last executing test programs:

3.165596659s ago: executing program 3 (id=967):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
setrlimit(0x9, &(0x7f0000000000))

3.13852929s ago: executing program 3 (id=968):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0x924}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6, @broadcast}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

2.999074292s ago: executing program 3 (id=975):
pipe2(&(0x7f00000006c0)={<r0=>0xffffffffffffffff}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.971883533s ago: executing program 3 (id=976):
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
signalfd(r0, &(0x7f0000000280)={[0x5]}, 0x8)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010001fff0200"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800900010076657468"], 0x50}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x164)
r3 = openat(r2, &(0x7f00000001c0)='./file1\x00', 0x701042, 0xc0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x0, 0x1fcbb, 0x40})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x50, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
execve(0x0, 0x0, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x8010, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=t'])
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="495300000000000000006700000008000300", @ANYRES32=0x0, @ANYBLOB="0800428004"], 0x24}}, 0x0)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r8, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r10}, 0x10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="4400000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0344020000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r12, @ANYBLOB="08061ed7c82279e35d31e9960803f253a398d94a4cd4aa146dddcdf987d2bc9060eca13d6161b6af9b913f2942a33d0ed842d3a1bab78c17d961ca0a9cae72bb45f47367b7dde0157b33f8b43726f7e7197f345b40cdad9d0fed45f155391b522a3f87c6d469807b0341f40007f38484a3683ede00d1a645568439925794acc9e6d50728246003cc28692273fc26eba177340e3d58db1af1bd1bcdc74260aac20117161ed84b039b3eaec5f7ee2ba0cec622f640c660440368d937476b15313330"], 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)
r13 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x80, 0x3, 0x285}, &(0x7f00000004c0)=<r14=>0x0, &(0x7f0000000680)=<r15=>0x0)
syz_io_uring_submit(r14, r15, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r8, 0x0, 0x0})
io_uring_enter(r13, 0x3498, 0x969, 0x0, 0x0, 0x0)
dup3(r13, r5, 0x80000)

2.879106335s ago: executing program 2 (id=978):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
setrlimit(0x9, &(0x7f0000000000))

2.789497496s ago: executing program 2 (id=979):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x9, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='ext4_update_sb\x00', 0xffffffffffffffff, 0x0, 0x700000000000}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r2 = open(&(0x7f00000016c0)='./file0\x00', 0x14d01, 0x99)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='inet_sock_set_state\x00'}, 0x18)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000280)=r2, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x2}, 0x20)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000c80)=0x14)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x1, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff3, 0xd}}}, 0x24}}, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close_range(r4, 0xffffffffffffffff, 0x0)

2.758763457s ago: executing program 2 (id=981):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000240)=0x1, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
write(r3, &(0x7f0000000140)="8465", 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x6)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001200)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r6, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r6, &(0x7f0000001300)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x0, 0x20)
r7 = getpid()
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000800)={'\x00', 0x5, 0xdfc7, 0x80000001, 0x7fffffffffffffff, 0x200, r7})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, &(0x7f0000000700)='Q\x00')
io_uring_enter(0xffffffffffffffff, 0x186a, 0x642c, 0x60, 0x0, 0xffffffffffffffc4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0000900ac000a0502000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x759, &(0x7f0000001340)={[{@sb={'sb', 0x3d, 0xda6}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}, 0x0}, {@data_journal}, {@journal_dev={'journal_dev', 0x3d, 0xf}}, {@i_version}, {@nobarrier}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xb6a}}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==")
pipe2(&(0x7f0000001100)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x88880)
r11 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r11, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x6}, 0x4)
setsockopt$packet_fanout_data(r11, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10)
close_range(r10, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

2.721028388s ago: executing program 3 (id=982):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c3c00000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x140)
syz_usb_disconnect(r2)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
openat$binfmt(0xffffffffffffff9c, r3, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000003c0)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = getpgrp(0x0)
r7 = syz_pidfd_open(r6, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0xff05, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x7fffffffffffffff}, 0x18)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640), 0x4040, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TIOCGPTPEER(r8, 0x5441, 0x0)
pipe2$9p(&(0x7f0000000080), 0x84800)
r9 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000500)={0x0, <r10=>0x0}, &(0x7f0000000540)=0xc)
quotactl$Q_GETQUOTA(0xffffffff80000700, &(0x7f00000004c0)=@sg0, r10, &(0x7f0000000580))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0))
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xa}, {0x8, 0xffff}, {0x10, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}}, 0x20044080)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@getchain={0x24, 0x66, 0x1, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x3, 0x9}, {0xffff, 0xa}, {0xe, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0x4000)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000300)={0x9e, r0, 'id1\x00'})

2.57362975s ago: executing program 2 (id=985):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e0000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af"], 0x70}, 0x1, 0x7}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0xfffc, 0xbfff, 0x19, "ec28a144f13d7607"})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x100, 0x0, 0x0, 0x10, "0062ba5d8200"})
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000040)={[{@acl}, {@nolazytime}, {@orlov}, {@i_version}, {@lazytime}, {@nodiscard}, {@grpjquota}, {@block_validity}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000000b00)="$eJzs3c+PG1cdAPDvzP5y07SbQA9QAQlQCFUUO+u0UdVLywWEqkqIigPikC67zmqJHYe1t3SXldj+DSCBxAn+BA5IHBA9ceDGEYkDQpQDUoEVKIvEwWjGsxt310tM7LWb9ecjTebHm5nve3Zm3vOzd14AU+tyROxGxHxEvBkRi8X2pJji1e6U7Xd/b2dlf29nJYlO542/J3l6ti16jsk8WZyzFBFf+3LEt5LjcVtb23eW6/XaRrFeaTfuVVpb29fWG8trtbXa3Wr15tLN6y/deLE6srJeavz8/S+tv/b1X/3yk+/9bvf572XZOl+k9ZZjlLpFnzuMk5mNiNdOI9gEzBTz+Qnng0eTRsRHIuIz+fW/GDP5/04A4CzrdBajs9i7DgCcdWneB5ak5YhI06IRUO724T0T59J6s9W+eru5eXe121d2IebS2+v12vWLC3/4Tr7zXJKtL+VpeXq+Xj2yfiMiLkbEDxeeyNfLK8366mSaPAAw9Z7srf8j4l8LaVouD3Ron2/1AIDHRmnSGQAAxk79DwDTR/0PANNngPq/+LJ/99TzAgCMh8//ADB91P8AMH3U/wAwVb76+uvZ1Nkvnn+9+tbW5p3mW9dWa6075cbmSnmluXGvvNZsruXP7Gk87Hz1ZvPe0gux+XalXWu1K62t7VuN5ubd9q38ud63anNjKRUA8L9cvPTu75OI2H35iXyKnrEc1NVwtqUj3At4vMwMc7AGAjzWjPYF02ugKjxvJPz21PMCTEbfh3mX+i5+0I//jyB+ZwQfKlc+Pnj/vzGe4WzRsw/T69H6/18ZeT6A8dP/D9Or00mOjvk/f5gEAJxJQ/yEr/P9UTVCgIl62GDeI/n+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6Y8xHx7UjScj4WeJr9m5bLEU9FxIWYS26v12vXI+LpuBQRcwvZ+tKkMw0ADCn9a1KM/3Vl8bnzR1Pnk38v5POI+O5P3vjR28vt9sZStv0fh9sXDoYPqz44bohxBQGAwf15kJ3y+rtazHs+yN/f21k5mE4xj8e8/8XDwUdX9vd28qmbMhudTqcTUcrbEuf+mcRscUwpIp6NiJkRxN99JyI+1q/8Sd43cqEY+bQ3fhSxnxpr/PQD8dM8rTvPXr6PjiAvMG3eze4/r/a7/tK4nM/7X/+l/A41vPz+V4o4uPft98SfLSLN9ImfXfOXB43xwm++cmxjZ7Gb9k7Es7P94ieH8ZMT4j83YPw/fuJTP3jlhLTOTyOuRP/4vbEq7ca9Smtr+9p6Y3mttla7W63eXLp5/aUbL1YreR915aCn+ri/vXz16ZPylpX/3AnxS33LP3947OcGLP/P/vPmNz/9YHXhaPwvfLb/+/9M3/hdz0fE5weMv3zuFycO353FXz2h/A97/68OGP+9v2yvDrgrADAGra3tO8v1em1jqIXsU+goznNsIcviYDsfNBeHC/qnyBeOvyxZ22dU5coaY4PsPDd0cdJfj/JdHnxh9rCtONozfyM749hKUbyGIy/FUAv3xxVrQjckYGweXPSTzgkAAAAAAAAAAAAAAHCScfzp0qTLCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNn13wAAAP//dn2/bw==")
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)

2.170397318s ago: executing program 0 (id=994):
syz_usb_connect$cdc_ncm(0x3, 0x17f, &(0x7f0000000740)=ANY=[@ANYBLOB="120100022d0000002505a1a440000102030109026d0102010040050904000001020d00000824060001a1287905240005000d240f01050000000c0002000706241a0d001007240a03da0c0608241c0400060600ff241301038a8337f3ef3fa1c830cada13275c226ceef491541c0c902fab0dae8f42992467697cc50d314ac336fa21cc3b1d9530ee92f8c52f9e3855ee699d1c2df907f8324bcd6540cfdab3d6be2bf258b98ce940316aadcd96f12801cda471ba2cbf204bf5672185a53e34f41bb219680435b9bcc6c20db8753083f9789c904a889442a99d04327b76819fc0be13f7f2467de9da7bfdd073f1325eb67548b5c6fda1c2c1a7602924e852f22d18f9c8bad65c0a1feebf8a9257c18fdd160d28270720d82b0064362df4ee030bb5edd0e4f49d563d63f8dea2143b017fe2ace05a124bce"], 0x0)
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, r0, &(0x7f00000001c0)=0x2, 0x10000, 0x0)
syz_mount_image$ext4(&(0x7f0000000a00)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x904c01, &(0x7f0000000a40), 0x2, 0x5b1, &(0x7f0000000180)="$eJzs3c9vVEUcAPDv290WStVWYlQ8mEZDIFFaWsDgjwPcCcEfNy9WWgiy/Ait0aKJJcGLifHigcSTB/G/UKJXTyYePHjxZEjQGC4ao2ve7tvt2u6229Ll1b7PJ3ndmTe7nXnQb2f2zUw3gMIaS7+UIvZExOUkYqStrBJZ4VjjeXd/f/90eiRRq736WxJJdq75/CR7HM5e/PdIxPffJLG7vLLeuYWr56er1dkrWX5i/sLlibmFqwfOXZg+O3t29uLUc1NHjxw+cnTy4D1dX6ktfeL6W++MfHTy9S8++yuZ/PKnk0kci1/PNMrar2OzjMVY/FGrfbD8fPrvenSzK8tJufVzsiRZfoItq5LFyGBEPBYjUW773xyJD1/OtXFAX9WSiBpQUIn4h4JqjgOa7+17ex9c6vOoBLgf7hxPvw50iP9K495gjMZAROxd9roOt/Q2JK3ju29PXk+P6NN9OKCzxWs7stTy+E/qsTkaO+u5XXdLrfv7kY0ATmWPlYh4ZYP1jy3Li3+4fxavRcTjncb/K+O/fVonjfs32uL/zQ3WL/4BAAAAAABg89w6HhHPdpr/K2Vzczvjqfr8X9KY//thaYfgsU2of+35v9LtTagG6ODO8YiXOq7/ba3xHS1nuQcbqwGTM+eqswcj4qGI2B8DO9L85Cp1HPh4941uZe3r/9Ijrb+5FjBrx+3Kjv++ZmZ6fvperhlouHMt4olK9/U/af+ftPf/mfT3weUe69i99+apbmVrxz/QL7XPI/Z17P+XVvsmq/99jon6eGCiOSpY6cn3PvmqW/3iH/KT9v+7Vo//0aT97/XMre/7D0bEoYVKrVv5Rsf/g8lr5eb3T707PT9/ZTJiMDmx8vzU+toM21UzHprxksb//qdXv//XGv+3xeFQRCz2WOej/wz/3K1M/w/5SeN/Zl39//oTUzdHv+5Wf2/9/+F6n74/O+P+H6yu1wDNu50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H9UiogHIimNt9Kl0vh4xHBEPBK7StVLc/PPnLn09sWZtKz++f+l5if9jjTySfPz/0fb8lPL8oci4uGI+LQ8VM+Pn75Uncn74gEAAAAAAAAAAAAAAAAAAGCLGO6y/z/1Sznv1gF9V8kexTsUTyXvBgC5Ef9QXOIfikv8Q3GJfyiuDca/6QLYBvT/UFQDvT1tZ7/bAeRB/w8AAAAAANvKrRefv5FExOILQ/UjNZiVtSYGh/JqHdBPpbwbAOTGGl4oLkt/oLh6XPwLbGNJK/VnrVN599X/SX8aBAAAAAAAAAAAAACssG/PrR/X3P8PbEv2/0Nx2f8PxWX/PxSX9/jAWrv47f8HAAAAAAAAAAAAgPzNLVw9P12tzl6RkNhqiYGI2ALNyCExmH945vyLCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaPk3AAD//54nJPo=")
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000680)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31"], 0x25c}}, 0x0)
r5 = getpid()
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000001100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000600)="300e3080b734830aaffdd7338895c834", 0x10, r6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)

1.898762524s ago: executing program 3 (id=997):
syz_usb_connect$cdc_ncm(0x3, 0x17f, &(0x7f0000000740)=ANY=[@ANYBLOB="120100022d0000002505a1a440000102030109026d0102010040050904000001020d00000824060001a1287905240005000d240f01050000000c0002000706241a0d001007240a03da0c0608241c0400060600ff241301038a8337f3ef3fa1c830cada13275c226ceef491541c0c902fab0dae8f42992467697cc50d314ac336fa21cc3b1d9530ee92f8c52f9e3855ee699d1c2df907f8324bcd6540cfdab3d6be2bf258b98ce940316aadcd96f12801cda471ba2cbf204bf5672185a53e34f41bb219680435b9bcc6c20db8753083f9789c904a889442a99d04327b76819fc0be13f7f2467de9da7bfdd073f1325eb67548b5c6fda1c2c1a7602924e852f22d18f9c8bad65c0a1feebf8a9257c18fdd160d28270720d82b0064362df4ee030bb5edd0e4f49d563d63f8dea2143b017fe2ace05a124bce68f9665f290bb802c2871e744d5398b1b4c706f6ab5f5a327b81dc0905810340000204020904010000020d00000904010102020d00000905820240006ec904090503020800107f04"], &(0x7f0000000b80)={0xa, &(0x7f00000008c0)={0xa, 0x6, 0x0, 0xd, 0x1, 0x8, 0x8, 0x7}, 0x0, 0x0, 0x4, [{0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x42f}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x444}}]})
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, r0, 0x0, 0x10000, 0x0)
syz_mount_image$ext4(&(0x7f0000000a00)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x904c01, &(0x7f0000000a40), 0x2, 0x5b1, &(0x7f0000000180)="$eJzs3c9vVEUcAPDv290WStVWYlQ8mEZDIFFaWsDgjwPcCcEfNy9WWgiy/Ait0aKJJcGLifHigcSTB/G/UKJXTyYePHjxZEjQGC4ao2ve7tvt2u6229Ll1b7PJ3ndmTe7nXnQb2f2zUw3gMIaS7+UIvZExOUkYqStrBJZ4VjjeXd/f/90eiRRq736WxJJdq75/CR7HM5e/PdIxPffJLG7vLLeuYWr56er1dkrWX5i/sLlibmFqwfOXZg+O3t29uLUc1NHjxw+cnTy4D1dX6ktfeL6W++MfHTy9S8++yuZ/PKnk0kci1/PNMrar2OzjMVY/FGrfbD8fPrvenSzK8tJufVzsiRZfoItq5LFyGBEPBYjUW773xyJD1/OtXFAX9WSiBpQUIn4h4JqjgOa7+17ex9c6vOoBLgf7hxPvw50iP9K495gjMZAROxd9roOt/Q2JK3ju29PXk+P6NN9OKCzxWs7stTy+E/qsTkaO+u5XXdLrfv7kY0ATmWPlYh4ZYP1jy3Li3+4fxavRcTjncb/K+O/fVonjfs32uL/zQ3WL/4BAAAAAABg89w6HhHPdpr/K2Vzczvjqfr8X9KY//thaYfgsU2of+35v9LtTagG6ODO8YiXOq7/ba3xHS1nuQcbqwGTM+eqswcj4qGI2B8DO9L85Cp1HPh4941uZe3r/9Ijrb+5FjBrx+3Kjv++ZmZ6fvperhlouHMt4olK9/U/af+ftPf/mfT3weUe69i99+apbmVrxz/QL7XPI/Z17P+XVvsmq/99jon6eGCiOSpY6cn3PvmqW/3iH/KT9v+7Vo//0aT97/XMre/7D0bEoYVKrVv5Rsf/g8lr5eb3T707PT9/ZTJiMDmx8vzU+toM21UzHprxksb//qdXv//XGv+3xeFQRCz2WOej/wz/3K1M/w/5SeN/Zl39//oTUzdHv+5Wf2/9/+F6n74/O+P+H6yu1wDNu50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8H9UiogHIimNt9Kl0vh4xHBEPBK7StVLc/PPnLn09sWZtKz++f+l5if9jjTySfPz/0fb8lPL8oci4uGI+LQ8VM+Pn75Uncn74gEAAAAAAAAAAAAAAAAAAGCLGO6y/z/1Sznv1gF9V8kexTsUTyXvBgC5Ef9QXOIfikv8Q3GJfyiuDca/6QLYBvT/UFQDvT1tZ7/bAeRB/w8AAAAAANvKrRefv5FExOILQ/UjNZiVtSYGh/JqHdBPpbwbAOTGGl4oLkt/oLh6XPwLbGNJK/VnrVN599X/SX8aBAAAAAAAAAAAAACssG/PrR/X3P8PbEv2/0Nx2f8PxWX/PxSX9/jAWrv47f8HAAAAAAAAAAAAgPzNLVw9P12tzl6RkNhqiYGI2ALNyCExmH945vyLCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaPk3AAD//54nJPo=")
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000680)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x1}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31"], 0x25c}}, 0x0)
r8 = getpid()
r9 = add_key$keyring(&(0x7f0000000080), &(0x7f0000001100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000600)="300e3080b734830aaffdd7338895c834", 0x10, r9)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
signalfd(r10, &(0x7f0000000000), 0x8)
sendmsg$DEVLINK_CMD_RELOAD(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r11, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)

