last executing test programs:

1m48.719244184s ago: executing program 3 (id=3944):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, 0x0, 0x0)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000180), 0xb)
copy_file_range(r7, &(0x7f0000000080), r6, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r7, &(0x7f0000000300)="da6e6a8738fc38a1acf91867c5be013f1aa3ed555ea0982ed0cfec60bcf91d7c7d04391d60204d1a4531f66bb4148645f25da648744456ea9fd49e8f1b533e5aa1039f3145708fb01e19df757d9900fd0500002a739387748b3012b98c7844ba8d9365fc3264caf02077f900229d64a813a8ec52273e6d9f0300000010511e17be4e261dd5eac42122d47a1398fa8d", 0x8f, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)

1m47.232357657s ago: executing program 3 (id=3951):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)

1m46.956673771s ago: executing program 3 (id=3955):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1m46.647257355s ago: executing program 3 (id=3958):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r0, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000000c0)={0x0, 0x75}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
fdatasync(r1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

1m46.240955432s ago: executing program 3 (id=3962):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, 0x0, 0x0)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000180), 0xb)
copy_file_range(r7, &(0x7f0000000080), r6, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r7, &(0x7f0000000300)="da6e6a8738fc38a1acf91867c5be013f1aa3ed555ea0982ed0cfec60bcf91d7c7d04391d60204d1a4531f66bb4148645f25da648744456ea9fd49e8f1b533e5aa1039f3145708fb01e19df757d9900fd0500002a739387748b3012b98c7844ba8d9365fc3264caf02077f900229d64a813a8ec52273e6d9f0300000010511e17be4e261dd5eac42122d47a1398fa8d", 0x8f, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)

1m45.323675666s ago: executing program 3 (id=3966):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000300)={{0x2, 0x4e20, @private=0xa010100}, {0x1}, 0x109b70819ce8d017, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x35}}, 'team_slave_1\x00'})
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)
unshare(0x64000600)

1m45.246565478s ago: executing program 32 (id=3966):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000300)={{0x2, 0x4e20, @private=0xa010100}, {0x1}, 0x109b70819ce8d017, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x35}}, 'team_slave_1\x00'})
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)
unshare(0x64000600)

11.666406328s ago: executing program 4 (id=4277):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x10)
io_setup(0x5, &(0x7f0000000500)=<r3=>0x0)
io_destroy(r3)
socket$inet(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000d60000c300000000000000008500000041000000850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="340000001c00070c000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="400038000a000200aaaaaaaaaa0000000a000100ffffffffffff0000215038cd6d64d8e9b6bdfd28cf2a0d33e7819360bf4d8c41e094a319386a5429ddee055e7599f58cb50113d24f38c4890000f64ba99219a49c5b3c3eeb73341d0dbb11b0afadcecf777fddb5abc325a08dab7da7a03f9564311676bd61e549cf4c1d488655a668c353c1fe09695c3b6f940530e029e1d5f0eb40"], 0x34}}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
socket$packet(0x11, 0x3, 0x300)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r7, 0x4188aec6, &(0x7f00000000c0)={0x1, 0x2, 0x4001, 0x20000000000000})
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x4080, 0x0)
close(r8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
gettid()

11.661907338s ago: executing program 0 (id=4279):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

10.773033692s ago: executing program 0 (id=4282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)

9.688208409s ago: executing program 0 (id=4285):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)
unshare(0x64000600)

9.666436919s ago: executing program 4 (id=4286):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r6, r8}, 0x10)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={<r9=>0x0, @multicast2, @multicast1}, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002580)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@decl_tag={0x10, 0x0, 0x0, 0x11, 0x1, 0x8}, @typedef={0x1, 0x0, 0x0, 0x8, 0x4}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000001580)=""/4096, 0x38, 0x1000, 0x0, 0x470b, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000002640)={0x626, <r11=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000026c0)={0x9, 0x1, &(0x7f00000002c0)=@raw=[@exit], &(0x7f0000000400)='syzkaller\x00', 0xfffffc00, 0x0, 0x0, 0x40f00, 0x21, '\x00', r9, @fallback=0x8, r10, 0x8, &(0x7f00000025c0)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000002600)={0x2, 0xd, 0xf, 0x80000001}, 0x10, r11, r0, 0x2, 0x0, &(0x7f0000002680)=[{0x2, 0x1, 0xb, 0x2}, {0x4, 0x2, 0xc, 0x8}], 0x10, 0xfa, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

7.6858564s ago: executing program 1 (id=4288):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}})
ioctl$HIDIOCGRAWNAME(r0, 0x80404804, &(0x7f00000002c0))
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x44400}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x9}, @IFLA_IFNAME={0x14, 0x3, 'veth0_to_bond\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20048084}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf4240, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
personality(0x40000)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r9}, 0x8)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000041939ff3e8aa11053bcb316562000000000000000000"], 0x50)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r11}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x14}}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000f40)={r12, 0x609, 0xe, 0x2a, &(0x7f0000000b40)="dd80000000000002000400000000", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7c)

