 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  281.179179][   T29] audit: type=1400 audit(1760574853.407:52828): avc:  denied  { write } for  pid=15475 comm="syz.5.3895" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  281.207538][   T29] audit: type=1326 audit(1760574853.527:52829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15485 comm="syz.6.3899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  281.231676][   T29] audit: type=1326 audit(1760574853.527:52830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15485 comm="syz.6.3899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  281.255389][   T29] audit: type=1326 audit(1760574853.527:52831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15485 comm="syz.6.3899" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  281.345517][T13561] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.410282][T15507] veth0: entered promiscuous mode
[  281.420843][T15509] pim6reg1: entered promiscuous mode
[  281.426457][T15509] pim6reg1: entered allmulticast mode
[  281.433290][T15507] veth0: left promiscuous mode
[  281.439540][T15509] netlink: 'syz.2.3907': attribute type 10 has an invalid length.
[  281.447750][T15509] ipvlan0: entered allmulticast mode
[  281.453128][T15509] veth0_vlan: entered allmulticast mode
[  281.459779][T15509] team0: Device ipvlan0 failed to register rx_handler
[  281.486307][T15511] netlink: 'syz.5.3908': attribute type 1 has an invalid length.
[  281.635748][T15527] 9pnet: Could not find request transport: fd<r=
[  281.696128][ T2965] kernel write not supported for file /662/oom_adj (pid: 2965 comm: kworker/1:2)
[  281.706064][T15533] blktrace: Concurrent blktraces are not allowed on loop5
[  281.736358][T15535] loop9: detected capacity change from 0 to 7
[  281.742758][T15535] Buffer I/O error on dev loop9, logical block 0, async page read
[  281.751016][T15535] Buffer I/O error on dev loop9, logical block 0, async page read
[  281.758871][T15535]  loop9: unable to read partition table
[  281.771310][T15535] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  281.771310][T15535] 
) failed (rc=-5)
[  281.842199][T15536] lo speed is unknown, defaulting to 1000
[  281.904858][T15542] 9pnet: Could not find request transport: fd<r=
[  282.487816][T15558] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  282.564369][T15553] netlink: 22 bytes leftover after parsing attributes in process `syz.6.3919'.
[  282.578867][T15563] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3923'.
[  282.859002][T15579] hub 9-0:1.0: USB hub found
[  282.869093][T15579] hub 9-0:1.0: 8 ports detected
[  283.048394][T15585] syz0: rxe_newlink: already configured on bond_slave_0
[  283.106474][T15590] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3936'.
[  283.156414][T15597] netlink: 'syz.3.3938': attribute type 1 has an invalid length.
[  283.164427][T15597] netlink: 5452 bytes leftover after parsing attributes in process `syz.3.3938'.
[  283.176723][T15596] SELinux:  Context � is not valid (left unmapped).
[  283.196201][T15596] netlink: 'syz.0.3939': attribute type 1 has an invalid length.
[  283.204012][T15596] netlink: 5452 bytes leftover after parsing attributes in process `syz.0.3939'.
[  283.219021][T15601] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3941'.
[  283.297514][T15605] lo speed is unknown, defaulting to 1000
[  283.306247][T15608] syz_tun: entered allmulticast mode
[  283.327368][T15607] 9pnet: Could not find request transport: fd<r=
[  283.346260][T15608] dvmrp1: entered allmulticast mode
[  283.436701][T15604] syz_tun: left allmulticast mode
[  283.505889][T15615] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  283.664713][T15620] 9pnet: Could not find request transport: fd<r=
[  283.797784][T15630] FAULT_INJECTION: forcing a failure.
[  283.797784][T15630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.811089][T15630] CPU: 0 UID: 0 PID: 15630 Comm: syz.3.3952 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  283.811169][T15630] Tainted: [W]=WARN
[  283.811176][T15630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  283.811234][T15630] Call Trace:
[  283.811243][T15630]  <TASK>
[  283.811254][T15630]  __dump_stack+0x1d/0x30
[  283.811280][T15630]  dump_stack_lvl+0xe8/0x140
[  283.811304][T15630]  dump_stack+0x15/0x1b
[  283.811321][T15630]  should_fail_ex+0x265/0x280
[  283.811395][T15630]  should_fail+0xb/0x20
[  283.811451][T15630]  should_fail_usercopy+0x1a/0x20
[  283.811471][T15630]  _copy_to_user+0x20/0xa0
[  283.811500][T15630]  simple_read_from_buffer+0xb5/0x130
[  283.811530][T15630]  proc_fail_nth_read+0x10e/0x150
[  283.811597][T15630]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  283.811644][T15630]  vfs_read+0x1a8/0x770
[  283.811677][T15630]  ? __rcu_read_unlock+0x4f/0x70
[  283.811789][T15630]  ? __fget_files+0x184/0x1c0
[  283.811877][T15630]  ksys_read+0xda/0x1a0
[  283.811903][T15630]  __x64_sys_read+0x40/0x50
[  283.812008][T15630]  x64_sys_call+0x27c0/0x3000
[  283.812030][T15630]  do_syscall_64+0xd2/0x200
[  283.812056][T15630]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  283.812195][T15630]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  283.812218][T15630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.812240][T15630] RIP: 0033:0x7f3ae9d7d8dc
[  283.812260][T15630] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  283.812326][T15630] RSP: 002b:00007f3ae87e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  283.812346][T15630] RAX: ffffffffffffffda RBX: 00007f3ae9fd5fa0 RCX: 00007f3ae9d7d8dc
[  283.812363][T15630] RDX: 000000000000000f RSI: 00007f3ae87e70a0 RDI: 0000000000000008
[  283.812379][T15630] RBP: 00007f3ae87e7090 R08: 0000000000000000 R09: 0000000000000000
[  283.812442][T15630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.812454][T15630] R13: 00007f3ae9fd6038 R14: 00007f3ae9fd5fa0 R15: 00007ffcd1ab4468
[  283.812532][T15630]  </TASK>
[  284.091456][T15635] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3954'.
[  284.144450][ T3406] kernel write not supported for file /693/oom_adj (pid: 3406 comm: kworker/1:4)
[  284.154827][T15638] blktrace: Concurrent blktraces are not allowed on loop5
[  284.212356][T15643] FAULT_INJECTION: forcing a failure.