1.690263347s ago: executing program 2 (id=1001):
unshare(0x22020600)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1d, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000bf46db69cca4f523c7ba0dc4d115355fed50aca5381c2c51442730c017f297d06f87ad378ca4560dba34409ca87dcd39a7d217f5699cce8aba529e83588ad9846e3ca25faa32d1023d5dbd7b52f6fad6f9b21ffd74cc1d938fb25c8c3cb54aa1d5e7966b3e42fb7c827feee85fd8"], 0x48)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x1b, 0x3}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x400})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_open_dev$tty20(0xc, 0x4, 0x0)

1.125363829s ago: executing program 0 (id=1002):
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, &(0x7f0000000000), 0x8)
listen(r1, 0x0)
ioctl$sock_TIOCINQ(r1, 0x541b, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x68}, 0x94)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r4)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004840)=ANY=[@ANYBLOB="cb504ecf", @ANYRES16=r5, @ANYBLOB="3107000000000000000038000000080001007063690011000200303030303a30303a31302e300000000008007300000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300fcffffff"], 0x60}, 0x1, 0x2}, 0x0)
io_setup(0x8f0, &(0x7f0000002400)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x2}])
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28000000190001002abd7000fedbdf6580209000ff110005002300000c0009000100100b", @ANYBLOB="33303c617238a5b23db4963c3493abc2cab0a5f2b0d3442d29c477149241cd61b916978ed371e02d53df8d9479dc280163dd2f0e2563e951f5c3"], 0x28}, 0x1, 0x0, 0x0, 0x24044890}, 0x4000004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r8, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
kexec_load(0x4, 0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844)
pipe(&(0x7f0000000080))

1.016209581s ago: executing program 1 (id=1003):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="86000062610976e217ff500002d1c4c1fe359076cceeba5813be"], 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
mq_open(&(0x7f0000001680)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85\xf2\xff\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\xc7Ej\tW-6!\xfd\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18\xf3\x85\x0fh{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\x01\x00\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\x82\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe62qa!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\xf6\xf0\xe1 \xe2\xd1\x17\x8e\xfb\xfc\xf0\xc9\xb9<+\xb6hQ\xea\xe5\x02]\xa0\x87D\xab\x10\x9d\xac\xceB\a\xec\x92\xb1\xaa\x8cXj\x17\x85\xda\xe8U\xca\xb0\x068\v\xa4\x9c\xf4\xbf\xcf\xc5\xbb\xb7\xa5Y\xd1\xfe?\x88)sHN\xda\xa74\n\x9d@\xd92\x13\xbb<\x8c\x1f\x06\x93\xa7=G\xc6\xfa\xeeoL:k\x87\xe9\xac\xa4:\xf9\x85<\x94\xab\xa7\x91\x10\xde\xf8X\x06rS1\xd4\xb5\x9bf\x93\xd9\x96id5\xc6\xd5\n\xa5\a\xff\x99b6\xb7\xe0\x89\x8e\\\x0e\\5\xbbq\x1d\xa4\x16P\xb2\xf9\xac\xdd\xb3r\x1f\xae\xda\xfd\xb0&\xa1\xd7\x17o\x00\x00\x00\x00\x00\xf2l\xc8\xccC\xd0f\xf0@\xec\x87\f\xa2\x908`z\\\xfd\b\x8cT\x9dJw\xbd=\x92\xb1O\x05\xfc\x7fU\xe4\xf4\\\xaf\xd6\x96\x1f7\xbc\asM\x1d\x10\x86\x9a\xb2\r\xb5b\\\xf0\xc8\xab\x1e(\x05.2m\x9b\xb6V\x1a\xf8\xb3h\xddi\"$\x8e.\xa8\xc3\f\xae\x15\xc3?_\xc5\xb5\xf3\x91n\x7f\xf0\x8c:\xeb\x91\nF\x8b\x8a!=z\x7f1\xa15\v\xf5>\x84\x13 \xb9\x9b\xfb|\x91k\\\xff\xf0)\xbb\xcb\x04\xbe\xbb|\x96\x90jc\xa5\xed\x9b\xe9', 0x42, 0x0, 0x0)
mq_unlink(&(0x7f0000000d40)='\x18\x11?7\xf1\x9aq\b3A\x85\xf1\xec\x1b\x06\x80\xe8\b\x90\xa1\xec\xb4\xc5\x19\xf9`\xdd\r\xb0\xfeq\xf7\xe1\xf6\xaaI\xd1\xb4\xdft=\xe5f\xf8\xa1\xfa\xec\xfc\xfb\xb4~\xeaF=e\xa5\xca<U\xa5\xa7\xf4\xc0cS\x8d\xaa5\xc7R\xc5\xaf\x1a\x00\xa4\xd6\xcf5]\t\xd5rQ(\xf3\x9a\xf0c^\x18\xf7\x0f@\xecV/9Q\x9fL\xdc\xb0`-0\xc7\xc5vAg\x9d\xca\x1d\x9c\xf8A\xe2\f\x98\xec\x02\x13\x85\xca\xd7kY\xffM.C\xb4\x85\xe1')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00'}, 0x10)
syz_io_uring_setup(0x4498c, &(0x7f0000000240)={0x0, 0x7102, 0x80, 0x0, 0x354}, &(0x7f0000000180), &(0x7f0000000340))
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getitimer(0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x68f}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
removexattr(0x0, &(0x7f0000000000)=@known='security.apparmor\x00')
r6 = syz_open_dev$tty1(0xc, 0x4, 0x4)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200010, &(0x7f0000000c40)={[{@resgid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@jqfmt_vfsold}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@sb={'sb', 0x3d, 0x97}}, {@discard}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f0000001040)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000f80)={0x9c, r0, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc43b902749d743b9}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40004}, 0x40005)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000900)={0x7, 0x5f6, 0x401, 0x0, 0xb})

813.107604ms ago: executing program 2 (id=1004):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070080000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', r1}, 0x10)
socket$kcm(0x2, 0xa, 0x2)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3ce, &(0x7f00000004c0)="$eJzs3M9rHFUcAPDvTH7UpjUbQVD0EvFgpJif1lbxYE5e9KR48bQk6Q9ME2lWsCVCBc8FQdCrR/8A8dKDgtW/wKtHkUKQJN5XZndmMybZtJtuHNl8PvDIe/M2+97MY2bfPN57AZxakxHxVkQMRcRsRNTy42ke4k47ZJ/b3d5cykISzeZ7fyWRRMTO9uZS8V1J/vdc/gVTaUT6RRLPH1Luxq3bH9VXV1du5umZxo2PZzZu3X7l+o361ZWrK2sLC/Pzly/OXnrtct/O9evNdz/84fe3d765M/5Mfbl2N6vv+TyvfB79MhmTnWuy3+v9LqxiT5TiyXCFFQEA4Ehp3vcfbvX/azEUe523Wtz9udLKAQAAAH3RbBZ/AQAAgMGVePcHAACAAVfMA9jZ3lwqQoXTEfiPbS1GxES7/Yv13e2c4c6a3pF963v7aTIi/p76/uUsxAmtwwYAAAA4zX5cbG/8d3D8L41nS587GxFjxd5+fTS5L31w/Cd90OciKdlajHiztLfjbqn9cxNDeerJ1lDhSHLl+urKbESMR8RUjJzJ0nNHlDH+xh/3uuWVx/+ykJVfjAXm9XgwfObf/7Ncb9Qf55zZs/V5xHPDh7V/0hnzLe+TeRyfXfvyWre8h7c/J6n5bcRLh97/ezuXJkfvzzrTeh7MFE+Fg9bu3X+hW/nav1rZ/T92dPtPJOX9ejd6L+OD++d/65Z33Of/aPJ+q4Kj+bFP643GzbmI0eSdg8fne6/zoCquR3G9svafevHw3/+i/5fkv/3jpf2he/HTL7uXuuW5/6uVtf9yT/d/75GLv353oVv5j3b/v9qqzFR+RP/v4R61gaquJwAAAAAAAAD9kbbm9iXpdCeeptPT7Xm+T8dYurq+0bhwZf2TteX2HMCJGEmLmV610nzQufYy8k56fl96ISKeioivamdb6eml9dXlqk8eAAAATolzXd7/M38eZ7EHAAAA8P80UXUFAAAAgBPn/R8AAAAG2uPs6y8iIjKokaqfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn2z8BAAD//yly2dE=")
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000005}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0009}]})
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x2, 0x4, 0x7, 0x400}, {0x2, 0xc, 0x9e, 0xffff}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x20902, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x121c02, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000080)={0x0, 0xfff, 0x10}, &(0x7f00000000c0)=0xc)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@mcast2, 0x8000000, 0x0, 0x1, 0x2, 0x7f, 0x7}, 0x20)
setgroups(0x3, &(0x7f0000000180)=[0x0, 0xee01, 0xee00])
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

781.090335ms ago: executing program 0 (id=1005):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000240)=0x1, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
write(r3, &(0x7f0000000140)="84650000", 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x6)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001200)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r6, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r6, &(0x7f0000001300)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x0, 0x20)
r7 = getpid()
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000800)={'\x00', 0x5, 0xdfc7, 0x80000001, 0x7fffffffffffffff, 0x200, r7})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, &(0x7f0000000700)='Q\x00')
io_uring_enter(0xffffffffffffffff, 0x186a, 0x642c, 0x60, 0x0, 0xffffffffffffffc4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0000900ac000a0502000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x759, &(0x7f0000001340)={[{@sb={'sb', 0x3d, 0xda6}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}, 0x0}, {@data_journal}, {@journal_dev={'journal_dev', 0x3d, 0xf}}, {@i_version}, {@nobarrier}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xb6a}}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==")
pipe2(&(0x7f0000001100)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x88880)
r11 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r11, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x6}, 0x4)
setsockopt$packet_fanout_data(r11, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10)
close_range(r10, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

632.774298ms ago: executing program 1 (id=1007):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000240)={0x80000011})
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40))
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
getsockopt$bt_hci(r4, 0x84, 0x81, 0x0, &(0x7f00000000c0))
creat(&(0x7f0000000880)='./file0\x00', 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@ocfs2={0xc}, 0x0, 0x1200)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@fuse={0xc, 0x81, {0x503, 0x81, 0xdbd}}, 0x0, 0x200)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010700000000000000002e0000000e0001"], 0x3c}, 0x1, 0x0, 0x0, 0xc018}, 0x4008010)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0)
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="12b6a3f046b5579c8dd21c8a873d7e3dc51f42659985633569052d5ee20d3907f0533b98d54ad70c537888c41a7f70794abc418789666115fede3091abae24e70d93c73a547b0819bffe4efc77094b6047855b6955c414d0f84d6f6ea08a630000000000"], &(0x7f00000006c0)=""/249, 0xf9)
sendfile(r7, r7, 0x0, 0x2)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r8=>r3}, './file0\x00'})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r9, 0x4b2f, 0x0)
getsockopt$inet_opts(r8, 0x0, 0x4, &(0x7f00000004c0)=""/124, &(0x7f0000000440)=0x7c)

609.087779ms ago: executing program 0 (id=1008):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0x924}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6, @broadcast}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

554.10403ms ago: executing program 1 (id=1009):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
shutdown(r0, 0x1)

553.64331ms ago: executing program 1 (id=1010):
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)

509.570531ms ago: executing program 1 (id=1011):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x9, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='ext4_update_sb\x00', 0xffffffffffffffff, 0x0, 0x700000000000}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r2 = open(&(0x7f00000016c0)='./file0\x00', 0x14d01, 0x99)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1], 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='inet_sock_set_state\x00'}, 0x18)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000280)=r2, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001900)="2e00000011008188040900000000000000a1810031000000000f000000028002002d1f00000002000000e2000000", 0x2e}], 0x1}, 0x0)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000c80)=0x14)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x1, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff3, 0xd}}}, 0x24}}, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close_range(r4, 0xffffffffffffffff, 0x0)

461.684772ms ago: executing program 1 (id=1013):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c3c00000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x140)
syz_usb_disconnect(r2)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000003c0)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = getpgrp(0x0)
r7 = syz_pidfd_open(r6, 0x0)
ioctl$FS_IOC_GETVERSION(r7, 0xff05, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x7fffffffffffffff}, 0x18)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640), 0x4040, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TIOCGPTPEER(r8, 0x5441, 0x0)
pipe2$9p(&(0x7f0000000080), 0x84800)
r9 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000500)={0x0, <r10=>0x0}, &(0x7f0000000540)=0xc)
quotactl$Q_GETQUOTA(0xffffffff80000700, &(0x7f00000004c0)=@sg0, r10, &(0x7f0000000580))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0))
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xa}, {0x8, 0xffff}, {0x10, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}}, 0x20044080)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@getchain={0x24, 0x66, 0x1, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x3, 0x9}, {0xffff, 0xa}, {0xe, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0x4000)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000300)={0x9e, r0, 'id1\x00'})

370.699183ms ago: executing program 0 (id=1015):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x924}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000100)={r2, 0x2, 0x6, @broadcast}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})

213.503006ms ago: executing program 4 (id=1017):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000003e000701fcf7fffffedbdf24e17c00000c0004"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r2 = open(&(0x7f0000000580)='./file0\x00', 0xc0, 0x63)
r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x934, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}}}, 0x108)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000b00)=ANY=[@ANYRES16=r3], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4056, &(0x7f0000000f40)={[{@noload}, {@errors_remount}, {@user_xattr}, {@journal_checksum}, {@nogrpid}, {@minixdf}, {@noquota}, {@usrjquota}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x37, 0x66, 0x38, 0x30, 0x6, 0x31, 0x55], 0x2d, [0x62, 0x35, 0x35, 0x61], 0x2d, [0x9a, 0x37, 0x66, 0x65], 0x2d, [0x37, 0x30, 0x64, 0x35], 0x2d, [0x1, 0x37, 0x66, 0x64, 0x33, 0x4, 0x34, 0x61]}}}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==")
set_robust_list(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x2010, r2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
newfstatat(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', &(0x7f0000005280)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x1000)
setuid(r6)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000200000000000000000000000000000000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff00"/112], 0xb8}}, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x6}, &(0x7f0000000140)=0x8)
socket$qrtr(0x2a, 0x2, 0x0)

210.421746ms ago: executing program 4 (id=1018):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000006c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x20000000000002b8, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x8000, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r3, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