7.68526097s ago: executing program 5 (id=4289):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1010000, &(0x7f0000000180)={[{@shortname_winnt}, {@shortname_winnt}, {@uni_xlateno}, {@uni_xlateno}, {@utf8no}, {@rodir}, {@utf8no}, {@shortname_win95}, {@numtail}, {@shortname_mixed}, {@uni_xlateno}, {@utf8}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '775'}}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {@shortname_lower}, {@fat=@dmask={'dmask', 0x3d, 0x9}}]}, 0x1, 0x376, &(0x7f00000003c0)="$eJzs3U1oY1UbAOA3vWnSDnxfuxMFIboTtMzMTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7cqyKi40NkNOHjk5uYmt03aqYNVis+zSE7fc95zzv0hub0kJ88sRvfSdFy+du1qzMzUor740GJcr8V8ZFHajXGNCTEA4HS4nlL8lgrHTKmd8JQAgBPWf/9/LiJaMV9EXv38qPbJuz8AnHqD//9nj2ozc1jFSycyJQDghI3d/797X3WjHtGIevlnvfKpAADgtHrsyaceXlqJeLTVmolYe32zvdmOB0b1S5fjhejFapyNubgRUVwo5A+1/uOFiyvLZ1ut1k78OB/tiJgaJLaLK4WlrJ/fjHMxF/OD/PxSI/XL2YWPVpbPtfoiYnenP36s1Tbb03FmMP63Z2J1dOFRdtJ/iri4sny+NeigvVbm70Tsje5b5PNfiLn4+tlhNymVn2BcWb5yrpz0KH+z3YxLw71w6B0QAAAAAAAAAAAAAAAAAAAAAAC4JQutofnh+jkpfy5WyllYmFDfXx+nyB+sD7RXrA+UmilS+vWV+9pvZLFvfaCD6/NsWkgQAAAAAAAAAAAAAAAAAAAAhja2GtHp9VbXN7a2u9XCzvrG1lRE5JEXv/zgs9kYbzOx0IgyUi+GaEYMh2gNht3udlJWZqUsYryfLB+8jLz38XDG1TZ517P9rZg4n+bhVb3e/+764e1R5M6s7PmPUZssJm9pVpnGgwd6Xvt/Mc2b76gJhfPVSHN89O9SSpXIa9X0K0+Pdxi1iPpxD1y1MBWHt0l54Yurz9/eHByRzqepcM+9c4/PvPXuz91OLx85+kewsb5xI3U7tbLxX9st+a4uI7UoCrXqmVA/Kn1vf6STffPLE3e8+dXxRk/VyMv5+XygTVZszofVrHJZi63tbj7NAz3PjtKnBw17q9MTTv6bFW7hmN72zifvp/T9T6NILB45xMjU2MtG7e959QEAAAAAAAAAAAAAAAAAAKoq3xUfGHzZd/qorPsfOfmZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/Z/T7/5XC3m6UkYXYX7U71nhY+H0nxquaq+sbEY1/ezMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiP+zMAAP//2L5Sug==")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r3, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0)

7.67080291s ago: executing program 4 (id=4290):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file0\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3ffffffffffff53, 0x2, 0x0)
r3 = signalfd(r1, &(0x7f0000000240)={[0x2]}, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)={0x20, r7, 0x1, 0x0, 0x0, {0x16}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}]}, 0x20}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)=@bloom_filter={0x1e, 0x7, 0xac17, 0x9, 0x2002, r3, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4, 0xe, @void, @value, @void, @value}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001980)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b22b99fa1eef38af8ff00000000bfa300000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000950036096b415d54a8314fa1cf0e827934cb9182fd44c3dc4716a77852adbd48bd04cffcfb294b056bcaea4ba8e6df260e47b731a3b5d59b6d9dbd4e456d08d59604a4e6e4de55a668310f0d6ce557f67f7543c46a2cb7fb575ddb55428fd66e4f3ef7be78a664b7447ac470bb2f1dcf434f7aae5d793bf15e6e3d6cd42f167d4f91db67ee9364e7b1ad508a43dbd0352d220a813f54fd7a899226bb172ab4f360af"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = creat(&(0x7f00000001c0)='./file0\x00', 0x109)
write$binfmt_script(r10, &(0x7f0000001800)={'#! ', './file0', [{0x20, '.:/'}, {0x20, 'syzkaller\x00'}, {0x20, 'syzkaller\x00'}, {0x20, 'syzkaller\x00'}, {0x20, '\x00'}, {0x20, ']'}, {0x20, '%%]{*\xe4{)\x01!^*'}, {0x20, '\x00'}], 0xa, "9a3c19c0bfa55b78f58c98837410d534e424b6a84f9c1fce0879644333010ca758170de8d828a9732f203db554cfdcb791b85bf651bbc1af6ee98fe34f44f98ab86c03672187f1f3afd0691e2dd7c6b80e30dac418d033a9a7c0421b2bd3a4b9a65861ecf84ad0c9402484088ecc62358852e5206acf2655480c97ec6615032cbd100e6f37bed30055b4e7c689a3820b2f4e4423a6b713f2e0ef303780c66c0cb4483309ec6564fd3b5afb196032372309a117d5fff3b6990a294ec84153ba4a1713d9845ea73c3ae5a1d22f8bde"}, 0x111)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r11, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x5, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4)
ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x281}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x140}], 0x3, &(0x7f0000000080)={0x0, 0x3938700}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000001940), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)

7.585365212s ago: executing program 2 (id=4292):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

6.563476508s ago: executing program 2 (id=4293):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, 0x0, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)
unshare(0x64000600)
fsetxattr$security_evm(r2, 0x0, &(0x7f0000000180)=@sha1={0x1, "d0151187250ca7700f71f4aa9c01ad67b5ba53ff"}, 0x15, 0x0)

6.556482618s ago: executing program 5 (id=4294):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000000140)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

5.490140264s ago: executing program 1 (id=4295):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000180), 0xb)
copy_file_range(r7, &(0x7f0000000080), r6, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r7, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0)
recvmmsg(r5, 0x0, 0x0, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)

5.468253665s ago: executing program 4 (id=4296):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)

5.406946036s ago: executing program 0 (id=4297):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), 0x0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

4.124115146s ago: executing program 1 (id=4298):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='rxrpc_skb\x00', r6, 0x0, 0x3}, 0x18)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)={0x2c, r8, 0x1, 0x0, 0x25dfdbfc, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}]}, 0x2c}}, 0x4000000)
socket$packet(0x11, 0x2, 0x300)

4.120752396s ago: executing program 4 (id=4299):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)

4.082769876s ago: executing program 5 (id=4300):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='0'], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})

3.551976015s ago: executing program 2 (id=4301):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r6, r8}, 0x10)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000001c0), &(0x7f0000000240)}, 0x20)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={<r9=>0x0, @multicast2, @multicast1}, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002580)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@decl_tag={0x10, 0x0, 0x0, 0x11, 0x1, 0x8}, @typedef={0x1, 0x0, 0x0, 0x8, 0x4}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000001580)=""/4096, 0x38, 0x1000, 0x0, 0x470b, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000002640)={0x626, <r11=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000026c0)={0x9, 0x1, &(0x7f00000002c0)=@raw=[@exit], &(0x7f0000000400)='syzkaller\x00', 0xfffffc00, 0x1000, &(0x7f0000000580)=""/4096, 0x40f00, 0x21, '\x00', r9, @fallback=0x8, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000002600)={0x2, 0xd, 0xf, 0x80000001}, 0x10, r11, r0, 0x2, 0x0, &(0x7f0000002680)=[{0x2, 0x1, 0xb, 0x2}, {0x4, 0x2, 0xc, 0x8}], 0x10, 0xfa, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