[  284.212356][T15643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.225497][T15643] CPU: 0 UID: 0 PID: 15643 Comm: syz.2.3957 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  284.225539][T15643] Tainted: [W]=WARN
[  284.225547][T15643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  284.225708][T15643] Call Trace:
[  284.225737][T15643]  <TASK>
[  284.225746][T15643]  __dump_stack+0x1d/0x30
[  284.225769][T15643]  dump_stack_lvl+0xe8/0x140
[  284.225826][T15643]  dump_stack+0x15/0x1b
[  284.225843][T15643]  should_fail_ex+0x265/0x280
[  284.225886][T15643]  should_fail+0xb/0x20
[  284.225953][T15643]  should_fail_usercopy+0x1a/0x20
[  284.225975][T15643]  _copy_from_user+0x1c/0xb0
[  284.226002][T15643]  sock_do_ioctl+0xe6/0x220
[  284.226106][T15643]  sock_ioctl+0x41b/0x610
[  284.226173][T15643]  ? __pfx_sock_ioctl+0x10/0x10
[  284.226277][T15643]  __se_sys_ioctl+0xce/0x140
[  284.226298][T15643]  __x64_sys_ioctl+0x43/0x50
[  284.226318][T15643]  x64_sys_call+0x1816/0x3000
[  284.226381][T15643]  do_syscall_64+0xd2/0x200
[  284.226407][T15643]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  284.226436][T15643]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  284.226498][T15643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.226522][T15643] RIP: 0033:0x7ff5d1dceec9
[  284.226574][T15643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.226594][T15643] RSP: 002b:00007ff5d0837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  284.226616][T15643] RAX: ffffffffffffffda RBX: 00007ff5d2025fa0 RCX: 00007ff5d1dceec9
[  284.226696][T15643] RDX: 0000200000000100 RSI: 0000000000008943 RDI: 0000000000000005
[  284.226710][T15643] RBP: 00007ff5d0837090 R08: 0000000000000000 R09: 0000000000000000
[  284.226723][T15643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.226735][T15643] R13: 00007ff5d2026038 R14: 00007ff5d2025fa0 R15: 00007ffc7c130ce8
[  284.226757][T15643]  </TASK>
[  284.231224][T15644] 9pnet: Unknown protocol version 9p20\++}
[  284.849620][T15664] 9pnet: Could not find request transport: fd<r=
[  285.749875][T15668] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3966'.
[  285.784025][ T1037] kernel write not supported for file /400/oom_adj (pid: 1037 comm: kworker/0:2)
[  285.800087][T15670] blktrace: Concurrent blktraces are not allowed on loop1
[  286.010852][T15677] 9pnet: Could not find request transport: fd<r=
[  286.199653][T15681] netlink: 'syz.5.3969': attribute type 3 has an invalid length.
[  286.207539][T15681] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3969'.
[  286.248108][T15681] netlink: 'syz.5.3969': attribute type 1 has an invalid length.
[  286.309766][   T29] kauditd_printk_skb: 192 callbacks suppressed
[  286.309786][   T29] audit: type=1400 audit(1760574858.647:53024): avc:  denied  { read } for  pid=15683 comm="syz.5.3970" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  286.339325][   T29] audit: type=1400 audit(1760574858.647:53025): avc:  denied  { open } for  pid=15683 comm="syz.5.3970" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  286.490021][T15686] hub 9-0:1.0: USB hub found
[  286.494894][T15686] hub 9-0:1.0: 8 ports detected
[  286.668228][   T29] audit: type=1400 audit(1760574858.997:53026): avc:  denied  { map } for  pid=15683 comm="syz.5.3970" path="socket:[46742]" dev="sockfs" ino=46742 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  286.785075][T15698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3974'.
[  286.899129][   T29] audit: type=1326 audit(1760574859.237:53027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  286.941100][   T29] audit: type=1326 audit(1760574859.267:53028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  286.964911][   T29] audit: type=1326 audit(1760574859.267:53029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  286.988506][   T29] audit: type=1326 audit(1760574859.267:53030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  287.012109][   T29] audit: type=1326 audit(1760574859.267:53031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  287.035888][   T29] audit: type=1326 audit(1760574859.267:53032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  287.059563][   T29] audit: type=1326 audit(1760574859.267:53033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15699 comm="syz.0.3976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1d370eec9 code=0x7ffc0000
[  287.220224][T15715] netlink: 'syz.3.3983': attribute type 1 has an invalid length.
[  287.264149][ T2965] kernel write not supported for file /506/oom_adj (pid: 2965 comm: kworker/1:2)
[  287.293286][T15721] tipc: Started in network mode
[  287.298200][T15721] tipc: Node identity 8a7e57cfa83b, cluster identity 4711
[  287.305652][T15721] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.342041][T15721] tipc: Disabling bearer <eth:syzkaller0>
[  287.452314][T15721] netlink: 'syz.0.3986': attribute type 30 has an invalid length.
[  287.671140][T15741] netlink: 'syz.0.3993': attribute type 6 has an invalid length.
[  287.707025][T15746] 9pnet: Unknown protocol version 9p20\++}
[  287.822158][T15752] __nla_validate_parse: 2 callbacks suppressed
[  287.822181][T15752] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3990'.
[  288.637566][T15766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4000'.
[  289.111172][T15782] netlink: 'syz.0.4005': attribute type 3 has an invalid length.
[  289.578161][T15793] loop5: detected capacity change from 0 to 512
[  289.591054][T15795] netlink: 'syz.6.4011': attribute type 6 has an invalid length.
[  289.764655][T15793] EXT4-fs (loop5): 1 orphan inode deleted
[  289.794259][T15793] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  290.122485][T15805] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4010'.
[  290.190098][T15805] bridge_slave_1: left allmulticast mode
[  290.195831][T15805] bridge_slave_1: left promiscuous mode
[  290.201653][T15805] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.273335][T15805] bridge_slave_0: left allmulticast mode
[  290.279052][T15805] bridge_slave_0: left promiscuous mode
[  290.285037][T15805] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.598542][T13561] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.624972][T15810] SELinux: ebitmap: truncated map
[  290.651182][T15810] SELinux: failed to load policy
[  290.672403][T15817] loop5: detected capacity change from 0 to 1024
[  290.692273][T15817] EXT4-fs (loop5): filesystem is read-only
[  290.723054][T15817] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  290.735991][ T3397] kernel write not supported for file /181/oom_adj (pid: 3397 comm: kworker/1:3)
[  290.745298][T15817] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  290.769817][T15817] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4016: inode #1: comm syz.5.4016: iget: illegal inode #
[  290.784408][T15817] EXT4-fs (loop5): no journal found
[  290.789785][T15817] EXT4-fs (loop5): can't get journal size
[  290.796773][T15817] EXT4-fs (loop5): failed to initialize system zone (-22)
[  290.806401][T15817] EXT4-fs (loop5): mount failed
[  290.815908][T15817] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4016'.
[  290.852223][T15827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4020'.
[  290.893884][T15829] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4022'.