208.734766ms ago: executing program 0 (id=1019):
r0 = syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x80040c, &(0x7f0000000580)={[{@orlov}, {@norecovery}]}, 0x1, 0x5e8, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJp4zdzOlP6Y2x+X207T+XySS2fOmeGc4fLtOXPuOXMDqKzB9I9axMGImE4i+pP5xbzOyDIHF4579OdH59NXEvX6a78nkWRp+fFJ9rMvO7knIn78IYkDHavLnZm7cXl8amryerY/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aOdbSdd0sSDt7+933+z8Ze/Obr/5KRr79ZSyJ0/FyduDS62iXwRhs/Jskq7P6TrW7sJJ0ZP9Plr7FSWeJFWJT8vevKyL+F/3REY/fvP74+JVSKwdsqXoSUQcqKhH/UFF5PyC/t195H1wrpVcCbIeHZxYGAFbHf+fC2GD0NMYG9j5KYumwThIRrY3MLbcvIu7fG7t94d7Y7diicTig2PytiPh/UfwnjfgfiJ4YaMR/bVn8p/2Cc9nPNP3VFstfOVQs/mH7LMR/z5rxH03i/60l8f92i+UPPt58p3dZ/Pe2ekkAAAAAAABQWXfPRMTzRZ//1xbn/0TB/J++iDjdhvIHV+yv/vy/9qANxQAFHp6JeKlw/m8tn/070JFt/asxH6AruXBpavJYRPw7Io5E1550f2SNMo5+euDLZnmD2fy//JWWfz+bC5jV40HnnuXnTIzPjj/pdQMRD29FPFU4/zdZbP+TgvY//X0wvcEyDjx751yzvPXjH9gq9a8jDhe2/4+fWpGs/XyO4UZ/YDjvFaz29Ieffdes/Fbj3yMm4Mml7f/eteN/IFn6vJ6ZzZdxfK6z3iyv1f5/d/J645Ez3VnaB+Ozs9dHIrqTsx1p6rL00c3XGXajPB7yeEnj/8gza4//FfX/eyNifsXfnfyxfE1x7r9/9/3arD76/1CeNP4nNtX+b35j9M7A983K31j7f6LR1h/JUoz/wYIv8jDtXp5eEI6dRVnbXV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2A1qEbEvktrQ4natNjQU0RcR/4m9talrM7PPXbj23tWJNK/x/f+1/Jt++xf2k/z7/weW7I+u2D8eEfsj4vOO3sb+0PlrUxNlXzwAAAAAAAAAAAAAAAAAAADsEH1N1v+nfusou3bAlussuwJAaQri/6cy6gFsP+0/VJf4h+oS/1Bd4h+qq8X472p3PYDtp/2H6hL/UF3iHwAAAAAAdpX9h+7+nETE/Iu9jVeqO8szvwd2t1rZFQBK4xE/UF2m/kB1uccHknXye5qetN6Za5k+/wQnAwAAAAAAAAAAAEDlHD5o/T9UlfX/UF3W/0N15ev/D5VcD2D7uccHYp2V/IXr/9c9CwAAAAAAAAAAAABop5m5G5fHp6Ymr9t4Y2dUox0b6Tu7kYPr9frNxrEtlbVnB1zpjtrIp8LvlPqs2MjX+m3srNJ+JQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv8EwAA//8IGSKz")
bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
timer_create(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x2}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xb, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r7, 0x0, r6, 0x0, 0x6, 0x0)
fcntl$setstatus(r6, 0x4, 0x7c00)
dup3(r7, r6, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)

185.949077ms ago: executing program 4 (id=1020):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000240)=0x1, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
write(r3, &(0x7f0000000140)="8465", 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x6)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001200)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r6, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r6, &(0x7f0000001300)=[{&(0x7f0000000040)=""/17, 0x11}], 0x1, 0x0, 0x20)
r7 = getpid()
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000800)={'\x00', 0x5, 0xdfc7, 0x80000001, 0x7fffffffffffffff, 0x200, r7})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, &(0x7f0000000700)='Q\x00')
io_uring_enter(0xffffffffffffffff, 0x186a, 0x642c, 0x60, 0x0, 0xffffffffffffffc4)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0000900ac000a0502000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x759, &(0x7f0000001340)={[{@sb={'sb', 0x3d, 0xda6}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}, 0x0}, {@data_journal}, {@journal_dev={'journal_dev', 0x3d, 0xf}}, {@i_version}, {@nobarrier}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xb6a}}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==")
pipe2(&(0x7f0000001100)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x88880)
r11 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r11, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x6}, 0x4)
setsockopt$packet_fanout_data(r11, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6}]}, 0x10)
close_range(r10, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

100.603578ms ago: executing program 4 (id=1021):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
shutdown(r0, 0x1)

53.967899ms ago: executing program 4 (id=1022):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000f00)={'veth0_to_batadv\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x4b, 0x37, "4372071e845c1497c855383000000002000000372a72ee4dfeed37968b00905020000055965737d2aaec032b9753384b00000000ef86ed"}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='ufshcd_upiu\x00', r4, 0x0, 0x2}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb}}, @TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000000)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
getxattr(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000040)=@known='system.sockprotoname\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00', @ANYRES16=r7, @ANYBLOB="871000000000000000000100000008000300000001000500060000000000050005"], 0x30}, 0x1, 0x0, 0x0, 0x94}, 0x8808)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), &(0x7f00000000c0)='T', 0x1, 0x0)
getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000000)=@known='user.incfs.metadata\x00', 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timer_create(0x0, 0x0, &(0x7f0000001240)=<r9=>0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b04200000000000000002000000540004803c0001800a0001006c696d69740000002c0002800c000240000000000000000008000540000000000c00014000000000000000010800044000000001140001800b0001007470726f78790000040002800900010073797a30000000000900020073797a32"], 0xa8}}, 0x0)
timer_gettime(r9, &(0x7f0000001280))
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x5a, &(0x7f0000000580)=[{0x6, 0xc3, 0x2, 0xfffffffc}, {0xa04, 0x2, 0x59, 0x9}, {0x3, 0x3, 0x7, 0x80000000}, {0x8, 0x3, 0xd7, 0x9}, {0x1012, 0x0, 0x4, 0x8}, {0x8, 0x4, 0x4, 0xc4}, {0x7ff, 0x6, 0xff, 0xf12}, {0xff, 0x6, 0x18, 0x756a}, {0x4, 0xc9, 0x40, 0x3f}, {0x5, 0xc, 0x6, 0x5}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xb}, 0x48)

0s ago: executing program 4 (id=1023):
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
signalfd(r0, &(0x7f0000000280)={[0x5]}, 0x8)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010001fff0200"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800900010076657468"], 0x50}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x164)
r3 = openat(r2, &(0x7f00000001c0)='./file1\x00', 0x701042, 0xc0)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x0, 0x1fcbb, 0x40})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x50, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
execve(0x0, 0x0, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x8010, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=t'])
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="495300000000000000006700000008000300", @ANYRES32=0x0, @ANYBLOB="0800428004"], 0x24}}, 0x0)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r8, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r10}, 0x10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
r12 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x80, 0x3, 0x285}, &(0x7f00000004c0)=<r13=>0x0, &(0x7f0000000680)=<r14=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r8, 0x0, 0x0})
io_uring_enter(r12, 0x3498, 0x969, 0x0, 0x0, 0x0)
dup3(r12, r5, 0x80000)

kernel console output (not intermixed with test programs):