3.087911681s ago: executing program 5 (id=4302):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=0x0], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$selinux_access(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56)

2.767705406s ago: executing program 5 (id=4303):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x4, 0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'vcan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000000)='g', 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000f7000000b7040000000034008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
pipe2(&(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)
ftruncate(r8, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
recvmmsg(r10, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r9, r8, 0x0, 0x578410eb)
close_range(r7, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f00000002c0)={0x1, r4})

2.249630625s ago: executing program 1 (id=4304):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.248542485s ago: executing program 4 (id=4305):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x40000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = userfaultfd(0x80001)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000c40)={{0x12, 0x1, 0x0, 0xbc, 0xe8, 0x15, 0x10, 0x4d8, 0xa30, 0x68a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xaf, 0xc4, 0xb7}}]}}]}}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r3, &(0x7f0000000440)='fd/3\x00')
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0x8})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(r5, 0xc018aa06, &(0x7f0000000100)={{&(0x7f00003ea000/0x400000)=nil, 0x400000}, 0x1})
mlock(&(0x7f0000541000/0x3000)=nil, 0x3000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x50)

2.247606885s ago: executing program 2 (id=4306):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0) (async)
process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private1}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@private1}}]}, 0x154}}, 0x0) (async)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private1}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@private1}}]}, 0x154}}, 0x0)
socketpair(0xb, 0x2, 0x0, &(0x7f00000003c0)) (async)
socketpair(0xb, 0x2, 0x0, &(0x7f00000003c0))
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000050000000600000008"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r6}, &(0x7f0000001c00), &(0x7f0000001c40)=r7}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r6}, &(0x7f0000001c00), &(0x7f0000001c40)=r7}, 0x20)
setreuid(0xee01, 0x0)
setfsuid(0x0)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce8514000400e76a686bac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0)

2.223601265s ago: executing program 0 (id=4307):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
unshare(0x64000600)
fsetxattr$security_evm(r3, 0x0, &(0x7f0000000180)=@sha1={0x1, "d0151187250ca7700f71f4aa9c01ad67b5ba53ff"}, 0x15, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})

2.161756766s ago: executing program 2 (id=4308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000180), 0xb)
copy_file_range(r7, &(0x7f0000000080), r6, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r7, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0)
recvmmsg(r5, 0x0, 0x0, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)

1.633630134s ago: executing program 1 (id=4309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)

1.105734132s ago: executing program 5 (id=4310):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r6, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000180), 0xb)
copy_file_range(r8, &(0x7f0000000080), r7, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r8, &(0x7f0000000300)="da6e6a8738fc38a1acf91867c5be013f1aa3ed555ea0982ed0cfec60bcf91d7c7d04391d60204d1a4531f66bb4148645f25da648744456ea9fd49e8f1b533e5aa1039f3145708fb01e19df757d9900fd0500002a739387748b3012b98c7844ba8d9365fc3264caf02077f900229d64a813a8ec52273e6d9f0300000010511e17be4e261dd5eac42122d47a1398fa8d", 0x8f, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)
socket(0x10, 0x80002, 0x0)

1.105015422s ago: executing program 2 (id=4320):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r6, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, 0x0, 0x0)
copy_file_range(r8, &(0x7f0000000080), r7, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r8, &(0x7f0000000300)="da6e6a8738fc38a1acf91867c5be013f1aa3ed555ea0982ed0cfec60bcf91d7c7d04391d60204d1a4531f66bb4148645f25da648744456ea9fd49e8f1b533e5aa1039f3145708fb01e19df757d9900fd0500002a739387748b3012b98c7844ba8d9365fc3264caf02077f900229d64a813a8ec52273e6d9f0300000010511e17be4e261dd5eac42122d47a1398fa8d", 0x8f, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)
socket(0x10, 0x80002, 0x0)

965.901495ms ago: executing program 0 (id=4311):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r6, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000180), 0xb)
copy_file_range(r8, 0x0, r7, &(0x7f0000000100), 0xfffffffffffffff8, 0x0)
sendto$inet6(r8, &(0x7f0000000300)="da6e6a8738fc38a1acf91867c5be013f1aa3ed555ea0982ed0cfec60bcf91d7c7d04391d60204d1a4531f66bb4148645f25da648744456ea9fd49e8f1b533e5aa1039f3145708fb01e19df757d9900fd0500002a739387748b3012b98c7844ba8d9365fc3264caf02077f900229d64a813a8ec52273e6d9f0300000010511e17be4e261dd5eac42122d47a1398fa8d", 0x8f, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f000000d980)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x2031, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
unshare(0x64000600)
socket(0x10, 0x80002, 0x0)

0s ago: executing program 1 (id=4312):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
close(r5)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, 0x0, 0x0)

kernel console output (not intermixed with test programs):