[  290.969288][T15811] SELinux: ebitmap: truncated map
[  291.004173][T15811] SELinux: failed to load policy
[  291.021132][T15845] 9pnet: Could not find request transport: fd<r=
[  291.044299][T15847] 9pnet: Could not find request transport: fd<r=
[  291.150378][T15852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  291.158931][T15852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  291.357489][T15854] loop5: detected capacity change from 0 to 1024
[  291.364780][T15854] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  291.375392][T15854] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  291.383745][T15854] EXT4-fs (loop5): failed to initialize system zone (-117)
[  291.392533][T15854] EXT4-fs (loop5): mount failed
[  291.425869][   T29] kauditd_printk_skb: 252 callbacks suppressed
[  291.425889][   T29] audit: type=1326 audit(1760574863.767:53286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.456184][   T29] audit: type=1326 audit(1760574863.767:53287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.479870][   T29] audit: type=1326 audit(1760574863.767:53288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.503464][   T29] audit: type=1326 audit(1760574863.767:53289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.527059][   T29] audit: type=1326 audit(1760574863.767:53290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.550734][   T29] audit: type=1326 audit(1760574863.767:53291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.560282][T15863] 9pnet: Unknown protocol version 9p20\++}
[  291.574431][   T29] audit: type=1326 audit(1760574863.767:53292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.604476][   T29] audit: type=1326 audit(1760574863.767:53293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.628454][   T29] audit: type=1326 audit(1760574863.767:53294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.652044][   T29] audit: type=1326 audit(1760574863.767:53295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15853 comm="syz.5.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1f9dfeec9 code=0x7ffc0000
[  291.743056][ T2965] kernel write not supported for file /730/oom_adj (pid: 2965 comm: kworker/1:2)
[  291.753334][T15870] blktrace: Concurrent blktraces are not allowed on loop5
[  291.887829][T15880] 9pnet: Could not find request transport: fd<r=
[  292.277852][T15886] loop5: detected capacity change from 0 to 1024
[  292.289371][T15886] EXT4-fs (loop5): filesystem is read-only
[  292.325145][T15886] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  292.339227][T15886] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  292.360083][T15886] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4037: inode #1: comm syz.5.4037: iget: illegal inode #
[  292.373572][T15886] EXT4-fs (loop5): no journal found
[  292.378813][T15886] EXT4-fs (loop5): can't get journal size
[  292.406140][T15886] EXT4-fs (loop5): failed to initialize system zone (-22)
[  292.413706][T15886] EXT4-fs (loop5): mount failed
[  292.451751][T15893] loop5: detected capacity change from 0 to 1024
[  292.461175][T15893] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  292.472137][T15893] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  292.481563][T15893] EXT4-fs (loop5): failed to initialize system zone (-117)
[  292.488857][T15893] EXT4-fs (loop5): mount failed
[  292.641904][T15900] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4041'.
[  292.788410][   T36] kernel write not supported for file /422/oom_adj (pid: 36 comm: kworker/1:1)
[  292.798222][T15916] blktrace: Concurrent blktraces are not allowed on loop11
[  292.992387][T15929] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  293.026441][T15933] loop5: detected capacity change from 0 to 512
[  293.043259][T15933] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.057366][T15933] ext4 filesystem being mounted at /171/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.156032][T13561] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.333059][ T2965] kernel write not supported for file /459/oom_adj (pid: 2965 comm: kworker/1:2)
[  293.356593][T15946] blktrace: Concurrent blktraces are not allowed on loop1
[  293.457250][T15954] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4062'.
[  293.554090][T15957] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  293.575092][T15960] netlink: 'syz.5.4065': attribute type 3 has an invalid length.
[  293.609063][T15962] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4066'.
[  293.711218][T15971] loop5: detected capacity change from 0 to 128
[  293.722489][T15966] 9pnet: Could not find request transport: fd<r=
[  294.003900][T15980] netlink: 'syz.3.4074': attribute type 6 has an invalid length.
[  294.040629][T15980] loop9: detected capacity change from 0 to 7
[  294.055036][T15980] Buffer I/O error on dev loop9, logical block 0, async page read
[  294.071820][T15982] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4075'.
[  294.073258][T15980] Buffer I/O error on dev loop9, logical block 0, async page read
[  294.088732][T15980]  loop9: unable to read partition table
[  294.131504][T15980] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  294.131504][T15980] 
) failed (rc=-5)
[  294.266201][T15988] netlink: 'syz.2.4078': attribute type 6 has an invalid length.
[  294.316585][T15988] loop9: detected capacity change from 0 to 7
[  294.339915][T15988] Buffer I/O error on dev loop9, logical block 0, async page read
[  294.382235][T15988] Buffer I/O error on dev loop9, logical block 0, async page read
[  294.390141][T15988]  loop9: unable to read partition table
[  294.405371][T15988] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  294.405371][T15988] 
) failed (rc=-5)
[  294.501138][T15993] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4080'.
[  294.827925][T16018] loop5: detected capacity change from 0 to 1024
[  294.832057][T16014] SELinux: ebitmap: truncated map
[  294.849964][T16018] EXT4-fs (loop5): filesystem is read-only
[  294.856075][T16018] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  294.858418][T16014] SELinux: failed to load policy
[  294.872673][T16018] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  294.883587][T16018] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4091: inode #1: comm syz.5.4091: iget: illegal inode #
[  294.897109][T16018] EXT4-fs (loop5): no journal found
[  294.902443][T16018] EXT4-fs (loop5): can't get journal size
[  294.910000][T16018] EXT4-fs (loop5): failed to initialize system zone (-22)
[  294.917173][T16018] EXT4-fs (loop5): mount failed
[  294.927091][T16018] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4091'.
[  294.979093][T16029] netlink: 'syz.0.4094': attribute type 6 has an invalid length.
[  295.008635][T16026] 9pnet: Could not find request transport: fd<r=
[  295.037271][T16032] 9pnet: Could not find request transport: fd<r=
[  295.184805][T16043] hub 9-0:1.0: USB hub found
[  295.194956][T16043] hub 9-0:1.0: 8 ports detected
[  295.555910][T16054] FAULT_INJECTION: forcing a failure.
[  295.555910][T16054] name failslab, interval 1, probability 0, space 0, times 0
[  295.568598][T16054] CPU: 1 UID: 0 PID: 16054 Comm: syz.5.4104 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  295.568670][T16054] Tainted: [W]=WARN
[  295.568680][T16054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  295.568703][T16054] Call Trace:
[  295.568712][T16054]  <TASK>
[  295.568723][T16054]  __dump_stack+0x1d/0x30
[  295.568750][T16054]  dump_stack_lvl+0xe8/0x140
[  295.568780][T16054]  dump_stack+0x15/0x1b
[  295.568800][T16054]  should_fail_ex+0x265/0x280
[  295.568836][T16054]  should_failslab+0x8c/0xb0
[  295.568921][T16054]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  295.569031][T16054]  ? __alloc_skb+0x101/0x320
[  295.569070][T16054]  __alloc_skb+0x101/0x320
[  295.569104][T16054]  _sctp_make_chunk+0x59/0x210
[  295.569142][T16054]  sctp_make_abort_user+0x4c/0x3a0
[  295.569201][T16054]  sctp_close+0x19a/0x550
[  295.569229][T16054]  ? __rcu_read_unlock+0x4f/0x70
[  295.569263][T16054]  ? ip_mc_drop_socket+0x1b6/0x1e0
[  295.569333][T16054]  inet_release+0xce/0xf0
[  295.569375][T16054]  inet6_release+0x3e/0x60
[  295.569443][T16054]  sock_close+0x6b/0x150
[  295.569513][T16054]  ? __pfx_sock_close+0x10/0x10
[  295.569556][T16054]  __fput+0x29b/0x650
[  295.569669][T16054]  ____fput+0x1c/0x30
[  295.569717][T16054]  task_work_run+0x131/0x1a0
[  295.569900][T16054]  exit_to_user_mode_loop+0xed/0x110
[  295.569932][T16054]  do_syscall_64+0x1d6/0x200
[  295.570002][T16054]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  295.570029][T16054]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  295.570054][T16054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.570115][T16054] RIP: 0033:0x7fe1f9dfeec9
[  295.570136][T16054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.570160][T16054] RSP: 002b:00007fe1f8867038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  295.570185][T16054] RAX: 0000000000000000 RBX: 00007fe1fa055fa0 RCX: 00007fe1f9dfeec9
[  295.570200][T16054] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005
[  295.570237][T16054] RBP: 00007fe1f8867090 R08: 0000000000000000 R09: 0000000000000000
[  295.570249][T16054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.570261][T16054] R13: 00007fe1fa056038 R14: 00007fe1fa055fa0 R15: 00007fffd1771dc8
[  295.570283][T16054]  </TASK>
[  295.606966][T16058] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4106'.