tected capacity change from 0 to 764
[   55.821959][ T4233] loop9: detected capacity change from 0 to 7
[   55.828691][ T3297] buffer_io_error: 4 callbacks suppressed
[   55.828704][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.842529][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.850487][ T3297]  loop9: unable to read partition table
[   55.856735][ T4233] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.864689][ T4233] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.872635][ T4233]  loop9: unable to read partition table
[   55.878988][ T4233] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   55.878988][ T4233] 
) failed (rc=-5)
[   55.893235][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.901209][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.909331][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.917422][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.925559][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read
[   55.969701][ T4245] netlink: 24 bytes leftover after parsing attributes in process `syz.0.270'.
[   56.023847][ T4251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.032548][ T4253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.050438][ T4251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.055098][ T4253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.082791][ T4257] loop1: detected capacity change from 0 to 512
[   56.100893][ T4256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.282'.
[   56.101471][ T4251] loop4: detected capacity change from 0 to 1024
[   56.117921][ T4257] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   56.143508][ T4256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.282'.
[   56.174112][ T4257] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.281: bg 0: block 4: invalid block bitmap
[   56.193366][ T4257] EXT4-fs (loop1): Remounting filesystem read-only
[   56.200101][ T4257] EXT4-fs (loop1): 1 truncate cleaned up
[   56.206424][ T4257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.253984][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.332765][ T4262] netlink: 404 bytes leftover after parsing attributes in process `syz.4.279'.
[   56.346863][ T4262] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.419126][ T4264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.450297][ T4261] loop2: detected capacity change from 0 to 512
[   56.485512][ T4262] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.506439][ T4264] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.520103][ T4261] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   56.574327][ T4261] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.284: bg 0: block 4: invalid block bitmap
[   56.589502][ T4262] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.675393][ T4262] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.726135][ T4261] EXT4-fs (loop2): Remounting filesystem read-only
[   56.738336][ T4261] EXT4-fs (loop2): 1 truncate cleaned up
[   56.745622][ T4261] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.749616][   T51] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.766485][   T51] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.774752][   T51] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.783377][   T51] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.793207][ T4269] dummy0: entered allmulticast mode
[   56.799471][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.809022][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.852479][ T4275] netlink: 20 bytes leftover after parsing attributes in process `syz.2.289'.
[   56.867198][ T4277] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   56.893150][ T4266] dummy0: left allmulticast mode
[   56.953153][ T4288] loop2: detected capacity change from 0 to 512
[   56.968050][ T4288] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   56.997243][ T4288] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.294: bg 0: block 4: invalid block bitmap
[   57.011415][ T4288] EXT4-fs (loop2): Remounting filesystem read-only
[   57.018346][ T4288] EXT4-fs (loop2): 1 truncate cleaned up
[   57.027120][ T4288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.068747][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.135269][ T4304] syz!: rxe_newlink: already configured on team_slave_0
[   57.210127][   T29] kauditd_printk_skb: 171 callbacks suppressed
[   57.210144][   T29] audit: type=1400 audit(1757480066.586:1634): avc:  denied  { shutdown } for  pid=4305 comm="syz.1.302" lport=47713 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   57.278377][   T29] audit: type=1326 audit(1757480066.656:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.301843][   T29] audit: type=1326 audit(1757480066.656:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.342794][   T29] audit: type=1326 audit(1757480066.716:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.366223][   T29] audit: type=1326 audit(1757480066.716:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.389591][   T29] audit: type=1326 audit(1757480066.716:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.413143][   T29] audit: type=1326 audit(1757480066.716:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.436646][   T29] audit: type=1326 audit(1757480066.716:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.460218][   T29] audit: type=1326 audit(1757480066.716:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.483804][   T29] audit: type=1326 audit(1757480066.716:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4313 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c959eba9 code=0x7ffc0000
[   57.519707][ T4316] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   57.532577][ T4322] syz!: rxe_newlink: already configured on team_slave_0
[   57.551675][ T4325] loop2: detected capacity change from 0 to 512
[   57.561444][ T4325] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   57.584536][ T4325] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.309: bg 0: block 4: invalid block bitmap
[   57.600590][ T4325] EXT4-fs (loop2): Remounting filesystem read-only
[   57.608173][ T4325] EXT4-fs (loop2): 1 truncate cleaned up
[   57.616725][ T4325] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.645772][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.656527][ T4329] loop1: detected capacity change from 0 to 1024
[   57.675112][ T4329] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   57.685873][ T4331] lo speed is unknown, defaulting to 1000
[   57.686072][ T4329] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   57.728824][ T4329] EXT4-fs (loop1): failed to open journal device unknown-block(0,0) -6
[   57.743575][ T4340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.752446][ T4340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.771303][ T4340] loop2: detected capacity change from 0 to 1024
[   57.829149][ T4346] loop1: detected capacity change from 0 to 1024
[   57.836112][ T4346] EXT4-fs: Ignoring removed orlov option
[   57.844019][ T4346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   58.000648][ T4357] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   58.010720][ T4357] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   58.085176][ T4356] loop3: detected capacity change from 0 to 512
[   58.249644][ T4356] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   58.429263][ T4357] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   58.439233][ T4357] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   58.501468][ T4368] rdma_op ffff8881049e7980 conn xmit_rdma 0000000000000000
[   58.511125][ T4357] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   58.521134][ T4357] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   58.575267][ T4374] loop3: detected capacity change from 0 to 128
[   58.591577][ T4374] loop9: detected capacity change from 0 to 7
[   58.599275][ T4357] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   58.609419][ T4357] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   58.612149][ T4374] Buffer I/O error on dev loop9, logical block 0, async page read
[   58.627418][ T4374]  loop9: unable to read partition table
[   58.633207][ T4374] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   58.633207][ T4374] 
) failed (rc=-5)
[   58.694435][ T4379] loop0: detected capacity change from 0 to 128
[   58.708390][  T168] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   58.716912][  T168] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   58.728071][  T168] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   58.736436][  T168] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   58.748001][  T168] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   58.756386][  T168] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   58.767585][ T4379] loop9: detected capacity change from 0 to 7
[   58.776067][ T4379]  loop9: unable to read partition table
[   58.781515][  T168] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   58.790191][  T168] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   58.790616][ T4379] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   58.790616][ T4379] 
) failed (rc=-5)
[   58.856903][ T4384] syzkaller0: entered allmulticast mode
[   58.864541][ T4384] syzkaller0 (unregistering): left allmulticast mode
[   59.026543][ T4400] netlink: 'syz.3.336': attribute type 6 has an invalid length.
[   59.037491][ T4400] loop3: detected capacity change from 0 to 512
[   59.047449][ T4398] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   59.056921][ T4402] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   59.066979][ T4400] EXT4-fs (loop3): unable to read superblock
[   59.151385][ T4410] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   59.238383][ T4420] loop0: detected capacity change from 0 to 512
[   59.247020][ T4420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.336761][ T4429] netlink: 'syz.3.349': attribute type 6 has an invalid length.
[   59.352710][ T4429] loop3: detected capacity change from 0 to 512
[   59.365805][ T4429] EXT4-fs (loop3): unable to read superblock
[   59.417675][ T4433] netlink: 'syz.4.350': attribute type 6 has an invalid length.
[   59.445156][ T4433] loop4: detected capacity change from 0 to 512
[   59.466042][ T4433] EXT4-fs (loop4): unable to read superblock
[   59.481027][ T4437] syz!: rxe_newlink: already configured on team_slave_0
[   59.684037][ T4439] Set syz1 is full, maxelem 65536 reached
[   59.708935][ T4443] syz!: rxe_newlink: already configured on team_slave_0
[   59.846768][ T4445] netlink: 'syz.4.356': attribute type 6 has an invalid length.
[   59.865219][ T4445] loop4: detected capacity change from 0 to 512
[   59.884027][ T4445] EXT4-fs (loop4): unable to read superblock
[   59.891613][ T4449] __nla_validate_parse: 10 callbacks suppressed
[   59.891631][ T4449] netlink: 20 bytes leftover after parsing attributes in process `syz.3.358'.
[   59.972852][ T4453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'.
[   60.057750][ T4459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.066375][ T4459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.081860][ T4459] loop3: detected capacity change from 0 to 1024
[   60.283215][ T4466] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   60.325849][ T4467] netlink: 404 bytes leftover after parsing attributes in process `syz.3.361'.
[   60.423151][ T4467] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.484235][ T4467] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.533979][ T4467] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.574709][ T4467] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.653389][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.667510][ T3432] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.677439][ T4469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.365'.
[   60.686165][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.694833][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.706692][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.751700][ T4475] loop4: detected capacity change from 0 to 512
[   60.760963][ T4475] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   60.870459][ T4481] loop2: detected capacity change from 0 to 128
[   60.870985][ T4473] Set syz1 is full, maxelem 65536 reached
[   60.883355][ T4475] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.367: bg 0: block 4: invalid block bitmap
[   60.896417][ T4475] EXT4-fs (loop4): Remounting filesystem read-only
[   60.900308][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.904842][ T4481] loop9: detected capacity change from 0 to 7
[   60.912319][ T4475] EXT4-fs (loop4): 1 truncate cleaned up
[   60.924597][ T4475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   60.937988][ T3295] buffer_io_error: 13 callbacks suppressed
[   60.938002][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   60.971243][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.974543][ T4485] loop1: detected capacity change from 0 to 512
[   60.989588][ T4485] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   61.012883][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.020931][ T3295]  loop9: unable to read partition table
[   61.033521][ T4487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.373'.
[   61.042741][ T4481] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.050697][ T4489] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   61.061542][ T4481] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.069462][ T4481]  loop9: unable to read partition table
[   61.075919][ T4481] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   61.075919][ T4481] 
) failed (rc=-5)
[   61.089841][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.098078][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.099174][ T4491] loop1: detected capacity change from 0 to 1024
[   61.106576][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.120622][ T4491] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   61.139251][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.181368][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.240221][ T4503] loop2: detected capacity change from 0 to 128
[   61.258189][ T4503] loop9: detected capacity change from 0 to 7
[   61.266458][ T4503] Buffer I/O error on dev loop9, logical block 0, async page read
[   61.296103][ T4503]  loop9: unable to read partition table
[   61.309121][ T4503] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   61.309121][ T4503] 
) failed (rc=-5)
[   61.321616][ T4514] netlink: 'syz.1.383': attribute type 6 has an invalid length.
[   61.335529][ T4514] loop1: detected capacity change from 0 to 512
[   61.348300][ T4514] EXT4-fs (loop1): unable to read superblock
[   61.424567][ T4525] netlink: 4 bytes leftover after parsing attributes in process `syz.1.385'.
[   61.425622][ T4527] netlink: 24 bytes leftover after parsing attributes in process `syz.2.384'.
[   61.490655][ T4534] loop2: detected capacity change from 0 to 1024
[   61.511916][ T4534] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[   61.592532][ T4549] netlink: 'syz.2.395': attribute type 6 has an invalid length.
[   61.608224][ T4549] loop2: detected capacity change from 0 to 512
[   61.617869][ T4549] EXT4-fs (loop2): unable to read superblock
[   61.683634][ T4558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.399'.
[   61.700304][ T4556] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   61.704890][ T4560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.400'.
[   61.908055][ T4575] loop1: detected capacity change from 0 to 1024
[   61.916781][ T4575] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   61.953262][ T4583] netlink: 'syz.1.408': attribute type 6 has an invalid length.
[   61.964691][ T4583] loop1: detected capacity change from 0 to 512
[   61.975786][ T4583] EXT4-fs (loop1): unable to read superblock
[   62.106855][ T4593] loop4: detected capacity change from 0 to 128
[   62.127184][ T4593] loop9: detected capacity change from 0 to 7
[   62.133666][ T4593]  loop9: unable to read partition table
[   62.139325][ T4593] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   62.139325][ T4593] 
) failed (rc=-5)
[   62.196629][ T4597] loop4: detected capacity change from 0 to 128
[   62.248344][ T4597] loop9: detected capacity change from 0 to 7
[   62.255217][ T3295]  loop9: unable to read partition table
[   62.270119][ T4600] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   62.295803][ T4597]  loop9: unable to read partition table
[   62.301684][ T4597] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   62.301684][ T4597] 
) failed (rc=-5)
[   62.369713][ T4603] netlink: 4 bytes leftover after parsing attributes in process `syz.4.416'.
[   62.438011][ T4606] random: crng reseeded on system resumption
[   62.888254][ T4615] loop0: detected capacity change from 0 to 1024
[   62.900124][ T4616] netlink: 'syz.4.420': attribute type 6 has an invalid length.
[   62.911287][ T4616] loop4: detected capacity change from 0 to 512
[   62.918859][ T4616] EXT4-fs (loop4): unable to read superblock
[   62.925261][ T4615] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[   63.050848][   T29] kauditd_printk_skb: 306 callbacks suppressed
[   63.050863][   T29] audit: type=1326 audit(1757480072.426:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.063937][ T4629] syzkaller0: entered allmulticast mode
[   63.089751][   T29] audit: type=1326 audit(1757480072.466:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.121699][ T4629] syzkaller0 (unregistering): left allmulticast mode
[   63.130205][   T29] audit: type=1326 audit(1757480072.506:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.177506][ T4632] loop3: detected capacity change from 0 to 512
[   63.184863][   T29] audit: type=1326 audit(1757480072.536:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.208395][   T29] audit: type=1326 audit(1757480072.536:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.231857][   T29] audit: type=1326 audit(1757480072.536:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.255474][   T29] audit: type=1326 audit(1757480072.536:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.272425][ T4632] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   63.278993][   T29] audit: type=1326 audit(1757480072.536:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.311125][   T29] audit: type=1326 audit(1757480072.536:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.334632][   T29] audit: type=1326 audit(1757480072.536:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   63.381585][ T4633] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   63.457948][ T4630] lo speed is unknown, defaulting to 1000
[   63.494160][ T4648] loop0: detected capacity change from 0 to 256
[   63.530646][ T4649] netlink: 'syz.1.432': attribute type 6 has an invalid length.
[   63.544529][ T4649] loop1: detected capacity change from 0 to 512
[   63.551659][ T4649] /dev/loop1: Can't open blockdev
[   63.807584][ T4671] syzkaller0: entered allmulticast mode
[   63.816727][ T4671] syzkaller0 (unregistering): left allmulticast mode
[   63.890015][ T4669] loop1: detected capacity change from 0 to 512
[   63.899156][ T4669] EXT4-fs (loop1): Number of reserved GDT blocks insanely large: 2048
[   63.914006][ T4669] loop1: detected capacity change from 0 to 512
[   63.936842][ T4669] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   63.971522][ T4680] FAULT_INJECTION: forcing a failure.
[   63.971522][ T4680] name failslab, interval 1, probability 0, space 0, times 0
[   63.971550][ T4669] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.984222][ T4680] CPU: 0 UID: 0 PID: 4680 Comm: syz.4.442 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.984249][ T4680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   63.984261][ T4680] Call Trace:
[   63.984268][ T4680]  <TASK>
[   63.984276][ T4680]  __dump_stack+0x1d/0x30
[   63.984357][ T4680]  dump_stack_lvl+0xe8/0x140
[   63.984376][ T4680]  dump_stack+0x15/0x1b
[   63.984448][ T4680]  should_fail_ex+0x265/0x280
[   63.984471][ T4680]  should_failslab+0x8c/0xb0
[   63.984494][ T4680]  kmem_cache_alloc_noprof+0x50/0x310
[   63.984542][ T4680]  ? audit_log_start+0x365/0x6c0
[   63.984571][ T4680]  audit_log_start+0x365/0x6c0
[   63.984600][ T4680]  audit_seccomp+0x48/0x100
[   63.984677][ T4680]  ? __seccomp_filter+0x68c/0x10d0
[   63.984748][ T4680]  __seccomp_filter+0x69d/0x10d0
[   63.984769][ T4680]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   63.984875][ T4680]  ? vfs_write+0x7e8/0x960
[   63.984896][ T4680]  ? __rcu_read_unlock+0x4f/0x70
[   63.984931][ T4680]  ? __fget_files+0x184/0x1c0
[   63.984955][ T4680]  __secure_computing+0x82/0x150
[   63.984976][ T4680]  syscall_trace_enter+0xcf/0x1e0
[   63.985109][ T4680]  do_syscall_64+0xac/0x200
[   63.985135][ T4680]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   63.985182][ T4680]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   63.985250][ T4680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.985271][ T4680] RIP: 0033:0x7f89a6c2eba9
[   63.985287][ T4680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.985387][ T4680] RSP: 002b:00007f89a568f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   63.985470][ T4680] RAX: ffffffffffffffda RBX: 00007f89a6e75fa0 RCX: 00007f89a6c2eba9
[   63.985482][ T4680] RDX: 0000200000000140 RSI: 0000000000008946 RDI: 0000000000000004
[   63.985493][ T4680] RBP: 00007f89a568f090 R08: 0000000000000000 R09: 0000000000000000
[   63.985504][ T4680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.985515][ T4680] R13: 00007f89a6e76038 R14: 00007f89a6e75fa0 R15: 00007ffe85e19bf8
[   63.985531][ T4680]  </TASK>