d wMaxPacketSize 0
[  810.849478][  T313] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  810.867100][  T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.889504][  T313] usb 2-1: config 0 descriptor??
[  810.903474][  T313] hub 2-1:0.0: USB hub found
[  811.122028][T11189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  811.132435][T11189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  811.142790][T11211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3041'.
[  811.221397][T11211] device vlan2 entered promiscuous mode
[  811.236708][  T313] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  811.578240][T11189] netlink: 'syz.1.3035': attribute type 2 has an invalid length.
[  811.631820][  T313] usbhid 2-1:0.0: can't add hid device: -71
[  811.640531][  T313] usbhid: probe of 2-1:0.0 failed with error -71
[  811.940370][  T313] usb 2-1: USB disconnect, device number 41
[  812.113444][T11229] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3048'.
[  812.124263][T11229] device vlan2 entered promiscuous mode
[  812.257938][T11239] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3051'.
[  813.187138][T11252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3056'.
[  813.210979][T11252] device vlan2 entered promiscuous mode
[  815.536255][T11286] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3066'.
[  816.264391][T11288] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3063'.
[  816.273289][T11288] device lo entered promiscuous mode
[  816.280080][T11288] device tunl0 entered promiscuous mode
[  816.286417][T11288] device gre0 entered promiscuous mode
[  816.295027][T11288] device erspan0 entered promiscuous mode
[  816.301800][T11288] device ip_vti0 entered promiscuous mode
[  816.308280][T11288] device ip6_vti0 entered promiscuous mode
[  816.314909][T11288] device sit0 entered promiscuous mode
[  816.321194][T11288] device ip6tnl0 entered promiscuous mode
[  816.327609][T11288] device ip6gre0 entered promiscuous mode
[  816.334148][T11288] device syz_tun entered promiscuous mode
[  816.341088][T11288] device ip6gretap0 entered promiscuous mode
[  816.348109][T11288] device bridge0 entered promiscuous mode
[  816.355051][T11288] device vcan0 entered promiscuous mode
[  816.369503][T11288] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  816.376739][T11288] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  816.384084][T11288] device dummy0 entered promiscuous mode
[  816.390966][T11288] device veth0 entered promiscuous mode
[  816.397446][T11288] device veth1 entered promiscuous mode
[  816.403906][T11288] device wg0 entered promiscuous mode
[  816.409826][T11288] device wg1 entered promiscuous mode
[  816.415744][T11288] device wg2 entered promiscuous mode
[  816.421357][T11288] device veth0_to_bridge entered promiscuous mode
[  816.428402][T11288] device veth1_to_bridge entered promiscuous mode
[  816.435450][T11288] device veth0_to_bond entered promiscuous mode
[  816.442097][T11288] device bond_slave_0 entered promiscuous mode
[  816.448449][T11288] device veth1_to_bond entered promiscuous mode
[  816.455074][T11288] device bond_slave_1 entered promiscuous mode
[  816.461680][T11288] device veth0_to_team entered promiscuous mode
[  816.468316][T11288] device team_slave_0 entered promiscuous mode
[  816.474725][T11288] device veth1_to_team entered promiscuous mode
[  816.481331][T11288] device team_slave_1 entered promiscuous mode
[  816.487719][T11288] device veth0_to_batadv entered promiscuous mode
[  816.494364][T11288] device batadv_slave_0 entered promiscuous mode
[  816.500899][T11288] device veth1_to_batadv entered promiscuous mode
[  816.507503][T11288] device batadv_slave_1 entered promiscuous mode
[  816.514056][T11288] device xfrm0 entered promiscuous mode
[  816.520198][T11288] device veth0_to_hsr entered promiscuous mode
[  816.527185][T11288] device hsr_slave_0 entered promiscuous mode
[  816.534202][T11288] device veth1_to_hsr entered promiscuous mode
[  816.541185][T11288] device hsr_slave_1 entered promiscuous mode
[  816.548075][T11288] device veth1_virt_wifi entered promiscuous mode
[  816.555427][T11288] device veth0_virt_wifi entered promiscuous mode
[  816.596981][T11288] device veth1_vlan entered promiscuous mode
[  816.605627][T11288] device vlan0 entered promiscuous mode
[  816.612201][T11288] device vlan1 entered promiscuous mode
[  816.618673][T11288] device veth1_macvtap entered promiscuous mode
[  816.625887][T11288] device veth0_macvtap entered promiscuous mode
[  816.633060][T11288] device macsec0 entered promiscuous mode
[  816.640356][T11288] device ip6tnl1 entered promiscuous mode
[  816.646839][T11288] device syztnl0 entered promiscuous mode
[  817.133801][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  817.152672][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  817.227782][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  817.246713][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  817.301649][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  817.310214][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  817.318331][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  817.326778][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  817.341428][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  819.034118][T11320] x_tables: duplicate underflow at hook 1
[  819.054477][   T28] audit: type=1400 audit(1743263306.929:801): avc:  denied  { accept } for  pid=11319 comm="syz.3.3076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  819.638354][T11334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3080'.
[  819.796323][T11334] device vlan2 entered promiscuous mode
[  821.455097][T11375] loop2: detected capacity change from 0 to 256
[  823.969962][ T7121] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  825.657005][ T7121] usb 3-1: Using ep0 maxpacket: 32
[  825.662559][ T7121] usb 3-1: device descriptor read/all, error -71
[  827.897379][T11453] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3113'.
[  827.908527][T11453] device vlan2 entered promiscuous mode
[  832.989664][T11535] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.002141][T11535] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.015202][T11535] device bridge_slave_0 entered promiscuous mode
[  833.027369][T11535] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.038473][T11535] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.063224][T11535] device bridge_slave_1 entered promiscuous mode
[  833.194918][T11535] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.201812][T11535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  833.208908][T11535] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.215908][T11535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  833.259305][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  833.266993][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.278003][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.310716][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  833.322136][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  833.329008][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  833.403153][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  833.416522][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.423466][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  833.485052][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  833.498230][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  833.513889][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  833.952362][T11535] device veth0_vlan entered promiscuous mode