[  295.682462][T16061] netlink: 'syz.3.4107': attribute type 6 has an invalid length.
[  295.945324][T16070] netlink: 'syz.0.4110': attribute type 6 has an invalid length.
[  295.982031][T16070] loop9: detected capacity change from 0 to 7
[  295.999128][T16070] Buffer I/O error on dev loop9, logical block 0, async page read
[  296.009217][T16070] Buffer I/O error on dev loop9, logical block 0, async page read
[  296.017205][T16070]  loop9: unable to read partition table
[  296.048487][T16070] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  296.048487][T16070] 
) failed (rc=-5)
[  296.082210][T16076] 9pnet: Could not find request transport: fd<r=
[  296.254700][T16088] FAULT_INJECTION: forcing a failure.
[  296.254700][T16088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.267967][T16088] CPU: 1 UID: 0 PID: 16088 Comm: syz.0.4115 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  296.268008][T16088] Tainted: [W]=WARN
[  296.268017][T16088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  296.268031][T16088] Call Trace:
[  296.268039][T16088]  <TASK>
[  296.268049][T16088]  __dump_stack+0x1d/0x30
[  296.268075][T16088]  dump_stack_lvl+0xe8/0x140
[  296.268152][T16088]  dump_stack+0x15/0x1b
[  296.268171][T16088]  should_fail_ex+0x265/0x280
[  296.268212][T16088]  should_fail+0xb/0x20
[  296.268246][T16088]  should_fail_usercopy+0x1a/0x20
[  296.268270][T16088]  _copy_from_user+0x1c/0xb0
[  296.268358][T16088]  ___sys_sendmsg+0xc1/0x1d0
[  296.268411][T16088]  __x64_sys_sendmsg+0xd4/0x160
[  296.268450][T16088]  x64_sys_call+0x191e/0x3000
[  296.268508][T16088]  do_syscall_64+0xd2/0x200
[  296.268535][T16088]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  296.268566][T16088]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  296.268591][T16088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.268615][T16088] RIP: 0033:0x7fa1d370eec9
[  296.268641][T16088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.268734][T16088] RSP: 002b:00007fa1d216f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  296.268757][T16088] RAX: ffffffffffffffda RBX: 00007fa1d3965fa0 RCX: 00007fa1d370eec9
[  296.268775][T16088] RDX: 0000000000004000 RSI: 0000200000000300 RDI: 0000000000000004
[  296.268792][T16088] RBP: 00007fa1d216f090 R08: 0000000000000000 R09: 0000000000000000
[  296.268809][T16088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.268825][T16088] R13: 00007fa1d3966038 R14: 00007fa1d3965fa0 R15: 00007fff9a86ceb8
[  296.268846][T16088]  </TASK>
[  296.500117][   T29] kauditd_printk_skb: 330 callbacks suppressed
[  296.500134][   T29] audit: type=1400 audit(1760574868.847:53626): avc:  denied  { kexec_image_load } for  pid=16090 comm="syz.0.4116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  296.541586][T16091] rdma_rxe: rxe_newlink: failed to add bond_slave_0
[  296.587122][   T29] audit: type=1400 audit(1760574868.887:53627): avc:  denied  { create } for  pid=16090 comm="syz.0.4116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  296.607608][   T29] audit: type=1400 audit(1760574868.887:53628): avc:  denied  { write } for  pid=16090 comm="syz.0.4116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  296.627972][   T29] audit: type=1400 audit(1760574868.907:53629): avc:  denied  { watch watch_reads } for  pid=16090 comm="syz.0.4116" path="/196" dev="tmpfs" ino=1031 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  296.687544][   T29] audit: type=1326 audit(1760574868.957:53630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.711186][   T29] audit: type=1326 audit(1760574868.957:53631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.735109][   T29] audit: type=1326 audit(1760574868.957:53632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.758842][   T29] audit: type=1326 audit(1760574868.957:53633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.782466][   T29] audit: type=1326 audit(1760574868.957:53634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.782582][   T29] audit: type=1326 audit(1760574868.957:53635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16094 comm="syz.2.4118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  296.831827][T16102] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4121'.
[  296.875159][ T1037] kernel write not supported for file /220/oom_adj (pid: 1037 comm: kworker/0:2)
[  296.896346][T16108] netlink: 'syz.2.4125': attribute type 3 has an invalid length.
[  296.921321][T16104] loop5: detected capacity change from 0 to 128
[  296.939438][T16104] syz.5.4122: attempt to access beyond end of device
[  296.939438][T16104] loop5: rw=2049, sector=145, nr_sectors = 3 limit=128
[  297.001260][T16112] SELinux: ebitmap: truncated map
[  297.011986][T16117] syz.5.4122: attempt to access beyond end of device
[  297.011986][T16117] loop5: rw=2049, sector=161, nr_sectors = 32 limit=128
[  297.013712][T16112] SELinux: failed to load policy
[  297.045893][T16117] syz.5.4122: attempt to access beyond end of device
[  297.045893][T16117] loop5: rw=2049, sector=201, nr_sectors = 8 limit=128
[  297.065404][T16117] syz.5.4122: attempt to access beyond end of device
[  297.065404][T16117] loop5: rw=2049, sector=217, nr_sectors = 8 limit=128
[  297.080112][T16117] syz.5.4122: attempt to access beyond end of device
[  297.080112][T16117] loop5: rw=2049, sector=233, nr_sectors = 8 limit=128
[  297.093909][T16117] syz.5.4122: attempt to access beyond end of device
[  297.093909][T16117] loop5: rw=2049, sector=249, nr_sectors = 8 limit=128
[  297.110745][T16117] syz.5.4122: attempt to access beyond end of device
[  297.110745][T16117] loop5: rw=2049, sector=265, nr_sectors = 8 limit=128
[  297.125092][T16117] syz.5.4122: attempt to access beyond end of device
[  297.125092][T16117] loop5: rw=2049, sector=281, nr_sectors = 8 limit=128
[  297.142421][T16117] syz.5.4122: attempt to access beyond end of device
[  297.142421][T16117] loop5: rw=2049, sector=297, nr_sectors = 8 limit=128
[  297.156260][T16117] syz.5.4122: attempt to access beyond end of device
[  297.156260][T16117] loop5: rw=2049, sector=313, nr_sectors = 8 limit=128
[  297.271380][T16132] hub 9-0:1.0: USB hub found
[  297.283641][T16132] hub 9-0:1.0: 8 ports detected
[  297.298123][T16133] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4135'.
[  297.393465][T16151] netlink: 'syz.3.4142': attribute type 6 has an invalid length.