[   64.073059][ T4685] netlink: 'syz.0.444': attribute type 6 has an invalid length.
[   64.184729][ T4686] loop0: detected capacity change from 0 to 512
[   64.226316][ T4682] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   64.233251][ T4686] EXT4-fs (loop0): unable to read superblock
[   64.254354][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.304491][ T4694] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   64.314065][ T4696] netlink: 'syz.3.449': attribute type 46 has an invalid length.
[   64.323093][ T4696] process 'syz.3.449' launched './file0' with NULL argv: empty string added
[   64.450664][ T4692] Set syz1 is full, maxelem 65536 reached
[   64.461058][ T4705] vlan0: entered promiscuous mode
[   64.466307][ T4705] vlan0: entered allmulticast mode
[   64.471615][ T4705] veth0_vlan: entered allmulticast mode
[   64.482337][ T4707] loop3: detected capacity change from 0 to 128
[   64.494160][ T4707] loop3: detected capacity change from 0 to 256
[   64.565242][ T4715] loop4: detected capacity change from 0 to 1024
[   64.580306][ T4709] netlink: 'syz.0.452': attribute type 6 has an invalid length.
[   64.585541][ T4715] EXT4-fs: Ignoring removed orlov option
[   64.597461][ T4719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.610451][ T4715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.623146][ T4709] loop0: detected capacity change from 0 to 512
[   64.623570][ T4719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.643834][ T4709] EXT4-fs (loop0): unable to read superblock
[   64.775931][ T4733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.784895][ T4733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.798997][ T4733] loop3: detected capacity change from 0 to 1024
[   65.092123][ T4738] __nla_validate_parse: 2 callbacks suppressed
[   65.092144][ T4738] netlink: 404 bytes leftover after parsing attributes in process `syz.3.460'.
[   65.113170][ T4738] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.463287][ T4745] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   65.520328][ T4746] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   65.533396][ T4738] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.574919][ T4738] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.607161][ T4743] lo speed is unknown, defaulting to 1000
[   65.623454][ T4738] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.689497][   T51] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.698252][   T51] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.707304][   T51] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.720080][   T51] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.040529][ T4759] Driver unsupported XDP return value 0 on prog  (id 405) dev N/A, expect packet loss!
[   66.140124][ T4766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.469'.
[   66.211498][ T4779] loop1: detected capacity change from 0 to 512
[   66.218512][ T4779] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   66.229953][ T4779] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.474: bg 0: block 4: invalid block bitmap
[   66.244073][ T4779] EXT4-fs (loop1): Remounting filesystem read-only
[   66.250641][ T4779] EXT4-fs (loop1): 1 truncate cleaned up
[   66.256950][ T4779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.280441][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.362343][ T4787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4787 comm=syz.1.477
[   66.453571][ T4794] FAULT_INJECTION: forcing a failure.
[   66.453571][ T4794] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   66.467287][ T4794] CPU: 1 UID: 0 PID: 4794 Comm: syz.1.479 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   66.467316][ T4794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   66.467370][ T4794] Call Trace:
[   66.467375][ T4794]  <TASK>
[   66.467380][ T4794]  __dump_stack+0x1d/0x30
[   66.467396][ T4794]  dump_stack_lvl+0xe8/0x140
[   66.467408][ T4794]  dump_stack+0x15/0x1b
[   66.467418][ T4794]  should_fail_ex+0x265/0x280
[   66.467433][ T4794]  should_fail_alloc_page+0xf2/0x100
[   66.467474][ T4794]  __alloc_frozen_pages_noprof+0xff/0x360
[   66.467495][ T4794]  alloc_pages_mpol+0xb3/0x250
[   66.467514][ T4794]  alloc_pages_noprof+0x90/0x130
[   66.467554][ T4794]  __pmd_alloc+0x47/0x470
[   66.467568][ T4794]  handle_mm_fault+0x19d4/0x2c20
[   66.467582][ T4794]  ? __rcu_read_unlock+0x4f/0x70
[   66.467600][ T4794]  do_user_addr_fault+0x3fe/0x1090
[   66.467690][ T4794]  exc_page_fault+0x62/0xa0
[   66.467706][ T4794]  asm_exc_page_fault+0x26/0x30
[   66.467718][ T4794] RIP: 0010:rep_movs_alternative+0xf/0x90
[   66.467733][ T4794] Code: c4 10 e9 c4 f6 01 00 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 8d f6 01 00 66 2e
[   66.467745][ T4794] RSP: 0018:ffffc9000f693de8 EFLAGS: 00050202
[   66.467758][ T4794] RAX: ffff888104973c20 RBX: 0000000000000004 RCX: 0000000000000004
[   66.467767][ T4794] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc9000f693e2c
[   66.467807][ T4794] RBP: 0000000000000000 R08: 0000000000000215 R09: 0000000000000000
[   66.467815][ T4794] R10: 0001c9000f693e2c R11: 0001c9000f693e2f R12: 0000000000000004
[   66.467823][ T4794] R13: 000000000000001d R14: ffffc9000f693e2c R15: 0000200000000000
[   66.467835][ T4794]  _copy_from_user+0x6f/0xb0
[   66.467853][ T4794]  rds_setsockopt+0x393/0x9d0
[   66.467868][ T4794]  ? __pfx_rds_setsockopt+0x10/0x10
[   66.467959][ T4794]  __sys_setsockopt+0x181/0x200
[   66.467975][ T4794]  __x64_sys_setsockopt+0x64/0x80
[   66.467989][ T4794]  x64_sys_call+0x20ec/0x2ff0
[   66.468002][ T4794]  do_syscall_64+0xd2/0x200
[   66.468064][ T4794]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.468079][ T4794]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   66.468095][ T4794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.468167][ T4794] RIP: 0033:0x7f422b40eba9
[   66.468202][ T4794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.468213][ T4794] RSP: 002b:00007f4229e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   66.468225][ T4794] RAX: ffffffffffffffda RBX: 00007f422b655fa0 RCX: 00007f422b40eba9
[   66.468233][ T4794] RDX: 000000000000001d RSI: 0000000000000114 RDI: 0000000000000003
[   66.468241][ T4794] RBP: 00007f4229e77090 R08: 0000000000000004 R09: 0000000000000000
[   66.468286][ T4794] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.468296][ T4794] R13: 00007f422b656038 R14: 00007f422b655fa0 R15: 00007ffcb961c4a8
[   66.468352][ T4794]  </TASK>
[   66.787228][ T4798] loop2: detected capacity change from 0 to 512
[   66.800617][ T4798] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.857548][ T4796] lo speed is unknown, defaulting to 1000
[   66.962057][ T4796] lo speed is unknown, defaulting to 1000
[   67.059611][ T4796] lo speed is unknown, defaulting to 1000
[   67.163757][ T4796] lo speed is unknown, defaulting to 1000
[   67.271826][ T4796] lo speed is unknown, defaulting to 1000
[   67.377714][ T4796] lo speed is unknown, defaulting to 1000
[   67.483464][ T4796] lo speed is unknown, defaulting to 1000
[   67.593274][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.602527][ T4796] lo speed is unknown, defaulting to 1000
[   67.652854][ T4813] netlink: 'syz.4.483': attribute type 6 has an invalid length.
[   67.664912][ T4813] loop4: detected capacity change from 0 to 512
[   67.680339][ T4813] EXT4-fs (loop4): unable to read superblock
[   67.706072][ T4817] syzkaller0: entered allmulticast mode
[   67.742344][ T4817] syzkaller0 (unregistering): left allmulticast mode
[   67.867379][ T4824] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.011000][ T4824] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.053453][ T4824] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.073687][ T4832] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   68.099802][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.103052][   T29] kauditd_printk_skb: 330 callbacks suppressed
[   68.103066][   T29] audit: type=1400 audit(1757480077.486:2288): avc:  denied  { getopt } for  pid=4844 comm="syz.3.495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   68.137071][   T29] audit: type=1400 audit(1757480077.516:2289): avc:  denied  { name_connect } for  pid=4844 comm="syz.3.495" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   68.161509][   T29] audit: type=1400 audit(1757480077.546:2290): avc:  denied  { connect } for  pid=4844 comm="syz.3.495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   68.185980][ T4836] lo speed is unknown, defaulting to 1000
[   68.195722][ T4824] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.216437][ T4849] bridge: RTM_NEWNEIGH with invalid ether address
[   68.232101][   T29] audit: type=1326 audit(1757480077.606:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.255662][   T29] audit: type=1326 audit(1757480077.606:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.279754][   T29] audit: type=1326 audit(1757480077.606:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.303121][   T29] audit: type=1326 audit(1757480077.606:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.326590][   T29] audit: type=1326 audit(1757480077.606:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.349940][   T29] audit: type=1326 audit(1757480077.606:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.373439][   T29] audit: type=1326 audit(1757480077.606:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96a24eba9 code=0x7ffc0000
[   68.407481][ T3432] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.456388][   T51] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.470912][   T51] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.483550][  T168] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.538896][ T4853] netlink: 'syz.2.497': attribute type 6 has an invalid length.
[   68.568020][ T4853] loop2: detected capacity change from 0 to 512
[   68.587707][ T4853] EXT4-fs (loop2): unable to read superblock
[   68.634994][ T4859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.643626][ T4859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.659996][ T4859] loop2: detected capacity change from 0 to 1024
[   68.722083][ T4865] syzkaller0: entered allmulticast mode
[   68.738666][ T4865] syzkaller0 (unregistering): left allmulticast mode
[   68.762789][ T4868] loop0: detected capacity change from 0 to 128
[   68.772939][ T4868] loop9: detected capacity change from 0 to 7
[   68.779236][ T4868] buffer_io_error: 37 callbacks suppressed
[   68.779245][ T4868] Buffer I/O error on dev loop9, logical block 0, async page read
[   68.793559][ T4868] Buffer I/O error on dev loop9, logical block 0, async page read
[   68.801569][ T4868]  loop9: unable to read partition table
[   68.859323][ T4869] netlink: 404 bytes leftover after parsing attributes in process `syz.2.499'.
[   68.931970][ T4868] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   68.931970][ T4868] 
) failed (rc=-5)
[   69.050539][ T4877] netlink: 4 bytes leftover after parsing attributes in process `syz.1.505'.
[   69.237233][ T4872] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   69.247175][ T4872] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   69.266543][ T4886] loop0: detected capacity change from 0 to 512
[   69.273880][ T4886] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   69.286014][ T4872] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   69.296004][ T4872] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   69.297258][ T4886] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.507: bg 0: block 4: invalid block bitmap
[   69.320186][ T4886] EXT4-fs (loop0): Remounting filesystem read-only
[   69.326923][ T4886] EXT4-fs (loop0): 1 truncate cleaned up
[   69.335308][ T4886] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.353325][ T4891] netlink: 'syz.1.510': attribute type 6 has an invalid length.
[   69.363380][ T4872] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   69.373307][ T4872] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   69.387843][ T4891] loop1: detected capacity change from 0 to 512
[   69.395005][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.416325][ T4891] EXT4-fs (loop1): unable to read superblock
[   69.433296][ T4872] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   69.443375][ T4872] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   69.490394][  T168] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   69.498795][  T168] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   69.519678][  T168] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   69.522812][ T4905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.528060][  T168] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   69.545531][  T168] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   69.553956][  T168] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   69.562595][  T168] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   69.570981][  T168] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   69.579622][ T4905] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.599422][ T4905] loop1: detected capacity change from 0 to 1024
[   69.811134][ T4918] netlink: 404 bytes leftover after parsing attributes in process `syz.1.517'.
[   69.837056][ T4918] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.873151][ T4919] netlink: 'syz.3.521': attribute type 6 has an invalid length.
[   69.885902][ T4919] loop3: detected capacity change from 0 to 512
[   69.893153][ T4919] EXT4-fs (loop3): unable to read superblock
[   69.904770][ T4918] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.945889][ T4918] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.004723][ T4918] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.077514][   T51] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.088558][   T51] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.099140][   T51] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.109809][   T51] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.207538][ T4931] netlink: 'syz.3.527': attribute type 6 has an invalid length.
[   70.217949][ T4931] loop3: detected capacity change from 0 to 512
[   70.226972][ T4931] EXT4-fs (loop3): unable to read superblock
[   70.279695][ T4935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.529'.
[   70.339556][ T4950] netlink: 64 bytes leftover after parsing attributes in process `syz.3.534'.
[   70.365286][ T4946] loop0: detected capacity change from 0 to 512
[   70.378319][ T4946] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.535533][ T4955] Set syz1 is full, maxelem 65536 reached
[   70.666802][ T4970] syzkaller0: entered allmulticast mode
[   70.674883][ T4970] syzkaller0 (unregistering): left allmulticast mode
[   71.016533][ T4976] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   71.042506][ T4978] lo speed is unknown, defaulting to 1000
[   71.407109][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.453966][ T4986] loop0: detected capacity change from 0 to 1024
[   71.463317][ T4986] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.633091][ T5000] loop4: detected capacity change from 0 to 512
[   71.640613][ T5000] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   71.708506][ T5000] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.553: bg 0: block 4: invalid block bitmap
[   71.721345][ T5000] EXT4-fs (loop4): Remounting filesystem read-only
[   71.728204][ T5000] EXT4-fs (loop4): 1 truncate cleaned up
[   71.734486][ T5000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.758530][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.780650][ T5011] netlink: 24 bytes leftover after parsing attributes in process `syz.4.558'.
[   71.821666][ T5017] loop3: detected capacity change from 0 to 512
[   71.842198][ T5017] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   71.860752][ T5017] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.560: bg 0: block 4: invalid block bitmap
[   71.881285][ T5022] loop2: detected capacity change from 0 to 1024
[   71.889947][ T5022] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[   71.930863][ T5017] EXT4-fs (loop3): Remounting filesystem read-only
[   71.955321][ T5017] EXT4-fs (loop3): 1 truncate cleaned up
[   71.976882][ T5026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.987776][ T5017] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.009956][ T5026] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.044488][ T5028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.566'.
[   72.055325][ T5026] loop2: detected capacity change from 0 to 1024
[   72.067849][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.272421][ T5036] netlink: 404 bytes leftover after parsing attributes in process `syz.2.565'.
[   72.353043][ T5037] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   72.363105][ T5037] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   72.447491][ T5042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'.
[   72.723415][ T5037] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   72.733512][ T5037] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   72.735684][ T5048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.572'.
[   72.797589][ T5051] loop4: detected capacity change from 0 to 512
[   72.842704][ T5037] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   72.843154][ T5051] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   72.852677][ T5037] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   72.940951][ T5053] Set syz1 is full, maxelem 65536 reached
[   72.955574][ T5037] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[   72.965785][ T5037] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[   72.993827][ T5055] loop4: detected capacity change from 0 to 1024
[   73.001121][ T5055] EXT4-fs (loop4): VFS: Can't find ext4 filesystem
[   73.061139][ T5063] FAULT_INJECTION: forcing a failure.
[   73.061139][ T5063] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.074467][ T5063] CPU: 0 UID: 0 PID: 5063 Comm: syz.3.580 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.074493][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.074539][ T5063] Call Trace:
[   73.074545][ T5063]  <TASK>
[   73.074553][ T5063]  __dump_stack+0x1d/0x30
[   73.074577][ T5063]  dump_stack_lvl+0xe8/0x140
[   73.074597][ T5063]  dump_stack+0x15/0x1b
[   73.074615][ T5063]  should_fail_ex+0x265/0x280
[   73.074639][ T5063]  should_fail+0xb/0x20
[   73.074718][ T5063]  should_fail_usercopy+0x1a/0x20
[   73.074807][ T5063]  _copy_from_user+0x1c/0xb0
[   73.074905][ T5063]  __copy_msghdr+0x244/0x300
[   73.074975][ T5063]  ___sys_sendmsg+0x109/0x1d0
[   73.075031][ T5063]  __x64_sys_sendmsg+0xd4/0x160
[   73.075060][ T5063]  x64_sys_call+0x191e/0x2ff0
[   73.075083][ T5063]  do_syscall_64+0xd2/0x200
[   73.075114][ T5063]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.075211][ T5063]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   73.075240][ T5063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.075262][ T5063] RIP: 0033:0x7ff6c959eba9
[   73.075277][ T5063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.075358][ T5063] RSP: 002b:00007ff6c8007038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.075379][ T5063] RAX: ffffffffffffffda RBX: 00007ff6c97e5fa0 RCX: 00007ff6c959eba9
[   73.075393][ T5063] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[   73.075405][ T5063] RBP: 00007ff6c8007090 R08: 0000000000000000 R09: 0000000000000000
[   73.075421][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.075432][ T5063] R13: 00007ff6c97e6038 R14: 00007ff6c97e5fa0 R15: 00007ffe1fe7b6f8
[   73.075450][ T5063]  </TASK>
[   73.265982][ T5067] netlink: 16 bytes leftover after parsing attributes in process `syz.4.581'.
[   73.310719][ T5071] syzkaller0: entered allmulticast mode
[   73.333607][   T29] kauditd_printk_skb: 546 callbacks suppressed
[   73.333624][   T29] audit: type=1326 audit(1757480082.716:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.364811][   T29] audit: type=1326 audit(1757480082.746:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.367298][ T5071] syzkaller0 (unregistering): left allmulticast mode
[   73.388278][   T29] audit: type=1326 audit(1757480082.746:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.418525][   T29] audit: type=1326 audit(1757480082.746:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.471316][ T5077] loop1: detected capacity change from 0 to 512
[   73.478461][ T5077] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   73.487455][   T29] audit: type=1326 audit(1757480082.846:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.510784][   T29] audit: type=1326 audit(1757480082.846:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.519285][ T5079] loop3: detected capacity change from 0 to 1024
[   73.534174][   T29] audit: type=1326 audit(1757480082.846:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.534204][   T29] audit: type=1326 audit(1757480082.846:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   73.558500][ T5079] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[   73.563986][   T29] audit: type=1326 audit(1757480082.846:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f422b40ebe3 code=0x7ffc0000
[   73.617631][   T29] audit: type=1326 audit(1757480082.846:2853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5076 comm="syz.1.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f422b40d65f code=0x7ffc0000
[   73.818882][ T5087] netlink: 'syz.3.591': attribute type 6 has an invalid length.
[   73.850727][ T5087] loop3: detected capacity change from 0 to 512
[   73.866322][ T5081] Set syz1 is full, maxelem 65536 reached
[   73.876200][ T5087] EXT4-fs (loop3): unable to read superblock