[  833.966591][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  833.974763][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  833.990765][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  833.998181][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  834.005635][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  834.014013][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  834.022694][T11535] device veth1_macvtap entered promiscuous mode
[  834.038180][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  834.054208][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  834.071890][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  834.398934][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  834.413464][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  836.020875][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  836.044718][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.390842][T11617] loop2: detected capacity change from 0 to 40427
[  842.451162][T11656] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3164'.
[  842.462218][T11656] device vlan2 entered promiscuous mode
[  846.229979][T11706] bridge0: port 1(bridge_slave_0) entered blocking state
[  846.246116][T11706] bridge0: port 1(bridge_slave_0) entered disabled state
[  846.267021][T11706] device bridge_slave_0 entered promiscuous mode
[  846.289014][T11706] bridge0: port 2(bridge_slave_1) entered blocking state
[  846.305255][T11706] bridge0: port 2(bridge_slave_1) entered disabled state
[  846.320373][T11706] device bridge_slave_1 entered promiscuous mode
[  846.474828][T11706] bridge0: port 2(bridge_slave_1) entered blocking state
[  846.481857][T11706] bridge0: port 2(bridge_slave_1) entered forwarding state
[  846.488947][T11706] bridge0: port 1(bridge_slave_0) entered blocking state
[  846.495833][T11706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  846.567478][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  846.576713][  T315] bridge0: port 1(bridge_slave_0) entered disabled state
[  846.589195][  T315] bridge0: port 2(bridge_slave_1) entered disabled state
[  846.755981][    T8] device bridge_slave_1 left promiscuous mode
[  846.765664][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  846.812643][    T8] device bridge_slave_0 left promiscuous mode
[  846.834492][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.393983][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  849.414355][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  849.429711][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.436633][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[  849.445905][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  849.454385][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  849.464546][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.471441][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[  849.489784][T11732] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3184'.
[  849.500192][T11732] device vlan2 entered promiscuous mode
[  849.512574][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  849.520653][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  849.535200][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  849.543479][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  849.580675][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  849.620587][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  849.645800][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  849.662850][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  849.679959][T11706] device veth0_vlan entered promiscuous mode
[  849.694048][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  849.718919][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  849.748961][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  849.854211][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  853.362653][T11753] loop1: detected capacity change from 0 to 40427
[  853.379538][T11706] device veth1_macvtap entered promiscuous mode
[  853.418872][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  853.429309][T11755] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  853.440079][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  853.503024][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  853.526353][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  856.071966][T11793] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3197'.
[  856.127393][T11793] device vlan2 entered promiscuous mode
[  859.104187][T11822] loop4: detected capacity change from 0 to 40427
[  859.925651][T11837] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3210'.
[  859.961169][T11837] device vlan2 entered promiscuous mode
[  860.451950][T11843] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3212'.
[  860.556732][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3213'.
[  860.607870][T11850] loop1: detected capacity change from 0 to 256
[  861.348721][  T313] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  861.539372][  T313] usb 2-1: Using ep0 maxpacket: 32
[  861.545625][  T313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  861.567253][  T313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  861.567839][T11861] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3217'.
[  861.699052][  T313] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  861.711666][  T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.724885][  T313] usb 2-1: config 0 descriptor??
[  861.731853][  T313] hub 2-1:0.0: USB hub found
[  864.771528][  T313] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  864.786508][  T313] usbhid 2-1:0.0: can't add hid device: -71
[  864.799272][  T313] usbhid: probe of 2-1:0.0 failed with error -71
[  864.829851][  T313] usb 2-1: USB disconnect, device number 42
[  864.848852][T11890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3226'.
[  864.860252][T11890] device vlan2 entered promiscuous mode
[  869.381388][T11925] loop1: detected capacity change from 0 to 40427
[  869.775266][T11928] loop2: detected capacity change from 0 to 256
[  870.091062][T11950] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3242'.
[  870.229387][T11696] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  870.419597][T11696] usb 3-1: Using ep0 maxpacket: 32
[  870.432329][T11696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  870.572760][T11696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  870.666279][T11696] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  870.779244][T11696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.389609][T11696] usb 3-1: config 0 descriptor??
[  871.397883][T11696] hub 3-1:0.0: USB hub found
[  871.524806][T11961] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3245'.
[  871.536398][T11961] device vlan2 entered promiscuous mode
[  871.869441][T11928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  871.888491][T11928] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  871.900509][T11696] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  872.109764][T11928] netlink: 'syz.2.3234': attribute type 2 has an invalid length.
[  872.118538][T11696] usbhid 3-1:0.0: can't add hid device: -71
[  872.125414][T11696] usbhid: probe of 3-1:0.0 failed with error -71
[  872.840277][T11975] loop4: detected capacity change from 0 to 40427
[  872.950190][T11696] usb 3-1: USB disconnect, device number 45
[  873.862501][T12003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3258'.
[  873.873092][T12003] device vlan2 entered promiscuous mode
[  876.327008][T12030] loop2: detected capacity change from 0 to 256
[  877.643798][T12045] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3270'.
[  877.898028][T12045] device vlan2 entered promiscuous mode
[  878.272081][T12048] loop3: detected capacity change from 0 to 40427
[  878.894254][T11775] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  879.097192][   T19] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  879.299372][   T19] usb 3-1: Using ep0 maxpacket: 32