[  297.569801][T16156] vlan2: entered allmulticast mode
[  297.837975][T16172] loop5: detected capacity change from 0 to 1024
[  297.860498][T16174] 9pnet: Could not find request transport: fd<r=
[  297.865663][T16172] EXT4-fs (loop5): filesystem is read-only
[  297.887943][T16172] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  297.912807][T16172] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  297.935486][T16172] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4149: inode #1: comm syz.5.4149: iget: illegal inode #
[  297.968860][T16172] EXT4-fs (loop5): no journal found
[  297.974160][T16172] EXT4-fs (loop5): can't get journal size
[  298.001388][T16172] EXT4-fs (loop5): failed to initialize system zone (-22)
[  298.015870][T16172] EXT4-fs (loop5): mount failed
[  298.030626][T16172] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4149'.
[  298.088171][T16181] hub 9-0:1.0: USB hub found
[  298.114073][T16181] hub 9-0:1.0: 8 ports detected
[  298.366096][T16205] loop5: detected capacity change from 0 to 1024
[  298.382173][T16208] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4161'.
[  298.389614][T16205] EXT4-fs (loop5): filesystem is read-only
[  298.397947][T16205] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  298.424450][T16205] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  298.465583][T16205] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4160: inode #1: comm syz.5.4160: iget: illegal inode #
[  298.498099][T16205] EXT4-fs (loop5): no journal found
[  298.503501][T16205] EXT4-fs (loop5): can't get journal size
[  298.527049][T16205] EXT4-fs (loop5): failed to initialize system zone (-22)
[  298.545966][T16220] 9pnet: Could not find request transport: fd<r=
[  298.553643][T16205] EXT4-fs (loop5): mount failed
[  298.590783][T16205] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4160'.
[  298.833609][ T4018] kernel write not supported for file /252/oom_adj (pid: 4018 comm: kworker/0:5)
[  298.844762][T16234] SELinux: failed to load policy
[  298.888645][T16234] syzkaller0: entered promiscuous mode
[  298.894257][T16234] syzkaller0: entered allmulticast mode
[  298.992934][T16247] loop5: detected capacity change from 0 to 1024
[  299.000243][T16247] EXT4-fs (loop5): filesystem is read-only
[  299.006251][T16247] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[  299.016014][T16247] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  299.026888][T16247] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.4176: inode #1: comm syz.5.4176: iget: illegal inode #
[  299.040958][T16247] EXT4-fs (loop5): no journal found
[  299.046208][T16247] EXT4-fs (loop5): can't get journal size
[  299.063138][T16247] EXT4-fs (loop5): failed to initialize system zone (-22)
[  299.081508][T16247] EXT4-fs (loop5): mount failed
[  299.097733][T16247] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4176'.
[  299.138935][T16241] FAULT_INJECTION: forcing a failure.
[  299.138935][T16241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.152216][T16241] CPU: 0 UID: 0 PID: 16241 Comm: +}[@ Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  299.152324][T16241] Tainted: [W]=WARN
[  299.152331][T16241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  299.152410][T16241] Call Trace:
[  299.152416][T16241]  <TASK>
[  299.152423][T16241]  __dump_stack+0x1d/0x30
[  299.152443][T16241]  dump_stack_lvl+0xe8/0x140
[  299.152461][T16241]  dump_stack+0x15/0x1b
[  299.152476][T16241]  should_fail_ex+0x265/0x280
[  299.152550][T16241]  should_fail+0xb/0x20
[  299.152578][T16241]  should_fail_usercopy+0x1a/0x20
[  299.152612][T16241]  _copy_from_user+0x1c/0xb0
[  299.152635][T16241]  memdup_user+0x5e/0xd0
[  299.152659][T16241]  raw_ioctl+0x81b/0x1dc0
[  299.152754][T16241]  ? ioctl_has_perm+0x257/0x2a0
[  299.152795][T16241]  ? do_vfs_ioctl+0x866/0xe10
[  299.152813][T16241]  ? selinux_file_ioctl+0x308/0x3a0
[  299.152889][T16241]  ? __fget_files+0x184/0x1c0
[  299.152915][T16241]  ? __pfx_raw_ioctl+0x10/0x10
[  299.152961][T16241]  __se_sys_ioctl+0xce/0x140
[  299.152979][T16241]  __x64_sys_ioctl+0x43/0x50
[  299.153009][T16241]  x64_sys_call+0x1816/0x3000
[  299.153029][T16241]  do_syscall_64+0xd2/0x200
[  299.153051][T16241]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  299.153077][T16241]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  299.153100][T16241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.153120][T16241] RIP: 0033:0x7f3d458feec9
[  299.153160][T16241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.153240][T16241] RSP: 002b:00007f3d4435f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  299.153258][T16241] RAX: ffffffffffffffda RBX: 00007f3d45b55fa0 RCX: 00007f3d458feec9
[  299.153270][T16241] RDX: 0000000000000000 RSI: 0000000040095505 RDI: 0000000000000003
[  299.153281][T16241] RBP: 00007f3d4435f090 R08: 0000000000000000 R09: 0000000000000000
[  299.153292][T16241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.153304][T16241] R13: 00007f3d45b56038 R14: 00007f3d45b55fa0 R15: 00007fffee17b0d8
[  299.153323][T16241]  </TASK>
[  299.156821][T16256] netlink: 'syz.2.4179': attribute type 3 has an invalid length.
[  299.182776][T16253] sd 0:0:1:0: device reset
[  299.246286][T16262] hub 9-0:1.0: USB hub found
[  299.385108][T16262] hub 9-0:1.0: 8 ports detected
[  299.410420][ T4018] kernel write not supported for file /608/oom_adj (pid: 4018 comm: kworker/0:5)
[  299.535763][T16276] loop5: detected capacity change from 0 to 1024
[  299.543592][T16276] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869)
[  299.554203][T16276] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[  299.562374][T16276] EXT4-fs (loop5): failed to initialize system zone (-117)
[  299.569756][T16276] EXT4-fs (loop5): mount failed
[  299.664356][T16281] lo speed is unknown, defaulting to 1000
[  299.676159][T16282] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4178'.
[  299.897376][T16292] SELinux: ebitmap: truncated map
[  299.909508][T16293] tipc: Started in network mode
[  299.914515][T16293] tipc: Node identity 56829169e222, cluster identity 4711
[  299.922123][T16293] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  299.933291][T16292] SELinux: failed to load policy
[  300.021147][T16303] tipc: Disabling bearer <eth:syzkaller0>
[  300.123032][T16303] netlink: 'syz.6.4193': attribute type 30 has an invalid length.
[  300.633786][T16317] netlink: 'syz.5.4203': attribute type 6 has an invalid length.
[  300.690969][T16317] loop9: detected capacity change from 0 to 7
[  300.700056][T16317] Buffer I/O error on dev loop9, logical block 0, async page read
[  300.728403][T16317] Buffer I/O error on dev loop9, logical block 0, async page read
[  300.731843][T16321] hub 9-0:1.0: USB hub found
[  300.736300][T16317]  loop9: unable to read partition table
[  300.751209][T16321] hub 9-0:1.0: 8 ports detected
[  300.769764][T16317] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  300.769764][T16317] 
) failed (rc=-5)
[  300.892782][T16330] loop5: detected capacity change from 0 to 128
[  301.115706][T16342] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4212'.
[  301.248096][T16350] 9pnet: Could not find request transport: fd<r=
[  301.319305][T16353] hub 9-0:1.0: USB hub found
[  301.329291][T16353] hub 9-0:1.0: 8 ports detected
[  301.421341][T16355] netlink: 'syz.2.4218': attribute type 6 has an invalid length.