[   73.925518][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.945434][ T5097] FAULT_INJECTION: forcing a failure.
[   73.945434][ T5097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.958589][ T5097] CPU: 0 UID: 0 PID: 5097 Comm: syz.0.595 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.958634][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.958645][ T5097] Call Trace:
[   73.958651][ T5097]  <TASK>
[   73.958658][ T5097]  __dump_stack+0x1d/0x30
[   73.958680][ T5097]  dump_stack_lvl+0xe8/0x140
[   73.958713][ T5097]  dump_stack+0x15/0x1b
[   73.958726][ T5097]  should_fail_ex+0x265/0x280
[   73.958747][ T5097]  should_fail+0xb/0x20
[   73.958764][ T5097]  should_fail_usercopy+0x1a/0x20
[   73.958789][ T5097]  _copy_from_iter+0xd2/0xe80
[   73.958828][ T5097]  ? __build_skb_around+0x1a0/0x200
[   73.958848][ T5097]  ? __alloc_skb+0x223/0x320
[   73.958928][ T5097]  netlink_sendmsg+0x471/0x6b0
[   73.958952][ T5097]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.958973][ T5097]  __sock_sendmsg+0x142/0x180
[   73.959064][ T5097]  ____sys_sendmsg+0x31e/0x4e0
[   73.959093][ T5097]  ___sys_sendmsg+0x17b/0x1d0
[   73.959130][ T5097]  __x64_sys_sendmsg+0xd4/0x160
[   73.959157][ T5097]  x64_sys_call+0x191e/0x2ff0
[   73.959259][ T5097]  do_syscall_64+0xd2/0x200
[   73.959291][ T5097]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.959318][ T5097]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   73.959351][ T5097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.959443][ T5097] RIP: 0033:0x7f4dc2a1eba9
[   73.959460][ T5097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.959479][ T5097] RSP: 002b:00007f4dc1487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.959501][ T5097] RAX: ffffffffffffffda RBX: 00007f4dc2c65fa0 RCX: 00007f4dc2a1eba9
[   73.959532][ T5097] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[   73.959543][ T5097] RBP: 00007f4dc1487090 R08: 0000000000000000 R09: 0000000000000000
[   73.959554][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.959565][ T5097] R13: 00007f4dc2c66038 R14: 00007f4dc2c65fa0 R15: 00007ffc49562b68
[   73.959663][ T5097]  </TASK>
[   74.165513][ T5101] loop4: detected capacity change from 0 to 512
[   74.172778][ T5101] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   74.192402][ T5103] loop0: detected capacity change from 0 to 1024
[   74.199805][ T5103] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[   74.221203][   T70] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[   74.229531][   T70] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[   74.238116][   T70] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[   74.246611][   T70] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[   74.257088][   T70] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[   74.265570][   T70] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[   74.276925][   T70] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[   74.285295][   T70] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[   74.308927][ T5115] FAULT_INJECTION: forcing a failure.
[   74.308927][ T5115] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   74.322328][ T5115] CPU: 1 UID: 0 PID: 5115 Comm: syz.4.606 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   74.322357][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   74.322369][ T5115] Call Trace:
[   74.322377][ T5115]  <TASK>
[   74.322385][ T5115]  __dump_stack+0x1d/0x30
[   74.322409][ T5115]  dump_stack_lvl+0xe8/0x140
[   74.322428][ T5115]  dump_stack+0x15/0x1b
[   74.322543][ T5115]  should_fail_ex+0x265/0x280
[   74.322618][ T5115]  should_fail+0xb/0x20
[   74.322639][ T5115]  should_fail_usercopy+0x1a/0x20
[   74.322665][ T5115]  _copy_to_user+0x20/0xa0
[   74.322702][ T5115]  simple_read_from_buffer+0xb5/0x130
[   74.322722][ T5115]  proc_fail_nth_read+0x10e/0x150
[   74.322746][ T5115]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   74.322768][ T5115]  vfs_read+0x1a5/0x770
[   74.322886][ T5115]  ? __rcu_read_unlock+0x4f/0x70
[   74.322906][ T5115]  ? __fget_files+0x184/0x1c0
[   74.322931][ T5115]  ksys_read+0xda/0x1a0
[   74.322953][ T5115]  __x64_sys_read+0x40/0x50
[   74.322975][ T5115]  x64_sys_call+0x27bc/0x2ff0
[   74.323021][ T5115]  do_syscall_64+0xd2/0x200
[   74.323059][ T5115]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   74.323082][ T5115]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   74.323111][ T5115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.323269][ T5115] RIP: 0033:0x7f89a6c2d5bc
[   74.323285][ T5115] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   74.323300][ T5115] RSP: 002b:00007f89a568f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   74.323318][ T5115] RAX: ffffffffffffffda RBX: 00007f89a6e75fa0 RCX: 00007f89a6c2d5bc
[   74.323392][ T5115] RDX: 000000000000000f RSI: 00007f89a568f0a0 RDI: 0000000000000004
[   74.323404][ T5115] RBP: 00007f89a568f090 R08: 0000000000000000 R09: 0000000000000000
[   74.323417][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.323430][ T5115] R13: 00007f89a6e76038 R14: 00007f89a6e75fa0 R15: 00007ffe85e19bf8
[   74.323447][ T5115]  </TASK>
[   74.551036][ T5124] loop4: detected capacity change from 0 to 512
[   74.552502][ T5120] netlink: 'syz.0.605': attribute type 6 has an invalid length.
[   74.565311][ T5118] loop1: detected capacity change from 0 to 4096
[   74.571966][ T5120] loop0: detected capacity change from 0 to 512
[   74.579153][ T5124] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   74.580759][ T5120] EXT4-fs (loop0): unable to read superblock
[   74.591494][ T5118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.608722][ T5124] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.609: bg 0: block 4: invalid block bitmap
[   74.620086][ T5118] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.607: Failed to acquire dquot type 0
[   74.621699][ T5124] EXT4-fs (loop4): Remounting filesystem read-only
[   74.648450][ T5124] EXT4-fs (loop4): 1 truncate cleaned up
[   74.655093][ T5124] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.668391][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.697659][ T5131] FAULT_INJECTION: forcing a failure.
[   74.697659][ T5131] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   74.711058][ T5131] CPU: 1 UID: 0 PID: 5131 Comm: syz.0.612 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   74.711111][ T5131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   74.711123][ T5131] Call Trace:
[   74.711130][ T5131]  <TASK>
[   74.711137][ T5131]  __dump_stack+0x1d/0x30
[   74.711162][ T5131]  dump_stack_lvl+0xe8/0x140
[   74.711236][ T5131]  dump_stack+0x15/0x1b
[   74.711254][ T5131]  should_fail_ex+0x265/0x280
[   74.711279][ T5131]  should_fail_alloc_page+0xf2/0x100
[   74.711344][ T5131]  alloc_pages_bulk_noprof+0xef/0x540
[   74.711380][ T5131]  copy_splice_read+0xf3/0x660
[   74.711407][ T5131]  ? __pfx_copy_splice_read+0x10/0x10
[   74.711427][ T5131]  splice_direct_to_actor+0x26c/0x680
[   74.711449][ T5131]  ? __pfx_direct_splice_actor+0x10/0x10
[   74.711474][ T5131]  do_splice_direct+0xda/0x150
[   74.711527][ T5131]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   74.711553][ T5131]  do_sendfile+0x380/0x650
[   74.711619][ T5131]  __x64_sys_sendfile64+0x105/0x150
[   74.711661][ T5131]  x64_sys_call+0x2bb0/0x2ff0
[   74.711693][ T5131]  do_syscall_64+0xd2/0x200
[   74.711720][ T5131]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   74.711750][ T5131]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   74.711858][ T5131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.711877][ T5131] RIP: 0033:0x7f4dc2a1eba9
[   74.711913][ T5131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.711983][ T5131] RSP: 002b:00007f4dc1487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   74.712005][ T5131] RAX: ffffffffffffffda RBX: 00007f4dc2c65fa0 RCX: 00007f4dc2a1eba9
[   74.712018][ T5131] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
[   74.712064][ T5131] RBP: 00007f4dc1487090 R08: 0000000000000000 R09: 0000000000000000
[   74.712078][ T5131] R10: 000000007ffff088 R11: 0000000000000246 R12: 0000000000000001
[   74.712090][ T5131] R13: 00007f4dc2c66038 R14: 00007f4dc2c65fa0 R15: 00007ffc49562b68
[   74.712108][ T5131]  </TASK>
[   74.917440][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.973422][ T5143] loop4: detected capacity change from 0 to 1024
[   74.983676][ T5143] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   74.995993][ T5143] ext4 filesystem being mounted at /135/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.025483][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   75.048098][ T5154] loop0: detected capacity change from 0 to 1024
[   75.056075][ T5154] EXT4-fs: Ignoring removed orlov option
[   75.066947][ T5160] loop4: detected capacity change from 0 to 128
[   75.074202][ T5154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.096909][ T5160] loop9: detected capacity change from 0 to 7
[   75.103219][ T5160] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.111168][ T5160] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.119157][ T5160]  loop9: unable to read partition table
[   75.125290][ T5160] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   75.125290][ T5160] 
) failed (rc=-5)
[   75.178191][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.1.625'.
[   75.180134][ T5173] loop4: detected capacity change from 0 to 512
[   75.197622][ T5173] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   75.210287][ T5173] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.626: bg 0: block 4: invalid block bitmap
[   75.223048][ T5173] EXT4-fs (loop4): Remounting filesystem read-only
[   75.229697][ T5173] EXT4-fs (loop4): 1 truncate cleaned up
[   75.236257][ T5173] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.294821][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.308510][ T5181] syz!: rxe_newlink: already configured on team_slave_0
[   75.317482][ T5183] loop1: detected capacity change from 0 to 512
[   75.329522][ T5183] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   75.357407][ T5196] loop2: detected capacity change from 0 to 128
[   75.368400][ T5196] loop9: detected capacity change from 0 to 7
[   75.375869][ T5196] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.383986][ T5196] Buffer I/O error on dev loop9, logical block 0, async page read
[   75.391939][ T5196]  loop9: unable to read partition table
[   75.398197][ T5196] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   75.398197][ T5196] 
) failed (rc=-5)
[   75.418784][ T5183] EXT4-fs (loop1): 1 truncate cleaned up
[   75.443345][ T5201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.636'.
[   75.452640][ T5201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.636'.
[   75.462884][ T5183] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.493235][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.524825][ T5210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.533803][ T5210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.547866][ T5210] loop4: detected capacity change from 0 to 1024
[   75.584101][ T5213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.642'.
[   75.761205][ T5222] netlink: 404 bytes leftover after parsing attributes in process `syz.4.641'.
[   75.856727][ T5223] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.892738][ T5221] loop1: detected capacity change from 0 to 2048
[   75.904203][ T5223] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.162257][ T5225] random: crng reseeded on system resumption
[   76.192513][ T5221] ext4: Unknown parameter 'pcr'
[   76.215993][ T5223] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.244270][ T5223] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.264345][ T5228] loop2: detected capacity change from 0 to 128
[   76.314736][   T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.324634][   T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.346164][   T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.347574][ T5228] loop9: detected capacity change from 0 to 7
[   76.564464][   T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.572744][ T5228] Buffer I/O error on dev loop9, logical block 0, async page read
[   76.580841][ T5228] Buffer I/O error on dev loop9, logical block 0, async page read
[   76.588866][ T5228]  loop9: unable to read partition table
[   76.612008][ T5228] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   76.612008][ T5228] 
) failed (rc=-5)
[   76.735151][ T5236] netlink: 256 bytes leftover after parsing attributes in process `syz.3.648'.
[   76.770916][ T5243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.650'.
[   76.849304][ T5251] syzkaller0: entered allmulticast mode
[   76.857421][ T5251] syzkaller0 (unregistering): left allmulticast mode
[   76.950322][ T5247] lo speed is unknown, defaulting to 1000
[   76.972038][ T5252] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   77.058469][ T5257] lo speed is unknown, defaulting to 1000
[   77.084756][ T5258] netlink: 10 bytes leftover after parsing attributes in process `syz.2.655'.
[   77.219331][ T5264] netlink: 100 bytes leftover after parsing attributes in process `syz.1.657'.
[   77.253653][ T5268] netlink: 100 bytes leftover after parsing attributes in process `syz.1.659'.
[   77.301874][ T5272] FAULT_INJECTION: forcing a failure.
[   77.301874][ T5272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   77.315077][ T5272] CPU: 1 UID: 0 PID: 5272 Comm: syz.1.661 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   77.315174][ T5272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   77.315181][ T5272] Call Trace:
[   77.315185][ T5272]  <TASK>
[   77.315189][ T5272]  __dump_stack+0x1d/0x30
[   77.315205][ T5272]  dump_stack_lvl+0xe8/0x140
[   77.315265][ T5272]  dump_stack+0x15/0x1b
[   77.315338][ T5272]  should_fail_ex+0x265/0x280
[   77.315352][ T5272]  should_fail+0xb/0x20
[   77.315394][ T5272]  should_fail_usercopy+0x1a/0x20
[   77.315408][ T5272]  _copy_from_user+0x1c/0xb0
[   77.315453][ T5272]  ___sys_sendmsg+0xc1/0x1d0
[   77.315476][ T5272]  __x64_sys_sendmsg+0xd4/0x160
[   77.315493][ T5272]  x64_sys_call+0x191e/0x2ff0
[   77.315506][ T5272]  do_syscall_64+0xd2/0x200
[   77.315570][ T5272]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   77.315589][ T5272]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   77.315606][ T5272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.315621][ T5272] RIP: 0033:0x7f422b40eba9
[   77.315664][ T5272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.315676][ T5272] RSP: 002b:00007f4229e77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.315690][ T5272] RAX: ffffffffffffffda RBX: 00007f422b655fa0 RCX: 00007f422b40eba9
[   77.315776][ T5272] RDX: 0000000000040010 RSI: 0000200000006040 RDI: 0000000000000004
[   77.315784][ T5272] RBP: 00007f4229e77090 R08: 0000000000000000 R09: 0000000000000000
[   77.315792][ T5272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   77.315800][ T5272] R13: 00007f422b656038 R14: 00007f422b655fa0 R15: 00007ffcb961c4a8
[   77.315811][ T5272]  </TASK>
[   78.021481][ T5308] loop1: detected capacity change from 0 to 512
[   78.031398][ T5308] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.106969][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.226213][ T5316] lo speed is unknown, defaulting to 1000
[   78.232755][ T5310] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   78.367550][   T29] kauditd_printk_skb: 476 callbacks suppressed
[   78.367606][   T29] audit: type=1400 audit(1757480087.746:3328): avc:  denied  { prog_run } for  pid=5323 comm="syz.0.681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   78.440680][   T29] audit: type=1400 audit(1757480087.816:3329): avc:  denied  { create } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   78.475371][   T29] audit: type=1400 audit(1757480087.846:3330): avc:  denied  { read write } for  pid=5327 comm="syz.0.683" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   78.499413][   T29] audit: type=1400 audit(1757480087.846:3331): avc:  denied  { open } for  pid=5327 comm="syz.0.683" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   78.523452][   T29] audit: type=1400 audit(1757480087.846:3332): avc:  denied  { create } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   78.542973][   T29] audit: type=1400 audit(1757480087.846:3333): avc:  denied  { setopt } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   78.562582][   T29] audit: type=1400 audit(1757480087.846:3334): avc:  denied  { bind } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   78.582113][   T29] audit: type=1400 audit(1757480087.846:3335): avc:  denied  { create } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   78.603087][   T29] audit: type=1400 audit(1757480087.846:3336): avc:  denied  { write } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   78.623657][   T29] audit: type=1400 audit(1757480087.846:3337): avc:  denied  { getopt } for  pid=5327 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   78.731092][ T5335] loop3: detected capacity change from 0 to 128
[   78.743552][ T5335] loop9: detected capacity change from 0 to 7
[   78.749730][ T5335] Buffer I/O error on dev loop9, logical block 0, async page read
[   78.757877][ T5335] Buffer I/O error on dev loop9, logical block 0, async page read
[   78.765785][ T5335]  loop9: unable to read partition table
[   78.768071][ T5336] netlink: 4 bytes leftover after parsing attributes in process `syz.4.685'.
[   78.772001][ T5335] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   78.772001][ T5335] 
) failed (rc=-5)
[   78.845264][ T5339] loop3: detected capacity change from 0 to 512
[   78.879421][ T5339] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   78.913419][ T5339] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.687: bg 0: block 4: invalid block bitmap
[   78.941915][ T5339] EXT4-fs (loop3): Remounting filesystem read-only
[   78.948552][ T5339] EXT4-fs (loop3): 1 truncate cleaned up
[   78.973861][ T5339] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.054084][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.079030][ T5358] loop0: detected capacity change from 0 to 128
[   79.108246][ T5358] loop9: detected capacity change from 0 to 7
[   79.127931][ T5358] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.137603][ T5358] Buffer I/O error on dev loop9, logical block 0, async page read
[   79.145530][ T5358]  loop9: unable to read partition table
[   79.152240][ T5358] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   79.152240][ T5358] 
) failed (rc=-5)
[   79.167914][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.258954][ T5377] loop0: detected capacity change from 0 to 512
[   79.272072][ T5375] syzkaller0: entered allmulticast mode
[   79.279723][ T5375] syzkaller0 (unregistering): left allmulticast mode
[   79.287881][ T5377] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   79.316265][ T5381] netlink: 'syz.1.698': attribute type 2 has an invalid length.
[   79.324081][ T5381] netlink: 'syz.1.698': attribute type 1 has an invalid length.
[   79.347461][ T5383] loop0: detected capacity change from 0 to 1024
[   79.354553][ T5383] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[   79.475561][ T5393] 9pnet: Could not find request transport: t
[   79.484918][ T5393] bridge0: entered promiscuous mode
[   79.485911][ T5393] bridge0: port 3(macsec1) entered blocking state
[   79.486006][ T5393] bridge0: port 3(macsec1) entered disabled state
[   79.486137][ T5393] macsec1: entered allmulticast mode
[   79.486219][ T5393] bridge0: entered allmulticast mode
[   79.486743][ T5393] macsec1: left allmulticast mode
[   79.526821][ T5393] bridge0: left allmulticast mode
[   79.532242][ T5393] bridge0: left promiscuous mode
[   79.535458][ T5397] syzkaller0: entered allmulticast mode
[   79.537021][ T5397] syzkaller0 (unregistering): left allmulticast mode
[   79.638367][ T5405] loop3: detected capacity change from 0 to 128
[   79.664651][ T5405] loop9: detected capacity change from 0 to 7
[   79.670930][ T5405]  loop9: unable to read partition table
[   79.670993][ T5405] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   79.670993][ T5405] 
) failed (rc=-5)
[   79.800029][ T5415] loop3: detected capacity change from 0 to 1024
[   79.800801][ T5415] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[   79.826493][ T5416] syzkaller0: entered allmulticast mode
[   79.834892][ T5416] syzkaller0 (unregistering): left allmulticast mode
[   80.068521][ T5431] syz!: rxe_newlink: already configured on team_slave_0
[   80.277576][ T5442] rdma_rxe: rxe_newlink: failed to add lo
[   80.489061][ T5450] 9pnet_fd: Insufficient options for proto=fd
[   80.705544][ T5448] lo speed is unknown, defaulting to 1000
[   80.804424][ T5458] __nla_validate_parse: 9 callbacks suppressed
[   80.804442][ T5458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.731'.
[   80.856217][ T5454] Set syz1 is full, maxelem 65536 reached
[   80.947569][ T5464] loop3: detected capacity change from 0 to 128
[   80.957918][ T5464] loop9: detected capacity change from 0 to 7
[   80.964370][ T5464] buffer_io_error: 2 callbacks suppressed
[   80.964379][ T5464] Buffer I/O error on dev loop9, logical block 0, async page read
[   80.978341][ T5464] Buffer I/O error on dev loop9, logical block 0, async page read
[   80.986454][ T5464]  loop9: unable to read partition table
[   80.996683][ T5464] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   80.996683][ T5464] 
) failed (rc=-5)
[   81.022926][ T5466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.734'.
[   81.064864][ T5476] netlink: 256 bytes leftover after parsing attributes in process `syz.1.738'.