[  879.305567][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  879.403623][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  879.421077][   T19] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  879.444765][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.497664][   T19] usb 3-1: config 0 descriptor??
[  879.507233][   T19] usb 3-1: can't set config #0, error -71
[  880.402654][   T19] usb 3-1: USB disconnect, device number 46
[  881.497593][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3284'.
[  881.520699][T12097] device vlan2 entered promiscuous mode
[  881.927221][T12101] overlayfs: failed to resolve './file0': -2
[  881.971926][T12107] loop3: detected capacity change from 0 to 256
[  882.319420][T11696] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  883.239676][T11696] usb 4-1: Using ep0 maxpacket: 32
[  883.247836][T11696] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  883.261932][T11696] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  883.273340][T11696] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  883.540180][T11696] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.688660][T11696] usb 4-1: config 0 descriptor??
[  883.700236][T11696] hub 4-1:0.0: USB hub found
[  884.068460][T12107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  884.114740][T12107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  884.165260][T11696] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  884.398339][T11696] usbhid 4-1:0.0: can't add hid device: -71
[  884.409139][T11696] usbhid: probe of 4-1:0.0 failed with error -71
[  884.470243][T11696] usb 4-1: USB disconnect, device number 39
[  884.697655][T12144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3296'.
[  884.727738][T12144] device vlan2 entered promiscuous mode
[  885.437882][T12160] overlayfs: failed to resolve './file0': -2
[  886.367643][T12189] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3309'.
[  886.399771][T12189] device vlan2 entered promiscuous mode
[  888.432650][T12201] loop3: detected capacity change from 0 to 40427
[  889.145542][T11775] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  890.300530][T12230] overlayfs: failed to resolve './file0': -2
[  890.972673][T12250] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3324'.
[  892.039212][T12263] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3326'.
[  893.030440][T12263] device vlan2 entered promiscuous mode
[  894.011021][T12270] loop3: detected capacity change from 0 to 40427
[  894.089911][T11775] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  895.581114][T12300] overlayfs: failed to resolve './file1': -2
[  897.435304][T12316] loop3: detected capacity change from 0 to 40427
[  899.604448][T12338] loop3: detected capacity change from 0 to 40427
[  900.709067][T12341] loop2: detected capacity change from 0 to 256
[  901.102898][T12341] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  909.557628][T12418] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3369'.
[  909.588968][T12422] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3368'.
[  909.704257][T12424] loop4: detected capacity change from 0 to 256
[  909.725211][T12424] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  910.093917][T12436] exFAT-fs (loop4): hint_cluster is invalid (17)
[  914.821206][T12465] loop4: detected capacity change from 0 to 40427
[  915.149943][T11775] I/O error, dev loop4, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  918.007345][T12509] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3392'.
[  919.787677][T12527] overlayfs: failed to resolve './file1': -2
[  920.277275][T12537] loop4: detected capacity change from 0 to 256
[  920.315094][T12537] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  920.343104][T12541] loop3: detected capacity change from 0 to 256
[  920.376301][T12541] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  922.834302][T12559] exFAT-fs (loop3): hint_cluster is invalid (17)
[  925.628098][T12600] loop1: detected capacity change from 0 to 40427
[  928.749917][T12617] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3418'.
[  928.758706][T12617] device lo entered promiscuous mode
[  928.764423][T12617] device tunl0 entered promiscuous mode
[  928.770177][T12617] device gre0 entered promiscuous mode
[  928.775761][T12617] device gretap0 entered promiscuous mode
[  928.781738][T12617] device erspan0 entered promiscuous mode
[  928.787692][T12617] device ip_vti0 entered promiscuous mode
[  928.793595][T12617] device ip6_vti0 entered promiscuous mode
[  928.799559][T12617] device sit0 entered promiscuous mode
[  928.805162][T12617] device ip6tnl0 entered promiscuous mode
[  928.811046][T12617] device ip6gre0 entered promiscuous mode
[  928.817274][T12617] device syz_tun entered promiscuous mode
[  928.823646][T12617] device ip6gretap0 entered promiscuous mode
[  928.829878][T12617] device bridge0 entered promiscuous mode
[  928.835869][T12617] device vcan0 entered promiscuous mode
[  928.841333][T12617] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  928.848308][T12617] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  928.855422][T12617] device dummy0 entered promiscuous mode
[  928.861320][T12617] device veth0 entered promiscuous mode
[  928.867184][T12617] device veth1 entered promiscuous mode
[  928.873057][T12617] device wg0 entered promiscuous mode
[  928.878594][T12617] device wg1 entered promiscuous mode
[  928.884194][T12617] device wg2 entered promiscuous mode
[  928.889759][T12617] device veth0_to_bridge entered promiscuous mode
[  928.896958][T12617] device veth1_to_bridge entered promiscuous mode
[  928.904202][T12617] device veth0_to_bond entered promiscuous mode
[  928.910839][T12617] device bond_slave_0 entered promiscuous mode
[  928.917219][T12617] device veth1_to_bond entered promiscuous mode
[  928.923877][T12617] device bond_slave_1 entered promiscuous mode
[  928.930306][T12617] device veth0_to_team entered promiscuous mode
[  928.936898][T12617] device team_slave_0 entered promiscuous mode
[  928.943429][T12617] device veth1_to_team entered promiscuous mode
[  928.950006][T12617] device team_slave_1 entered promiscuous mode
[  928.956687][T12617] device veth0_to_batadv entered promiscuous mode
[  928.963346][T12617] device batadv_slave_0 entered promiscuous mode
[  928.970006][T12617] device veth1_to_batadv entered promiscuous mode
[  928.976652][T12617] device batadv_slave_1 entered promiscuous mode
[  928.983248][T12617] device xfrm0 entered promiscuous mode
[  928.988911][T12617] device veth0_to_hsr entered promiscuous mode
[  928.995271][T12617] device hsr_slave_0 entered promiscuous mode
[  929.001614][T12617] device veth1_to_hsr entered promiscuous mode
[  929.008136][T12617] device hsr_slave_1 entered promiscuous mode
[  929.014470][T12617] device veth1_virt_wifi entered promiscuous mode
[  929.021265][T12617] device veth0_virt_wifi entered promiscuous mode
[  929.027941][T12617] device veth1_vlan entered promiscuous mode
[  929.034933][T12617] device vlan0 entered promiscuous mode
[  929.040851][T12617] device vlan1 entered promiscuous mode
[  929.047300][T12617] device veth0_macvtap entered promiscuous mode
[  929.053825][T12617] device macsec0 entered promiscuous mode
[  929.136497][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  929.171664][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  929.354496][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  929.366313][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  929.374851][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  929.383128][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  929.391294][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  929.399203][  T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  932.237228][T12659] loop1: detected capacity change from 0 to 40427