[  301.470129][T16355] loop9: detected capacity change from 0 to 7
[  301.476561][T16355] Buffer I/O error on dev loop9, logical block 0, async page read
[  301.499927][T16355] Buffer I/O error on dev loop9, logical block 0, async page read
[  301.507914][T16355]  loop9: unable to read partition table
[  301.549832][T16355] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  301.549832][T16355] 
) failed (rc=-5)
[  301.630382][   T29] kauditd_printk_skb: 280 callbacks suppressed
[  301.630397][   T29] audit: type=1326 audit(1760574873.977:53916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.660307][   T29] audit: type=1326 audit(1760574873.977:53917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.771916][T16357] pim6reg: entered allmulticast mode
[  301.794914][T16359] loop5: detected capacity change from 0 to 512
[  301.801312][   T29] audit: type=1326 audit(1760574874.037:53918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.824914][   T29] audit: type=1326 audit(1760574874.037:53919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.829854][T16357] pim6reg: left allmulticast mode
[  301.849087][   T29] audit: type=1326 audit(1760574874.037:53920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.877315][   T29] audit: type=1326 audit(1760574874.047:53921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.900929][   T29] audit: type=1326 audit(1760574874.047:53922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.924624][   T29] audit: type=1326 audit(1760574874.047:53923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.948231][   T29] audit: type=1326 audit(1760574874.057:53924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  301.951693][T16359] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.971867][   T29] audit: type=1326 audit(1760574874.057:53925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16356 comm="syz.2.4220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d1dceec9 code=0x7ffc0000
[  302.008481][T16359] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  302.087137][T13561] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.123605][T16368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4223'.
[  302.238752][T16374] 9pnet: Could not find request transport: fd<r=
[  302.260970][T16373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4225'.
[  302.294053][T16383] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=16383 comm=syz.0.4226
[  302.373738][T16390] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4228'.
[  303.004723][T16416] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  303.021685][T16416] tipc: Disabling bearer <eth:syzkaller0>
[  303.127357][T16416] netlink: 'syz.6.4237': attribute type 30 has an invalid length.
[  303.221237][T16424] netlink: 'syz.3.4240': attribute type 6 has an invalid length.
[  303.232165][T16424] loop9: detected capacity change from 0 to 7
[  303.238375][T16424] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.246577][T16424] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.254440][T16424]  loop9: unable to read partition table
[  303.260855][T16424] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  303.260855][T16424] 
) failed (rc=-5)
[  303.355052][T16433] 9pnet: Could not find request transport: fd<r=
[  303.370745][T16438] netlink: 'syz.3.4242': attribute type 13 has an invalid length.
[  303.394383][T16436] 9pnet: Could not find request transport: fd<r=
[  303.917846][T16438] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.925135][T16438] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.941627][T16445] FAULT_INJECTION: forcing a failure.
[  303.941627][T16445] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  303.954907][T16445] CPU: 1 UID: 0 PID: 16445 Comm: syz.0.4245 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  303.954942][T16445] Tainted: [W]=WARN
[  303.954951][T16445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  303.954967][T16445] Call Trace:
[  303.954975][T16445]  <TASK>
[  303.954984][T16445]  __dump_stack+0x1d/0x30
[  303.955024][T16445]  dump_stack_lvl+0xe8/0x140
[  303.955044][T16445]  dump_stack+0x15/0x1b
[  303.955117][T16445]  should_fail_ex+0x265/0x280
[  303.955185][T16445]  should_fail+0xb/0x20
[  303.955226][T16445]  should_fail_usercopy+0x1a/0x20
[  303.955316][T16445]  _copy_from_iter+0xd2/0xe80
[  303.955366][T16445]  ? __alloc_skb+0x1b2/0x320
[  303.955425][T16445]  ? __build_skb_around+0x1ab/0x200
[  303.955451][T16445]  ? __alloc_skb+0x24c/0x320
[  303.955514][T16445]  tipc_msg_build+0x2e1/0x840
[  303.955551][T16445]  ? __rcu_read_unlock+0x4f/0x70
[  303.955597][T16445]  __tipc_sendstream+0x663/0xb20
[  303.955650][T16445]  ? __pfx_woken_wake_function+0x10/0x10
[  303.955685][T16445]  tipc_sendstream+0x3e/0x60
[  303.955818][T16445]  ? __pfx_tipc_sendstream+0x10/0x10
[  303.955856][T16445]  __sock_sendmsg+0x145/0x180
[  303.955885][T16445]  ____sys_sendmsg+0x31e/0x4e0
[  303.955977][T16445]  ___sys_sendmsg+0x17b/0x1d0
[  303.956039][T16445]  __x64_sys_sendmsg+0xd4/0x160
[  303.956086][T16445]  x64_sys_call+0x191e/0x3000
[  303.956196][T16445]  do_syscall_64+0xd2/0x200
[  303.956228][T16445]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  303.956266][T16445]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  303.956317][T16445]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.956375][T16445] RIP: 0033:0x7fa1d370eec9
[  303.956445][T16445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.956472][T16445] RSP: 002b:00007fa1d214e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  303.956571][T16445] RAX: ffffffffffffffda RBX: 00007fa1d3966090 RCX: 00007fa1d370eec9
[  303.956589][T16445] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004
[  303.956620][T16445] RBP: 00007fa1d214e090 R08: 0000000000000000 R09: 0000000000000000
[  303.956637][T16445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.956655][T16445] R13: 00007fa1d3966128 R14: 00007fa1d3966090 R15: 00007fff9a86ceb8
[  303.956686][T16445]  </TASK>
[  304.262112][T16458] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4248'.
[  304.711725][T16438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.729808][T16438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.805704][T16483] loop9: detected capacity change from 0 to 7
[  304.821129][T16483] Buffer I/O error on dev loop9, logical block 0, async page read
[  304.837242][T16483] Buffer I/O error on dev loop9, logical block 0, async page read
[  304.845199][T16483]  loop9: unable to read partition table
[  304.868050][T16483] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  304.868050][T16483] 
) failed (rc=-5)
[  305.269991][T16482] netlink: 'syz.0.4253': attribute type 6 has an invalid length.
[  305.290004][ T6899] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  305.311484][ T6899] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  305.355219][ T6899] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  305.382340][T16507] SELinux:  policydb version 1207 does not match my version range 15-35
[  305.399902][ T6899] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  305.424704][T16507] SELinux: failed to load policy
[  305.476392][T16515] loop9: detected capacity change from 0 to 7
[  305.525748][T16515] IPv6: NLM_F_CREATE should be specified when creating new route
[  305.567913][T16515] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4262'.
[  305.665129][T16528] 9pnet: Could not find request transport: fd<r=
[  305.694969][T16536] netlink: 'syz.6.4269': attribute type 6 has an invalid length.
[  305.726165][T16536] loop9: detected capacity change from 0 to 7
[  305.746985][T16536] Buffer I/O error on dev loop9, logical block 0, async page read
[  305.765158][T16536] Buffer I/O error on dev loop9, logical block 0, async page read
[  305.773142][T16536]  loop9: unable to read partition table
[  305.790690][T16536] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  305.790690][T16536] 
) failed (rc=-5)
[  305.804917][T16538] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4271'.