[   81.151452][ T5486] syzkaller0: entered allmulticast mode
[   81.231931][ T5474] Set syz1 is full, maxelem 65536 reached
[   81.238812][ T5486] syzkaller0 (unregistering): left allmulticast mode
[   81.311871][ T5491] netlink: 'syz.3.743': attribute type 6 has an invalid length.
[   81.332499][ T5491] loop3: detected capacity change from 0 to 512
[   81.342113][ T5491] EXT4-fs (loop3): unable to read superblock
[   81.365770][ T5493] loop1: detected capacity change from 0 to 512
[   81.374101][ T5489] lo speed is unknown, defaulting to 1000
[   81.383568][ T5493] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   81.399494][ T5493] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.744: bg 0: block 4: invalid block bitmap
[   81.413473][ T5493] EXT4-fs (loop1): Remounting filesystem read-only
[   81.420462][ T5493] EXT4-fs (loop1): 1 truncate cleaned up
[   81.427140][ T5493] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.462335][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.496303][ T5502] loop1: detected capacity change from 0 to 128
[   81.508822][ T5502] loop9: detected capacity change from 0 to 7
[   81.515451][ T5502] Buffer I/O error on dev loop9, logical block 0, async page read
[   81.523838][ T5502] Buffer I/O error on dev loop9, logical block 0, async page read
[   81.531940][ T5502]  loop9: unable to read partition table
[   81.537955][ T5502] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   81.537955][ T5502] 
) failed (rc=-5)
[   81.577255][ T5507] batadv0: entered promiscuous mode
[   81.586888][ T5504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.748'.
[   81.610867][ T5510] netlink: 256 bytes leftover after parsing attributes in process `syz.3.750'.
[   81.666708][ T5518] loop4: detected capacity change from 0 to 512
[   81.678666][ T5518] EXT4-fs (loop4): orphan cleanup on readonly fs
[   81.691204][ T5518] EXT4-fs error (device loop4): ext4_quota_enable:7128: comm syz.4.752: inode #218103808: comm syz.4.752: iget: illegal inode #
[   81.704686][ T5518] EXT4-fs error (device loop4): ext4_quota_enable:7131: comm syz.4.752: Bad quota inode: 218103808, type: 2
[   81.731442][ T5518] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=218103808). Please run e2fsck to fix.
[   81.748619][ T5518] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   81.767184][ T5523] netlink: 'syz.1.755': attribute type 6 has an invalid length.
[   81.779156][ T5523] loop1: detected capacity change from 0 to 512
[   81.786199][ T5518] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   81.801130][ T5523] EXT4-fs (loop1): unable to read superblock
[   81.818521][ T5517] Set syz1 is full, maxelem 65536 reached
[   81.824385][ T5518] macvtap0: refused to change device tx_queue_len
[   81.831344][ T5518] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.752: deleted inode referenced: 12
[   81.843550][ T5518] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.752: deleted inode referenced: 12
[   81.857498][ T5518] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.752: deleted inode referenced: 12
[   81.873849][ T5518] C: renamed from team_slave_0 (while UP)
[   81.882126][ T5518] netlink: 'syz.4.752': attribute type 3 has an invalid length.
[   81.889813][ T5518] netlink: 140 bytes leftover after parsing attributes in process `syz.4.752'.
[   81.889942][ T5525] loop1: detected capacity change from 0 to 1024
[   81.899009][ T5518] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   81.913005][ T5525] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   81.927024][ T5518] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   81.969576][ T5518] EXT4-fs error (device loop4): ext4_quota_enable:7128: comm syz.4.752: inode #218103808: comm syz.4.752: iget: illegal inode #
[   81.984604][ T5518] EXT4-fs error (device loop4): ext4_quota_enable:7131: comm syz.4.752: Bad quota inode: 218103808, type: 2
[   81.998438][ T5532] syz!: rxe_newlink: already configured on team_slave_0
[   81.999407][ T5518] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=218103808). Please run e2fsck to fix.
[   82.036754][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.054093][ T5535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.760'.
[   82.106700][ T5545] loop3: detected capacity change from 0 to 128
[   82.121713][ T5545] FAULT_INJECTION: forcing a failure.
[   82.121713][ T5545] name failslab, interval 1, probability 0, space 0, times 0
[   82.134565][ T5545] CPU: 1 UID: 0 PID: 5545 Comm: syz.3.765 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   82.134592][ T5545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   82.134605][ T5545] Call Trace:
[   82.134612][ T5545]  <TASK>
[   82.134619][ T5545]  __dump_stack+0x1d/0x30
[   82.134642][ T5545]  dump_stack_lvl+0xe8/0x140
[   82.134661][ T5545]  dump_stack+0x15/0x1b
[   82.134677][ T5545]  should_fail_ex+0x265/0x280
[   82.134701][ T5545]  should_failslab+0x8c/0xb0
[   82.134726][ T5545]  kmem_cache_alloc_noprof+0x50/0x310
[   82.134753][ T5545]  ? vm_area_dup+0x33/0x2c0
[   82.134782][ T5545]  ? mod_memcg_lruvec_state+0x1fc/0x2c0
[   82.134809][ T5545]  vm_area_dup+0x33/0x2c0
[   82.134839][ T5545]  __split_vma+0xe9/0x650
[   82.134866][ T5545]  ? mas_find+0x5d5/0x700
[   82.134897][ T5545]  vms_gather_munmap_vmas+0x2b2/0x7b0
[   82.134935][ T5545]  mmap_region+0x53f/0x1630
[   82.134962][ T5545]  ? mntput_no_expire+0x6f/0x460
[   82.134992][ T5545]  ? mntput+0x4b/0x80
[   82.135027][ T5545]  do_mmap+0x9b3/0xbe0
[   82.135058][ T5545]  vm_mmap_pgoff+0x17a/0x2e0
[   82.135089][ T5545]  ksys_mmap_pgoff+0x268/0x310
[   82.135108][ T5545]  x64_sys_call+0x14a3/0x2ff0
[   82.135129][ T5545]  do_syscall_64+0xd2/0x200
[   82.135157][ T5545]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   82.135180][ T5545]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   82.135208][ T5545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.135228][ T5545] RIP: 0033:0x7ff6c959eba9
[   82.135243][ T5545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.135257][ T5545] RSP: 002b:00007ff6c8007038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   82.135277][ T5545] RAX: ffffffffffffffda RBX: 00007ff6c97e5fa0 RCX: 00007ff6c959eba9
[   82.135290][ T5545] RDX: 000000000100000b RSI: 0000000000004000 RDI: 0000200000000000
[   82.135302][ T5545] RBP: 00007ff6c8007090 R08: 0000000000000005 R09: 0000000000000000
[   82.135312][ T5545] R10: 0000000000002013 R11: 0000000000000246 R12: 0000000000000001
[   82.135323][ T5545] R13: 00007ff6c97e6038 R14: 00007ff6c97e5fa0 R15: 00007ffe1fe7b6f8
[   82.135338][ T5545]  </TASK>
[   82.411340][ T5558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.770'.
[   82.420258][ T5558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.770'.
[   82.513611][ T5560] 9pnet: Could not find request transport: t
[   82.526559][ T5558] bridge0: entered promiscuous mode
[   82.530402][ T5557] Set syz1 is full, maxelem 65536 reached
[   82.533087][ T5558] bridge0: port 3(macsec1) entered blocking state
[   82.544017][ T5558] bridge0: port 3(macsec1) entered disabled state
[   82.551948][ T5558] macsec1: entered allmulticast mode
[   82.557297][ T5558] bridge0: entered allmulticast mode
[   82.567559][ T5558] macsec1: left allmulticast mode
[   82.572706][ T5558] bridge0: left allmulticast mode
[   82.581621][ T5558] bridge0: left promiscuous mode
[   82.629418][ T5566] loop1: detected capacity change from 0 to 1024
[   82.639500][ T5566] EXT4-fs: Ignoring removed orlov option
[   82.677666][ T5566] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.691818][ T5575] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[   82.698488][ T5575] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   82.706073][ T5575] vhci_hcd vhci_hcd.0: Device attached
[   82.734822][ T5562] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   82.749663][ T5577] vhci_hcd: connection closed
[   82.749971][   T51] vhci_hcd: stop threads
[   82.752842][ T5559] lo speed is unknown, defaulting to 1000
[   82.754776][   T51] vhci_hcd: release socket
[   82.769173][   T51] vhci_hcd: disconnect device
[   83.070848][ T5587] loop4: detected capacity change from 0 to 512
[   83.078346][ T5587] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   83.137262][ T5589] netlink: 'syz.2.779': attribute type 6 has an invalid length.
[   83.149421][ T5589] loop2: detected capacity change from 0 to 512
[   83.156801][ T5589] EXT4-fs (loop2): unable to read superblock
[   83.274260][ T5605] 9pnet_fd: Insufficient options for proto=fd
[   83.280664][ T5605] netlink: 'syz.2.787': attribute type 1 has an invalid length.
[   83.291498][ T5609] netlink: 'syz.3.789': attribute type 6 has an invalid length.
[   83.311411][ T5609] loop3: detected capacity change from 0 to 512
[   83.326263][ T5609] EXT4-fs (loop3): unable to read superblock
[   83.378163][ T5599] Set syz1 is full, maxelem 65536 reached
[   83.408950][   T29] kauditd_printk_skb: 652 callbacks suppressed
[   83.408969][   T29] audit: type=1400 audit(1757480092.716:3990): avc:  denied  { create } for  pid=5612 comm="syz.0.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   83.435412][   T29] audit: type=1400 audit(1757480092.716:3991): avc:  denied  { execmem } for  pid=5610 comm="syz.2.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   83.454595][   T29] audit: type=1400 audit(1757480092.766:3992): avc:  denied  { read write } for  pid=5612 comm="syz.0.791" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   83.478525][   T29] audit: type=1400 audit(1757480092.766:3993): avc:  denied  { open } for  pid=5612 comm="syz.0.791" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   83.502741][   T29] audit: type=1400 audit(1757480092.766:3994): avc:  denied  { getopt } for  pid=5612 comm="syz.0.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   83.542500][   T29] audit: type=1326 audit(1757480092.836:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5614 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   83.565946][   T29] audit: type=1326 audit(1757480092.836:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5614 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   83.589349][   T29] audit: type=1326 audit(1757480092.836:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5614 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   83.612998][   T29] audit: type=1326 audit(1757480092.836:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5614 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   83.636812][   T29] audit: type=1326 audit(1757480092.836:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5614 comm="syz.0.792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   83.713054][ T5623] rdma_rxe: rxe_newlink: failed to add lo
[   83.985091][ T5632] netlink: 'syz.0.797': attribute type 4 has an invalid length.
[   84.059920][ T5632] netlink: 'syz.0.797': attribute type 4 has an invalid length.
[   84.132187][ T5637] FAULT_INJECTION: forcing a failure.
[   84.132187][ T5637] name failslab, interval 1, probability 0, space 0, times 0
[   84.144866][ T5637] CPU: 0 UID: 0 PID: 5637 Comm: syz.4.799 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.144889][ T5637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   84.144895][ T5637] Call Trace:
[   84.144937][ T5637]  <TASK>
[   84.144943][ T5637]  __dump_stack+0x1d/0x30
[   84.144958][ T5637]  dump_stack_lvl+0xe8/0x140
[   84.145015][ T5637]  dump_stack+0x15/0x1b
[   84.145025][ T5637]  should_fail_ex+0x265/0x280
[   84.145040][ T5637]  should_failslab+0x8c/0xb0
[   84.145130][ T5637]  kmem_cache_alloc_node_noprof+0x57/0x320
[   84.145148][ T5637]  ? __alloc_skb+0x101/0x320
[   84.145169][ T5637]  __alloc_skb+0x101/0x320
[   84.145182][ T5637]  sock_omalloc+0x81/0xf0
[   84.145197][ T5637]  msg_zerocopy_realloc+0x84/0x420
[   84.145212][ T5637]  ? obj_cgroup_charge_account+0xba/0x1a0
[   84.145252][ T5637]  ? xas_load+0x413/0x430
[   84.145326][ T5637]  tcp_sendmsg_locked+0x254d/0x2c00
[   84.145412][ T5637]  ? mod_memcg_lruvec_state+0x1fc/0x2c0
[   84.145509][ T5637]  ? __rcu_read_unlock+0x4f/0x70
[   84.145522][ T5637]  ? __account_obj_stock+0x2cc/0x350
[   84.145536][ T5637]  ? __rcu_read_unlock+0x4f/0x70
[   84.145548][ T5637]  ? avc_has_perm_noaudit+0x1b1/0x200
[   84.145643][ T5637]  ? avc_has_perm+0xf7/0x180
[   84.145658][ T5637]  ? _raw_spin_unlock_bh+0x36/0x40
[   84.145675][ T5637]  ? __pfx_tcp_sendmsg+0x10/0x10
[   84.145770][ T5637]  tcp_sendmsg+0x2f/0x50
[   84.145789][ T5637]  inet_sendmsg+0x76/0xd0
[   84.145804][ T5637]  __sock_sendmsg+0x102/0x180
[   84.145832][ T5637]  ____sys_sendmsg+0x345/0x4e0
[   84.145849][ T5637]  ___sys_sendmsg+0x17b/0x1d0
[   84.145871][ T5637]  __sys_sendmmsg+0x178/0x300
[   84.145900][ T5637]  __x64_sys_sendmmsg+0x57/0x70
[   84.145922][ T5637]  x64_sys_call+0x1c4a/0x2ff0
[   84.145935][ T5637]  do_syscall_64+0xd2/0x200
[   84.146091][ T5637]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   84.146107][ T5637]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   84.146140][ T5637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.146153][ T5637] RIP: 0033:0x7f89a6c2eba9
[   84.146164][ T5637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.146205][ T5637] RSP: 002b:00007f89a568f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   84.146219][ T5637] RAX: ffffffffffffffda RBX: 00007f89a6e75fa0 RCX: 00007f89a6c2eba9
[   84.146227][ T5637] RDX: 0000000000000001 RSI: 0000200000000f40 RDI: 0000000000000006
[   84.146235][ T5637] RBP: 00007f89a568f090 R08: 0000000000000000 R09: 0000000000000000
[   84.146243][ T5637] R10: 000000002400c042 R11: 0000000000000246 R12: 0000000000000001
[   84.146295][ T5637] R13: 00007f89a6e76038 R14: 00007f89a6e75fa0 R15: 00007ffe85e19bf8
[   84.146306][ T5637]  </TASK>
[   84.640209][ T5660] netlink: 24 bytes leftover after parsing attributes in process `syz.3.808'.
[   84.753495][ T5668] random: crng reseeded on system resumption
[   85.251571][ T5671] FAULT_INJECTION: forcing a failure.
[   85.251571][ T5671] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.264861][ T5671] CPU: 0 UID: 0 PID: 5671 Comm: syz.4.813 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.264912][ T5671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   85.264924][ T5671] Call Trace:
[   85.264932][ T5671]  <TASK>
[   85.264939][ T5671]  __dump_stack+0x1d/0x30
[   85.264962][ T5671]  dump_stack_lvl+0xe8/0x140
[   85.264984][ T5671]  dump_stack+0x15/0x1b
[   85.265001][ T5671]  should_fail_ex+0x265/0x280
[   85.265043][ T5671]  should_fail+0xb/0x20
[   85.265056][ T5671]  should_fail_usercopy+0x1a/0x20
[   85.265071][ T5671]  _copy_from_user+0x1c/0xb0
[   85.265088][ T5671]  sg_write+0x610/0x750
[   85.265180][ T5671]  vfs_writev+0x403/0x8b0
[   85.265313][ T5671]  ? __pfx_sg_write+0x10/0x10
[   85.265403][ T5671]  do_writev+0xe7/0x210
[   85.265427][ T5671]  __x64_sys_writev+0x45/0x50
[   85.265483][ T5671]  x64_sys_call+0x1e9a/0x2ff0
[   85.265496][ T5671]  do_syscall_64+0xd2/0x200
[   85.265515][ T5671]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   85.265593][ T5671]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   85.265609][ T5671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.265623][ T5671] RIP: 0033:0x7f89a6c2eba9
[   85.265634][ T5671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.265695][ T5671] RSP: 002b:00007f89a568f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   85.265710][ T5671] RAX: ffffffffffffffda RBX: 00007f89a6e75fa0 RCX: 00007f89a6c2eba9
[   85.265767][ T5671] RDX: 0000000000000002 RSI: 00002000000002c0 RDI: 0000000000000003
[   85.265775][ T5671] RBP: 00007f89a568f090 R08: 0000000000000000 R09: 0000000000000000
[   85.265783][ T5671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   85.265791][ T5671] R13: 00007f89a6e76038 R14: 00007f89a6e75fa0 R15: 00007ffe85e19bf8
[   85.265803][ T5671]  </TASK>
[   85.487137][ T5680] loop3: detected capacity change from 0 to 128
[   85.493921][ T5680] vfat: Unknown parameter '����'
[   85.509384][ T5680] loop3: detected capacity change from 0 to 2048
[   85.515940][ T5680] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   85.619081][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.716328][ T5691] Set syz1 is full, maxelem 65536 reached
[   85.764724][ T5700] FAULT_INJECTION: forcing a failure.
[   85.764724][ T5700] name failslab, interval 1, probability 0, space 0, times 0
[   85.777426][ T5700] CPU: 0 UID: 0 PID: 5700 Comm: syz.1.825 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   85.777453][ T5700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   85.777465][ T5700] Call Trace:
[   85.777472][ T5700]  <TASK>
[   85.777490][ T5700]  __dump_stack+0x1d/0x30
[   85.777511][ T5700]  dump_stack_lvl+0xe8/0x140
[   85.777528][ T5700]  dump_stack+0x15/0x1b
[   85.777551][ T5700]  should_fail_ex+0x265/0x280
[   85.777573][ T5700]  should_failslab+0x8c/0xb0
[   85.777599][ T5700]  kmem_cache_alloc_noprof+0x50/0x310
[   85.777627][ T5700]  ? audit_log_start+0x365/0x6c0
[   85.777694][ T5700]  audit_log_start+0x365/0x6c0
[   85.777725][ T5700]  audit_seccomp+0x48/0x100
[   85.777753][ T5700]  ? __seccomp_filter+0x68c/0x10d0
[   85.777776][ T5700]  __seccomp_filter+0x69d/0x10d0
[   85.777868][ T5700]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   85.777897][ T5700]  ? vfs_write+0x7e8/0x960
[   85.777924][ T5700]  __secure_computing+0x82/0x150
[   85.777946][ T5700]  syscall_trace_enter+0xcf/0x1e0
[   85.777978][ T5700]  do_syscall_64+0xac/0x200
[   85.778140][ T5700]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   85.778164][ T5700]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   85.778219][ T5700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.778242][ T5700] RIP: 0033:0x7f422b40eba9
[   85.778347][ T5700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.778365][ T5700] RSP: 002b:00007f4229e76e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   85.778460][ T5700] RAX: ffffffffffffffda RBX: 000000000000072d RCX: 00007f422b40eba9
[   85.778474][ T5700] RDX: 00007f4229e76ef0 RSI: 0000000000000000 RDI: 00007f422b4927e8
[   85.778487][ T5700] RBP: 00002000000014c0 R08: 00007f4229e76bb7 R09: 00007f4229e76e40
[   85.778557][ T5700] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000100
[   85.778571][ T5700] R13: 00007f4229e76ef0 R14: 00007f4229e76eb0 R15: 0000200000000300
[   85.778589][ T5700]  </TASK>
[   85.984418][ T5700] loop1: detected capacity change from 0 to 2048
[   86.009735][ T5700] EXT4-fs (loop1): failed to initialize system zone (-117)
[   86.021204][ T5708] macvtap0: refused to change device tx_queue_len
[   86.028756][ T5700] EXT4-fs (loop1): mount failed
[   86.053614][ T5708] C: renamed from team_slave_0 (while UP)
[   86.085675][ T5708] netlink: 'syz.0.828': attribute type 3 has an invalid length.
[   86.090635][ T5716] __nla_validate_parse: 1 callbacks suppressed
[   86.090650][ T5716] netlink: 8 bytes leftover after parsing attributes in process `syz.3.832'.
[   86.093635][ T5708] netlink: 140 bytes leftover after parsing attributes in process `syz.0.828'.
[   86.099742][ T5716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.832'.
[   86.108703][ T5708] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   86.167201][ T5721] 9pnet: Could not find request transport: t
[   86.186293][ T5724] netlink: 4 bytes leftover after parsing attributes in process `syz.1.834'.
[   86.186402][ T5716] bridge0: entered promiscuous mode
[   86.204075][ T5716] bridge0: port 3(macsec1) entered blocking state
[   86.210654][ T5716] bridge0: port 3(macsec1) entered disabled state
[   86.217595][ T5716] macsec1: entered allmulticast mode
[   86.222961][ T5716] bridge0: entered allmulticast mode
[   86.228816][ T5716] macsec1: left allmulticast mode
[   86.233897][ T5716] bridge0: left allmulticast mode
[   86.242615][ T5716] bridge0: left promiscuous mode
[   86.275094][ T5735] loop4: detected capacity change from 0 to 512
[   86.291478][ T5733] netlink: 4 bytes leftover after parsing attributes in process `syz.0.837'.
[   86.301577][ T5735] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   86.353113][ T5735] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.838: bg 0: block 4: invalid block bitmap
[   86.365709][ T5735] EXT4-fs (loop4): Remounting filesystem read-only
[   86.377091][ T5735] EXT4-fs (loop4): 1 truncate cleaned up
[   86.385421][ T5745] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   86.392531][ T5735] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.417222][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.455354][ T5749] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'.
[   86.505381][ T5756] loop4: detected capacity change from 0 to 512
[   86.514060][ T5756] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   86.550792][ T5761] netlink: 24 bytes leftover after parsing attributes in process `syz.4.847'.
[   86.600942][ T5764] netlink: 'syz.2.846': attribute type 13 has an invalid length.
[   86.653989][ T5766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.849'.
[   86.692050][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.699297][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.715613][ T5773] loop1: detected capacity change from 0 to 1024
[   86.724244][ T5773] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   86.860126][   T51] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[   86.868672][   T51] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 6081 - 0
[   86.885899][   T51] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[   86.894535][   T51] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 6081 - 0
[   86.955706][ T5778] rdma_rxe: rxe_newlink: failed to add lo
[   87.373753][ T5792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'.