[  936.509680][T12702] loop4: detected capacity change from 0 to 256
[  936.517925][T12703] loop3: detected capacity change from 0 to 256
[  936.541588][T12703] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  936.553753][T12702] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  938.035657][T12707] exFAT-fs (loop3): hint_cluster is invalid (17)
[  938.158485][T12714] exFAT-fs (loop4): hint_cluster is invalid (17)
[  940.885670][T12731] loop2: detected capacity change from 0 to 40427
[  941.711692][T12738] loop1: detected capacity change from 0 to 512
[  941.719805][T12738] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  941.729399][T12738] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  941.738936][T12738] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  941.752507][T12738] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  941.760338][T12738] EXT4-fs (loop1): failed to initialize system zone (-117)
[  941.767348][T12738] EXT4-fs (loop1): mount failed
[  945.570250][   T28] audit: type=1400 audit(1743263433.459:802): avc:  denied  { ioctl } for  pid=12778 comm="syz.3.3458" path="socket:[70494]" dev="sockfs" ino=70494 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  949.558432][T12801] loop1: detected capacity change from 0 to 40427
[  951.859921][T11775] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  952.441375][T12820] loop2: detected capacity change from 0 to 256
[  952.473749][T12824] loop1: detected capacity change from 0 to 256
[  952.481830][T12820] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  952.537687][T12824] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  956.779544][T12846] exFAT-fs (loop1): hint_cluster is invalid (17)
[  966.352445][T12913] FAULT_INJECTION: forcing a failure.
[  966.352445][T12913] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  966.423117][T12912] loop2: detected capacity change from 0 to 256
[  966.587599][T12912] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  966.602720][T12913] CPU: 1 PID: 12913 Comm: syz.1.3487 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[  966.612456][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  966.622356][T12913] Call Trace:
[  966.625469][T12913]  <TASK>
[  966.628247][T12913]  dump_stack_lvl+0x151/0x1b7
[  966.632759][T12913]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  966.638057][T12913]  dump_stack+0x15/0x18
[  966.642045][T12913]  should_fail_ex+0x3d0/0x520
[  966.646559][T12913]  should_fail+0xb/0x10
[  966.650555][T12913]  should_fail_usercopy+0x1a/0x20
[  966.655411][T12913]  _copy_to_user+0x1e/0x90
[  966.659666][T12913]  simple_read_from_buffer+0xc7/0x150
[  966.664872][T12913]  proc_fail_nth_read+0x1a3/0x210
[  966.669734][T12913]  ? proc_fault_inject_write+0x390/0x390
[  966.675290][T12913]  ? fsnotify_perm+0x269/0x5b0
[  966.679890][T12913]  ? security_file_permission+0x86/0xb0
[  966.685269][T12913]  ? proc_fault_inject_write+0x390/0x390
[  966.690741][T12913]  vfs_read+0x26c/0xae0
[  966.694731][T12913]  ? kernel_read+0x1f0/0x1f0
[  966.699158][T12913]  ? mutex_lock+0xb1/0x1e0
[  966.703410][T12913]  ? bit_wait_io_timeout+0x120/0x120
[  966.708532][T12913]  ? __fdget_pos+0x2e2/0x390
[  966.712957][T12913]  ? ksys_read+0x77/0x2c0
[  966.717121][T12913]  ksys_read+0x199/0x2c0
[  966.721198][T12913]  ? __sched_text_start+0x8/0x8
[  966.725889][T12913]  ? vfs_write+0xed0/0xed0
[  966.730317][T12913]  ? fpregs_restore_userregs+0x130/0x290
[  966.735784][T12913]  __x64_sys_read+0x7b/0x90
[  966.740123][T12913]  x64_sys_call+0x28/0x9a0
[  966.744371][T12913]  do_syscall_64+0x3b/0xb0
[  966.748628][T12913]  ? clear_bhb_loop+0x55/0xb0
[  966.753230][T12913]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  966.758954][T12913] RIP: 0033:0x7f963a38bb7c
[  966.763208][T12913] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  966.782739][T12913] RSP: 002b:00007f963b1e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  966.790982][T12913] RAX: ffffffffffffffda RBX: 00007f963a5a6080 RCX: 00007f963a38bb7c
[  966.798793][T12913] RDX: 000000000000000f RSI: 00007f963b1e50a0 RDI: 0000000000000004
[  966.806605][T12913] RBP: 00007f963b1e5090 R08: 0000000000000000 R09: 0000000000000000
[  966.814417][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  966.822229][T12913] R13: 0000000000000000 R14: 00007f963a5a6080 R15: 00007fffbc51c6d8
[  966.830047][T12913]  </TASK>
[  968.058409][T12924] loop4: detected capacity change from 0 to 2048
[  968.071280][T12931] exFAT-fs (loop2): hint_cluster is invalid (17)
[  968.889966][T12924] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  968.925596][T12924] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  969.136167][T12924] fs-verity: sha512 using implementation "sha512-avx2"
[  969.247409][T11706] EXT4-fs (loop4): unmounting filesystem.
[  970.769907][T12956] loop4: detected capacity change from 0 to 40427
[  972.299337][ T5857] usb 5-1: new low-speed USB device number 31 using dummy_hcd
[  972.490440][ T5857] usb 5-1: config 32 has 1 interface, different from the descriptor's value: 2
[  972.517148][ T5857] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 30768, setting to 8
[  972.533143][T12986] loop3: detected capacity change from 0 to 2048
[  972.553349][ T5857] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  972.579396][ T5857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  972.602519][T12977] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  972.629861][T12986] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  972.644911][T12986] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  972.686934][T11535] EXT4-fs (loop3): unmounting filesystem.
[  972.812195][T12996] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3507'.
[  972.816422][ T5857] usb 5-1: string descriptor 0 read error: -71
[  972.844807][ T5857] usb 5-1: USB disconnect, device number 31
[  973.101436][T11775] udevd[11775]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:32.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  973.515665][T13011] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3512'.
[  973.526833][T13011] device vlan2 entered promiscuous mode
[  973.770915][T13017] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3514'.
[  974.583317][T13030] loop4: detected capacity change from 0 to 256
[  974.606610][T13030] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  974.787516][T13006] loop3: detected capacity change from 0 to 40427
[  974.963757][T13038] exFAT-fs (loop4): hint_cluster is invalid (17)
[  976.427882][   T28] audit: type=1400 audit(1743263464.309:803): avc:  denied  { mount } for  pid=13043 comm="syz.1.3519" name="/" dev="configfs" ino=7791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  977.447531][T13049] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3520'.
[  977.482150][   T28] audit: type=1400 audit(1743263464.339:804): avc:  denied  { read } for  pid=13043 comm="syz.1.3519" name="/" dev="configfs" ino=7791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  977.540739][   T28] audit: type=1400 audit(1743263464.339:805): avc:  denied  { open } for  pid=13043 comm="syz.1.3519" path="/105/file0" dev="configfs" ino=7791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  977.564051][   T28] audit: type=1400 audit(1743263464.339:806): avc:  denied  { write } for  pid=13043 comm="syz.1.3519" name="/" dev="configfs" ino=7791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  977.588266][   T28] audit: type=1400 audit(1743263465.429:807): avc:  denied  { unmount } for  pid=10891 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  977.652449][T13059] loop1: detected capacity change from 0 to 1024
[  977.686490][T13059] EXT4-fs: Ignoring removed i_version option
[  977.830017][T13059] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  977.839240][T13059] EXT4-fs (loop1): unmounting filesystem.