[  306.024653][T16564] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4284'.
[  306.105863][T16571] netlink: 'syz.5.4286': attribute type 6 has an invalid length.
[  306.115114][T16565] sctp: [Deprecated]: syz.3.4279 (pid 16565) Use of struct sctp_assoc_value in delayed_ack socket option.
[  306.115114][T16565] Use struct sctp_sack_info instead
[  306.138453][T16571] loop9: detected capacity change from 0 to 7
[  306.165006][T16571] Buffer I/O error on dev loop9, logical block 0, async page read
[  306.185204][T16571] Buffer I/O error on dev loop9, logical block 0, async page read
[  306.193128][T16571]  loop9: unable to read partition table
[  306.207364][T16575] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  306.226468][T16575] tipc: Disabling bearer <eth:syzkaller0>
[  306.230075][T16571] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ���
[  306.230075][T16571] 
) failed (rc=-5)
[  306.354826][T16575] netlink: 'syz.6.4289': attribute type 30 has an invalid length.
[  306.447119][T16582] FAULT_INJECTION: forcing a failure.
[  306.447119][T16582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  306.460287][T16582] CPU: 0 UID: 0 PID: 16582 Comm: syz.2.4291 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  306.460396][T16582] Tainted: [W]=WARN
[  306.460402][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  306.460440][T16582] Call Trace:
[  306.460449][T16582]  <TASK>
[  306.460460][T16582]  __dump_stack+0x1d/0x30
[  306.460484][T16582]  dump_stack_lvl+0xe8/0x140
[  306.460504][T16582]  dump_stack+0x15/0x1b
[  306.460523][T16582]  should_fail_ex+0x265/0x280
[  306.460570][T16582]  should_fail+0xb/0x20
[  306.460612][T16582]  should_fail_usercopy+0x1a/0x20
[  306.460717][T16582]  _copy_from_user+0x1c/0xb0
[  306.460743][T16582]  perf_copy_attr+0x145/0x610
[  306.460896][T16582]  __se_sys_perf_event_open+0x67/0x11c0
[  306.460989][T16582]  ? vfs_write+0x7e8/0x960
[  306.461020][T16582]  ? __rcu_read_unlock+0x4f/0x70
[  306.461054][T16582]  __x64_sys_perf_event_open+0x67/0x80
[  306.461111][T16582]  x64_sys_call+0x7bd/0x3000
[  306.461215][T16582]  do_syscall_64+0xd2/0x200
[  306.461245][T16582]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  306.461283][T16582]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  306.461314][T16582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.461337][T16582] RIP: 0033:0x7ff5d1dceec9
[  306.461354][T16582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.461379][T16582] RSP: 002b:00007ff5d0837038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  306.461405][T16582] RAX: ffffffffffffffda RBX: 00007ff5d2025fa0 RCX: 00007ff5d1dceec9
[  306.461423][T16582] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000180
[  306.461440][T16582] RBP: 00007ff5d0837090 R08: 0000000000000000 R09: 0000000000000000
[  306.461457][T16582] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  306.461474][T16582] R13: 00007ff5d2026038 R14: 00007ff5d2025fa0 R15: 00007ffc7c130ce8
[  306.461500][T16582]  </TASK>
[  306.691006][T16584] SELinux: ebitmap: truncated map
[  306.703803][T16584] SELinux: failed to load policy
[  306.729681][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  306.735939][   T29] audit: type=1400 audit(1760574879.067:54096): avc:  denied  { ioctl } for  pid=16589 comm="syz.5.4295" path="socket:[50418]" dev="sockfs" ino=50418 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  306.796476][   T29] audit: type=1400 audit(1760574879.107:54097): avc:  denied  { name_connect } for  pid=16589 comm="syz.5.4295" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  306.812208][T16595] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  306.826684][T16596] tipc: Started in network mode
[  306.831716][T16596] tipc: Node identity ba6fadeee426, cluster identity 4711
[  306.838884][T16596] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  306.847368][   T29] audit: type=1400 audit(1760574879.177:54098): avc:  denied  { connect } for  pid=16598 comm="syz.3.4299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  306.867527][   T29] audit: type=1400 audit(1760574879.197:54099): avc:  denied  { read } for  pid=16598 comm="syz.3.4299" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  306.890971][   T29] audit: type=1400 audit(1760574879.197:54100): avc:  denied  { open } for  pid=16598 comm="syz.3.4299" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  306.914804][   T29] audit: type=1400 audit(1760574879.197:54101): avc:  denied  { ioctl } for  pid=16598 comm="syz.3.4299" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  306.952492][T16595] tipc: Disabling bearer <eth:syzkaller0>
[  306.968579][T16602] netlink: 'syz.2.4298': attribute type 30 has an invalid length.
[  306.981271][T16605] netlink: 'syz.0.4297': attribute type 30 has an invalid length.
[  306.990318][T16596] tipc: Disabling bearer <eth:syzkaller0>
[  307.017650][   T29] audit: type=1326 audit(1760574879.357:54102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16600 comm="syz.6.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  307.041428][   T29] audit: type=1326 audit(1760574879.357:54103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16600 comm="syz.6.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  307.065045][   T29] audit: type=1326 audit(1760574879.357:54104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16600 comm="syz.6.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  307.089087][   T29] audit: type=1326 audit(1760574879.357:54105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16600 comm="syz.6.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d458feec9 code=0x7ffc0000
[  307.195822][T16612] netlink: 14 bytes leftover after parsing attributes in process `syz.3.4303'.
[  307.206957][T16612] hsr_slave_0: left promiscuous mode
[  307.214680][T16612] hsr_slave_1: left promiscuous mode
[  307.284361][T16622] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4306'.
[  307.295085][T16622] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4306'.
[  307.307047][T16622] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4306'.
[  307.398397][T16636] 9pnet: Could not find request transport: fd<r=
[  307.437861][ T6874] Bluetooth: hci0: Frame reassembly failed (-84)
[  307.453164][T16641] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  307.460771][T16641] tipc: Disabling bearer <eth:syzkaller0>
[  307.503399][T16641] netlink: 'syz.2.4312': attribute type 30 has an invalid length.
[  307.605855][T16647] FAULT_INJECTION: forcing a failure.