[   87.477203][   T51] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[   87.485880][   T51] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 6081 - 0
[   87.496134][   T51] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[   87.504792][   T51] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 6081 - 0
[   87.554150][ T5799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   87.562985][ T5799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.581054][ T5799] loop2: detected capacity change from 0 to 1024
[   87.819457][ T5804] netlink: 404 bytes leftover after parsing attributes in process `syz.2.859'.
[   88.255740][ T5816] syz!: rxe_newlink: already configured on team_slave_0
[   88.331026][ T5830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.339627][ T5830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.356089][ T5830] loop4: detected capacity change from 0 to 1024
[   88.375565][ T5834] netlink: 'syz.0.874': attribute type 6 has an invalid length.
[   88.405394][ T5836] netlink: 'syz.0.875': attribute type 4 has an invalid length.
[   88.431213][   T29] kauditd_printk_skb: 696 callbacks suppressed
[   88.431228][   T29] audit: type=1400 audit(1757480097.806:4694): avc:  denied  { tracepoint } for  pid=5837 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   88.482595][ T5838] 9pnet: Could not find request transport: t
[   88.490990][   T29] audit: type=1400 audit(1757480097.866:4695): avc:  denied  { create } for  pid=5837 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   88.497838][ T5843] syzkaller0: entered allmulticast mode
[   88.521664][ T5838] bridge0: entered promiscuous mode
[   88.528620][ T5838] bridge0: port 3(macsec1) entered blocking state
[   88.535390][ T5838] bridge0: port 3(macsec1) entered disabled state
[   88.543491][ T5838] macsec1: entered allmulticast mode
[   88.548833][ T5838] bridge0: entered allmulticast mode
[   88.554575][   T29] audit: type=1400 audit(1757480097.876:4696): avc:  denied  { ioctl } for  pid=5842 comm="syz.3.878" path="socket:[14273]" dev="sockfs" ino=14273 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   88.579759][   T29] audit: type=1400 audit(1757480097.896:4697): avc:  denied  { connect } for  pid=5837 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   88.601071][   T29] audit: type=1400 audit(1757480097.976:4698): avc:  denied  { allowed } for  pid=5837 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   88.620766][ T5838] macsec1: left allmulticast mode
[   88.625873][ T5838] bridge0: left allmulticast mode
[   88.632095][ T5838] bridge0: left promiscuous mode
[   88.640306][   T29] audit: type=1400 audit(1757480098.016:4699): avc:  denied  { create } for  pid=5837 comm="syz.0.876" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   88.661554][   T29] audit: type=1400 audit(1757480098.016:4700): avc:  denied  { map } for  pid=5837 comm="syz.0.876" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=15297 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   88.686143][   T29] audit: type=1400 audit(1757480098.016:4701): avc:  denied  { read write } for  pid=5837 comm="syz.0.876" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=15297 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   88.722990][ T5843] syzkaller0 (unregistering): left allmulticast mode
[   88.806542][ T5845] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.822049][   T29] audit: type=1326 audit(1757480098.196:4702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5847 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   88.845539][   T29] audit: type=1326 audit(1757480098.196:4703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5847 comm="syz.0.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dc2a1eba9 code=0x7ffc0000
[   88.943853][ T5845] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.980660][ T5856] syzkaller0: entered allmulticast mode
[   88.989663][ T5856] syzkaller0 (unregistering): left allmulticast mode
[   89.035186][ T5845] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.098532][ T5845] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.113814][ T5860] loop3: detected capacity change from 0 to 512
[   89.120885][ T5860] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   89.167761][ T5862] netlink: 'syz.3.885': attribute type 6 has an invalid length.
[   89.199455][ T3432] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.215638][ T3432] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.217500][ T5862] loop3: detected capacity change from 0 to 512
[   89.234638][ T5862] EXT4-fs (loop3): unable to read superblock
[   89.244305][ T3432] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.256171][ T5866] netlink: 'syz.0.887': attribute type 4 has an invalid length.
[   89.272522][ T3432] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.332517][ T5870] 9pnet: Could not find request transport: t
[   89.353179][ T5870] bridge0: entered promiscuous mode
[   89.378720][ T5870] bridge0: port 3(macsec1) entered blocking state
[   89.385410][ T5870] bridge0: port 3(macsec1) entered disabled state
[   89.392533][ T5870] macsec1: entered allmulticast mode
[   89.397854][ T5870] bridge0: entered allmulticast mode
[   89.404907][ T5870] macsec1: left allmulticast mode
[   89.409981][ T5870] bridge0: left allmulticast mode
[   89.422821][ T5870] bridge0: left promiscuous mode
[   89.572634][ T5884] loop3: detected capacity change from 0 to 512
[   89.579509][ T5884] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   89.644748][ T5892] netlink: 'syz.3.898': attribute type 6 has an invalid length.
[   89.655241][ T5892] loop3: detected capacity change from 0 to 512
[   89.662259][ T5892] EXT4-fs (loop3): unable to read superblock
[   89.793466][ T5896] netlink: 'syz.1.900': attribute type 4 has an invalid length.
[   89.804131][ T5896] netlink: 'syz.1.900': attribute type 4 has an invalid length.
[   89.846416][ T5901] loop3: detected capacity change from 0 to 1024
[   89.853653][ T5901] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[   89.947250][ T5915] loop1: detected capacity change from 0 to 512
[   89.954445][ T5915] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   89.990294][ T5919] netlink: 'syz.1.909': attribute type 6 has an invalid length.
[   90.000323][ T5919] loop1: detected capacity change from 0 to 512
[   90.007044][ T5919] EXT4-fs (loop1): unable to read superblock
[   90.346067][ T5940] block device autoloading is deprecated and will be removed.
[   90.359342][ T5940] loop0: detected capacity change from 0 to 512
[   90.366161][ T5940] /dev/loop0: Can't open blockdev
[   90.866178][ T5950] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   91.098573][ T5963] netlink: 'syz.1.927': attribute type 6 has an invalid length.
[   91.109467][ T5963] loop1: detected capacity change from 0 to 512
[   91.116980][ T5963] EXT4-fs (loop1): unable to read superblock
[   91.161133][ T5968] __nla_validate_parse: 12 callbacks suppressed
[   91.161150][ T5968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.929'.
[   91.310512][ T5997] netlink: 256 bytes leftover after parsing attributes in process `syz.0.942'.
[   91.324379][ T5993] loop2: detected capacity change from 0 to 512
[   91.370208][ T5993] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.407304][ T5985] Set syz1 is full, maxelem 65536 reached
[   91.417770][ T6004] loop0: detected capacity change from 0 to 512
[   91.450197][ T6004] EXT4-fs (loop0): orphan cleanup on readonly fs
[   91.472692][ T6004] EXT4-fs error (device loop0): ext4_quota_enable:7128: comm syz.0.943: inode #218103808: comm syz.0.943: iget: illegal inode #
[   91.518510][ T6004] EXT4-fs error (device loop0): ext4_quota_enable:7131: comm syz.0.943: Bad quota inode: 218103808, type: 2
[   91.534766][ T6004] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=218103808). Please run e2fsck to fix.
[   91.561723][ T6004] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   91.569186][ T6004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   91.592705][ T6004] macvtap0: refused to change device tx_queue_len
[   91.601997][ T6004] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.943: deleted inode referenced: 12
[   91.631970][ T6004] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.943: deleted inode referenced: 12
[   91.663997][ T6004] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.943: deleted inode referenced: 12
[   91.691074][ T6004] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   91.703208][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.946'.
[   91.733658][ T6004] EXT4-fs error (device loop0): ext4_quota_enable:7128: comm syz.0.943: inode #218103808: comm syz.0.943: iget: illegal inode #
[   91.748675][ T6027] netlink: 256 bytes leftover after parsing attributes in process `syz.3.953'.
[   91.759015][ T6030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.768359][ T6030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.776372][ T6004] EXT4-fs error (device loop0): ext4_quota_enable:7131: comm syz.0.943: Bad quota inode: 218103808, type: 2
[   91.798895][ T6004] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=218103808). Please run e2fsck to fix.
[   91.838677][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.852514][ T6030] loop1: detected capacity change from 0 to 1024
[   91.862244][ T6034] loop3: detected capacity change from 0 to 512
[   91.968208][ T6030] netlink: 404 bytes leftover after parsing attributes in process `syz.1.954'.
[   91.981504][ T6030] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.004165][ T6034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.187591][ T6045] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   92.736732][ T6030] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.821690][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.833104][ T6030] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.894168][ T6030] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.921047][ T6055] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   92.934581][   T51] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.946348][ T3432] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.955602][ T6056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.962'.
[   92.975260][ T3432] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.983824][ T3432] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.984244][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.994886][ T6062] netlink: 24 bytes leftover after parsing attributes in process `syz.0.965'.
[   93.029647][ T6066] loop0: detected capacity change from 0 to 512
[   93.036841][ T6066] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   93.053417][ T6070] syzkaller0: entered allmulticast mode
[   93.060851][ T6066] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.966: bg 0: block 4: invalid block bitmap
[   93.073414][ T6066] EXT4-fs (loop0): Remounting filesystem read-only
[   93.074405][ T6070] syzkaller0 (unregistering): left allmulticast mode
[   93.079975][ T6066] EXT4-fs (loop0): 1 truncate cleaned up
[   93.095440][ T6066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.121608][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.124189][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'.
[   93.149913][ T6075] loop4: detected capacity change from 0 to 512
[   93.159525][ T6075] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.213846][ T6087] netlink: 'syz.2.974': attribute type 6 has an invalid length.
[   93.228977][ T6091] netlink: 8 bytes leftover after parsing attributes in process `syz.3.976'.
[   93.238008][ T6091] netlink: 24 bytes leftover after parsing attributes in process `syz.3.976'.
[   93.249176][ T6087] loop2: detected capacity change from 0 to 512
[   93.266210][ T6087] EXT4-fs (loop2): unable to read superblock
[   93.301114][ T6091] 9pnet: Could not find request transport: t
[   93.330729][ T6091] bridge0: entered promiscuous mode
[   93.341719][ T6091] bridge0: port 3(macsec1) entered blocking state
[   93.348253][ T6091] bridge0: port 3(macsec1) entered disabled state
[   93.361234][ T6091] macsec1: entered allmulticast mode
[   93.366672][ T6091] bridge0: entered allmulticast mode
[   93.373379][ T6091] macsec1: left allmulticast mode
[   93.378433][ T6091] bridge0: left allmulticast mode
[   93.384614][ T6091] bridge0: left promiscuous mode
[   93.452933][ T6106] netlink: 'syz.2.981': attribute type 6 has an invalid length.
[   93.482203][   T29] kauditd_printk_skb: 982 callbacks suppressed
[   93.482221][   T29] audit: type=1400 audit(1757480102.856:5686): avc:  denied  { read } for  pid=6107 comm="syz.3.982" name="event3" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   93.511709][   T29] audit: type=1400 audit(1757480102.856:5687): avc:  denied  { open } for  pid=6107 comm="syz.3.982" path="/dev/input/event3" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   93.538875][ T6106] loop2: detected capacity change from 0 to 512
[   93.551050][ T6106] EXT4-fs (loop2): unable to read superblock
[   93.579595][   T29] audit: type=1326 audit(1757480102.956:5688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.603150][   T29] audit: type=1326 audit(1757480102.956:5689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.627571][   T29] audit: type=1326 audit(1757480103.016:5690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.651102][   T29] audit: type=1326 audit(1757480103.016:5691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.674687][   T29] audit: type=1326 audit(1757480103.016:5692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.699226][   T29] audit: type=1326 audit(1757480103.016:5693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.722682][   T29] audit: type=1326 audit(1757480103.016:5694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.746153][   T29] audit: type=1326 audit(1757480103.016:5695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6113 comm="syz.1.984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f422b40eba9 code=0x7ffc0000
[   93.778060][ T6117] loop2: detected capacity change from 0 to 512
[   93.786220][ T6117] EXT4-fs: Ignoring removed orlov option
[   93.792045][ T6117] EXT4-fs: Ignoring removed i_version option
[   93.802075][ T6117] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   93.827601][ T6117] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.842081][ T6117] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.856724][ T6117] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.985: corrupted inode contents
[   93.873128][ T6126] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   93.880391][ T6117] EXT4-fs (loop2): Remounting filesystem read-only
[   93.913810][ T6128] netlink: 'syz.0.989': attribute type 4 has an invalid length.
[   93.922341][ T6128] netlink: 'syz.0.989': attribute type 4 has an invalid length.
[   93.974802][ T6132] netlink: 'syz.0.991': attribute type 4 has an invalid length.
[   93.994592][ T6132] netlink: 'syz.0.991': attribute type 4 has an invalid length.
[   94.004565][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.031694][ T6139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.040867][ T6139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.054926][ T6139] loop0: detected capacity change from 0 to 1024
[   94.109963][ T6142] netlink: 'syz.4.995': attribute type 4 has an invalid length.
[   94.120597][ T6142] netlink: 'syz.4.995': attribute type 4 has an invalid length.
[   94.153341][ T6139] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.214314][ T6139] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.264838][ T6139] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.302186][ T6149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.310753][ T6149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.324755][ T6149] loop3: detected capacity change from 0 to 1024
[   94.325376][ T6139] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.437479][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.467950][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.476288][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.484571][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.493809][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.674342][ T6159] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.011347][ T6161] random: crng reseeded on system resumption
[   95.050960][ T6159] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.113890][ T6159] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.186081][ T6159] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.323264][   T70] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.386671][ T6167] loop1: detected capacity change from 0 to 1024
[   95.403196][ T6169] loop2: detected capacity change from 0 to 512
[   95.417800][   T70] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.426396][ T6167] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   95.438416][ T6171] netlink: 'syz.0.1005': attribute type 6 has an invalid length.
[   95.448208][ T6169] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.460712][   T70] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.472562][ T6171] loop0: detected capacity change from 0 to 512
[   95.478922][   T70] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.491340][ T6171] EXT4-fs (loop0): unable to read superblock
[   95.574624][ T6174] syzkaller0: entered allmulticast mode
[   95.589797][ T6174] syzkaller0 (unregistering): left allmulticast mode
[   95.740810][ T6191] loop4: detected capacity change from 0 to 512
[   95.747967][ T6191] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   95.785520][ T6195] loop4: detected capacity change from 0 to 512
[   95.792354][ T6195] EXT4-fs: Ignoring removed orlov option
[   95.798024][ T6195] EXT4-fs: Ignoring removed i_version option
[   95.805013][ T6195] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   95.834285][ T6197] syzkaller0: entered allmulticast mode
[   95.841642][ T6195] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.855707][ T6197] syzkaller0 (unregistering): left allmulticast mode
[   95.863320][ T6195] ext4 filesystem being mounted at /207/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.876811][ T6195] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.1014: corrupted inode contents
[   95.889092][ T6195] EXT4-fs (loop4): Remounting filesystem read-only
[   95.908099][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.948100][ T6203] loop4: detected capacity change from 0 to 512
[   95.955291][ T6203] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   96.017432][ T6207] loop0: detected capacity change from 0 to 1024
[   96.024765][ T6207] EXT4-fs: Ignoring removed orlov option
[   96.041141][ T6209] netlink: 'syz.4.1020': attribute type 6 has an invalid length.
[   96.052267][ T6209] loop4: detected capacity change from 0 to 512
[   96.059137][ T6209] EXT4-fs (loop4): unable to read superblock
[   96.071508][ T6207] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.200856][ T6218] __nla_validate_parse: 9 callbacks suppressed
[   96.200918][ T6218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1023'.
[   96.216029][ T6218] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1023'.
[   96.272124][ T6218] 9pnet: Could not find request transport: t
[   96.281429][ T6219] ==================================================================
[   96.289547][ T6219] BUG: KCSAN: data-race in vfs_fsync_range / writeback_single_inode
[   96.297551][ T6219] 
[   96.299882][ T6219] write to 0xffff8881092368b8 of 4 bytes by task 6221 on cpu 1:
[   96.307512][ T6219]  writeback_single_inode+0x14a/0x3e0
[   96.312901][ T6219]  sync_inode_metadata+0x5b/0x90
[   96.317847][ T6219]  generic_buffers_fsync_noflush+0xd9/0x120
[   96.323742][ T6219]  ext4_sync_file+0x1ab/0x690
[   96.328417][ T6219]  vfs_fsync_range+0x10a/0x130
[   96.333182][ T6219]  ext4_buffered_write_iter+0x34f/0x3c0
[   96.338756][ T6219]  ext4_file_write_iter+0x383/0xf00
[   96.343966][ T6219]  iter_file_splice_write+0x666/0xa60
[   96.349349][ T6219]  direct_splice_actor+0x156/0x2a0
[   96.354480][ T6219]  splice_direct_to_actor+0x312/0x680
[   96.359854][ T6219]  do_splice_direct+0xda/0x150
[   96.364795][ T6219]  do_sendfile+0x380/0x650
[   96.369235][ T6219]  __x64_sys_sendfile64+0x105/0x150
[   96.374435][ T6219]  x64_sys_call+0x2bb0/0x2ff0
[   96.379119][ T6219]  do_syscall_64+0xd2/0x200
[   96.383713][ T6219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.389611][ T6219] 
[   96.391947][ T6219] read to 0xffff8881092368b8 of 4 bytes by task 6219 on cpu 0:
[   96.399498][ T6219]  vfs_fsync_range+0x9b/0x130
[   96.404175][ T6219]  ext4_buffered_write_iter+0x34f/0x3c0
[   96.409729][ T6219]  ext4_file_write_iter+0x383/0xf00
[   96.414947][ T6219]  iter_file_splice_write+0x666/0xa60
[   96.420318][ T6219]  direct_splice_actor+0x156/0x2a0
[   96.425428][ T6219]  splice_direct_to_actor+0x312/0x680
[   96.430797][ T6219]  do_splice_direct+0xda/0x150
[   96.435619][ T6219]  do_sendfile+0x380/0x650
[   96.440048][ T6219]  __x64_sys_sendfile64+0x105/0x150
[   96.445249][ T6219]  x64_sys_call+0x2bb0/0x2ff0
[   96.449925][ T6219]  do_syscall_64+0xd2/0x200
[   96.454438][ T6219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.460365][ T6219] 
[   96.462699][ T6219] value changed: 0x00000038 -> 0x00000002
[   96.468419][ T6219] 
[   96.470745][ T6219] Reported by Kernel Concurrency Sanitizer on:
[   96.476894][ T6219] CPU: 0 UID: 0 PID: 6219 Comm: syz.0.1019 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.486612][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.496764][ T6219] ==================================================================
[   96.695678][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.012721][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.