[  307.605855][T16647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  307.619042][T16647] CPU: 0 UID: 0 PID: 16647 Comm: syz.5.4315 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  307.619103][T16647] Tainted: [W]=WARN
[  307.619112][T16647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  307.619129][T16647] Call Trace:
[  307.619138][T16647]  <TASK>
[  307.619147][T16647]  __dump_stack+0x1d/0x30
[  307.619174][T16647]  dump_stack_lvl+0xe8/0x140
[  307.619201][T16647]  dump_stack+0x15/0x1b
[  307.619289][T16647]  should_fail_ex+0x265/0x280
[  307.619337][T16647]  should_fail+0xb/0x20
[  307.619458][T16647]  should_fail_usercopy+0x1a/0x20
[  307.619515][T16647]  _copy_from_user+0x1c/0xb0
[  307.619600][T16647]  __sys_bpf+0x183/0x7c0
[  307.619656][T16647]  __x64_sys_bpf+0x41/0x50
[  307.619695][T16647]  x64_sys_call+0x2aee/0x3000
[  307.619761][T16647]  do_syscall_64+0xd2/0x200
[  307.619788][T16647]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  307.619825][T16647]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  307.619856][T16647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.619975][T16647] RIP: 0033:0x7fe1f9dfeec9
[  307.619995][T16647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.620020][T16647] RSP: 002b:00007fe1f8867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  307.620048][T16647] RAX: ffffffffffffffda RBX: 00007fe1fa055fa0 RCX: 00007fe1f9dfeec9
[  307.620065][T16647] RDX: 0000000000000038 RSI: 00002000000001c0 RDI: 000000000000001a
[  307.620082][T16647] RBP: 00007fe1f8867090 R08: 0000000000000000 R09: 0000000000000000
[  307.620099][T16647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.620115][T16647] R13: 00007fe1fa056038 R14: 00007fe1fa055fa0 R15: 00007fffd1771dc8
[  307.620175][T16647]  </TASK>
[  307.899399][T16654] loop5: detected capacity change from 0 to 2048
[  307.991750][T16660] netlink: 'syz.2.4319': attribute type 1 has an invalid length.
[  308.011267][T16660] 8021q: adding VLAN 0 to HW filter on device bond2
[  308.021400][T16660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4319'.
[  308.031295][T16654] Alternate GPT is invalid, using primary GPT.
[  308.037656][T16654]  loop5: p1 p2 p3
[  308.043763][T16660] bond2 (unregistering): Released all slaves
[  308.150456][T16665] hub 9-0:1.0: USB hub found
[  308.155344][T16665] hub 9-0:1.0: 8 ports detected
[  308.533772][T16651] Set syz1 is full, maxelem 65536 reached
[  308.603767][T16683] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16683 comm=syz.0.4327
[  308.723968][T16693] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  308.758247][T16695] hub 9-0:1.0: USB hub found
[  308.773109][T16695] hub 9-0:1.0: 8 ports detected
[  308.960100][T16715] loop5: detected capacity change from 0 to 512
[  308.967899][T16715] EXT4-fs: Mount option(s) incompatible with ext3
[  309.070078][ T6884] Bluetooth: hci1: Frame reassembly failed (-84)
[  309.077524][T16720] loop5: detected capacity change from 0 to 2048
[  309.163322][T16720] Alternate GPT is invalid, using primary GPT.
[  309.169806][T16720]  loop5: p2 p3 p7
[  309.216628][T16726] FAULT_INJECTION: forcing a failure.
[  309.216628][T16726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.229801][T16726] CPU: 1 UID: 0 PID: 16726 Comm: syz.6.4343 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  309.229836][T16726] Tainted: [W]=WARN
[  309.229851][T16726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  309.229862][T16726] Call Trace:
[  309.229868][T16726]  <TASK>
[  309.229874][T16726]  __dump_stack+0x1d/0x30
[  309.229893][T16726]  dump_stack_lvl+0xe8/0x140
[  309.229933][T16726]  dump_stack+0x15/0x1b
[  309.229948][T16726]  should_fail_ex+0x265/0x280
[  309.230017][T16726]  should_fail+0xb/0x20
[  309.230045][T16726]  should_fail_usercopy+0x1a/0x20
[  309.230064][T16726]  _copy_from_user+0x1c/0xb0
[  309.230122][T16726]  copy_clone_args_from_user+0x14f/0x490
[  309.230184][T16726]  ? kstrtouint+0x76/0xc0
[  309.230309][T16726]  __se_sys_clone3+0x6f/0x200
[  309.230363][T16726]  __x64_sys_clone3+0x31/0x40
[  309.230412][T16726]  x64_sys_call+0x1fc9/0x3000
[  309.230528][T16726]  do_syscall_64+0xd2/0x200
[  309.230660][T16726]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  309.230693][T16726]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  309.230714][T16726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.230734][T16726] RIP: 0033:0x7f3d458feec9
[  309.230748][T16726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.230786][T16726] RSP: 002b:00007f3d4435ef08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  309.230802][T16726] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f3d458feec9
[  309.230814][T16726] RDX: 00007f3d4435ef20 RSI: 0000000000000058 RDI: 00007f3d4435ef20
[  309.230830][T16726] RBP: 00007f3d4435f090 R08: 0000000000000000 R09: 0000000000000058
[  309.230908][T16726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.230926][T16726] R13: 00007f3d45b56038 R14: 00007f3d45b55fa0 R15: 00007fffee17b0d8
[  309.230946][T16726]  </TASK>
[  309.439745][T12210] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  309.873827][T11800] ==================================================================
[  309.881984][T11800] BUG: KCSAN: data-race in shmem_getattr / shmem_recalc_inode
[  309.889481][T11800] 
[  309.891819][T11800] read-write to 0xffff88811b5288c8 of 8 bytes by task 16723 on cpu 0:
[  309.899983][T11800]  shmem_recalc_inode+0x3b/0x200
[  309.904981][T11800]  shmem_get_folio_gfp+0x7a3/0xd60
[  309.910211][T11800]  shmem_write_begin+0xa8/0x190
[  309.915097][T11800]  generic_perform_write+0x184/0x490
[  309.920420][T11800]  shmem_file_write_iter+0xc5/0xf0
[  309.925551][T11800]  __kernel_write_iter+0x2d6/0x540
[  309.930680][T11800]  dump_user_range+0x61e/0x8f0
[  309.935487][T11800]  elf_core_dump+0x1de7/0x1f80
[  309.940287][T11800]  coredump_write+0xb12/0xe30
[  309.945000][T11800]  vfs_coredump+0x143a/0x20d0
[  309.949719][T11800]  get_signal+0xd84/0xf70
[  309.954075][T11800]  arch_do_signal_or_restart+0x96/0x440
[  309.959643][T11800]  irqentry_exit_to_user_mode+0x5b/0xa0
[  309.965211][T11800]  irqentry_exit+0x12/0x50
[  309.969647][T11800]  asm_exc_invalid_op+0x1a/0x20
[  309.974523][T11800] 
[  309.976863][T11800] read to 0xffff88811b5288c8 of 8 bytes by task 11800 on cpu 1:
[  309.984509][T11800]  shmem_getattr+0x41/0x200
[  309.989030][T11800]  vfs_getattr_nosec+0x146/0x1e0
[  309.993997][T11800]  vfs_statx+0x113/0x390
[  309.998272][T11800]  vfs_fstatat+0x115/0x170
[  310.002720][T11800]  __se_sys_newfstatat+0x55/0x260
[  310.007772][T11800]  __x64_sys_newfstatat+0x55/0x70
[  310.012855][T11800]  x64_sys_call+0x135a/0x3000
[  310.017731][T11800]  do_syscall_64+0xd2/0x200
[  310.022259][T11800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.028181][T11800] 
[  310.030605][T11800] value changed: 0x000000000000011d -> 0x000000000000011e
[  310.037901][T11800] 
[  310.040229][T11800] Reported by Kernel Concurrency Sanitizer on:
[  310.046390][T11800] CPU: 1 UID: 0 PID: 11800 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  310.058032][T11800] Tainted: [W]=WARN
[  310.061838][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  310.071936][T11800] ==================================================================
[  311.119819][ T3524] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  311.119889][T14843] Bluetooth: hci1: command 0x1003 tx timeout