[  978.674494][T13059] loop1: detected capacity change from 0 to 1024
[  978.783342][T13059] EXT4-fs: Ignoring removed orlov option
[  978.799784][T13059] EXT4-fs (loop1): Test dummy encryption mode enabled
[  978.829016][T13059] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  978.830821][T13072] loop2: detected capacity change from 0 to 1024
[  978.848595][T13059] EXT4-fs (loop1): unmounting filesystem.
[  978.860217][T13072] EXT4-fs: Ignoring removed orlov option
[  978.865698][T13072] EXT4-fs: Ignoring removed orlov option
[  978.879252][T13072] EXT4-fs: Ignoring removed oldalloc option
[  978.905371][T13072] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  978.939416][T13072] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[  978.961002][T13072] EXT4-fs (loop2): invalid journal inode
[  978.966513][T13072] EXT4-fs (loop2): can't get journal size
[  978.993670][T13072] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  979.119704][T10613] EXT4-fs (loop2): unmounting filesystem.
[  979.633963][T13086] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3531'.
[  979.954099][T13085] loop2: detected capacity change from 0 to 40427
[  980.080943][T13085] F2FS-fs (loop2): Unrecognized mount option "ynline_xattr" or missing value
[  980.455275][T13097] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3534'.
[  981.990560][T13126] loop4: detected capacity change from 0 to 256
[  982.699322][  T367] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  982.889401][  T367] usb 5-1: Using ep0 maxpacket: 32
[  982.895616][  T367] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  982.919330][  T367] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  982.966593][  T367] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  982.976683][  T367] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.001719][  T367] usb 5-1: config 0 descriptor??
[  983.799032][T13136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  983.842716][T13136] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  984.089712][  T367] hub 5-1:0.0: USB hub found
[  984.095203][  T367] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  984.305127][  T367] usbhid 5-1:0.0: can't add hid device: -71
[  984.310978][  T367] usbhid: probe of 5-1:0.0 failed with error -71
[  984.544483][T13160] loop1: detected capacity change from 0 to 256
[  984.666336][T13160] FAT-fs (loop1): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[  985.629837][  T367] usb 5-1: USB disconnect, device number 32
[  985.645289][T13160] loop1: detected capacity change from 0 to 512
[  985.669643][T13160] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  985.694935][T13160] EXT4-fs (loop1): invalid journal inode
[  985.707252][T13170] loop2: detected capacity change from 0 to 256
[  985.709830][T13160] EXT4-fs (loop1): can't get journal size
[  985.732721][T13170] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  985.751937][T13165] fuse: Bad value for 'fd'
[  985.760074][T13160] EXT4-fs (loop1): 1 truncate cleaned up
[  985.765591][T13160] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  985.788336][   T28] audit: type=1400 audit(1743263473.669:808): avc:  denied  { mounton } for  pid=13157 comm="syz.1.3551" path="/110/file0/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  985.877634][   T28] audit: type=1400 audit(1743263473.759:809): avc:  denied  { accept } for  pid=13157 comm="syz.1.3551" path="socket:[72619]" dev="sockfs" ino=72619 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  985.932863][   T28] audit: type=1400 audit(1743263473.819:810): avc:  denied  { unmount } for  pid=10891 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  985.957278][T10891] EXT4-fs (loop1): unmounting filesystem.
[  986.134110][T13183] exFAT-fs (loop2): hint_cluster is invalid (17)
[  987.385919][T13197] overlayfs: missing 'lowerdir'
[  988.608627][T13216] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3567'.
[  988.709433][T11923] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  988.911482][T11923] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  988.998949][T11923] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  989.021080][T11923] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  989.039315][T11923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  989.047134][T11923] usb 2-1: Product: syz
[  989.058856][T11923] usb 2-1: Manufacturer: syz
[  989.077336][T11923] usb 2-1: SerialNumber: syz
[  990.565845][T13203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  990.642833][T13203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  990.684435][T11923] usb 2-1: 0:2 : does not exist
[  990.692906][T11923] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  990.717916][T11923] usb 2-1: USB disconnect, device number 43
[  990.732454][T13248] udevd[13248]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  991.122577][T13264] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3580'.
[  993.188206][T13300] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3589'.
[  993.207289][T13300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3589'.
[  993.216194][T13300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3589'.
[  993.272465][T13310] loop1: detected capacity change from 0 to 256
[  993.294897][T13310] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  995.511994][T13314] loop2: detected capacity change from 0 to 40427
[  996.708711][T13321] loop3: detected capacity change from 0 to 1024
[  996.724584][   T28] audit: type=1400 audit(1743263484.609:811): avc:  denied  { map } for  pid=13324 comm="syz.0.3596" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=74010 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  996.758834][T13321] EXT4-fs: Ignoring removed orlov option
[  996.765657][T13325] veth1_to_batadv: vlans aren't supported yet for dev_uc|mc_add()
[  996.832842][   T28] audit: type=1400 audit(1743263484.639:812): avc:  denied  { write } for  pid=13324 comm="syz.0.3596" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=74010 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  996.857280][T13321] EXT4-fs: Ignoring removed orlov option
[  996.864620][T13321] EXT4-fs: Ignoring removed oldalloc option
[  996.943977][T13321] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  996.954972][T13321] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[  996.973421][T13321] EXT4-fs (loop3): invalid journal inode
[  996.978940][T13321] EXT4-fs (loop3): can't get journal size
[  996.986446][T13321] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  997.064172][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1000.349382][ T9708] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1000.896024][T13401] loop2: detected capacity change from 0 to 256
[ 1001.331335][T13401] FAT-fs (loop2): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1001.458636][T13411] loop2: detected capacity change from 0 to 256
[ 1001.466796][T13411] FAT-fs (loop2): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1001.807665][T13418] FAULT_INJECTION: forcing a failure.
[ 1001.807665][T13418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1001.829194][T13418] CPU: 0 PID: 13418 Comm: syz.3.3624 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[ 1001.838933][T13418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1001.848830][T13418] Call Trace:
[ 1001.851948][T13418]  <TASK>
[ 1001.854725][T13418]  dump_stack_lvl+0x151/0x1b7
[ 1001.859250][T13418]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1001.864536][T13418]  ? __kmalloc_node+0x12d/0x1e0
[ 1001.869222][T13418]  dump_stack+0x15/0x18
[ 1001.873212][T13418]  should_fail_ex+0x3d0/0x520
[ 1001.877733][T13418]  should_fail+0xb/0x10
[ 1001.879771][T13411] loop2: detected capacity change from 0 to 512
[ 1001.881714][T13418]  should_fail_usercopy+0x1a/0x20
[ 1001.892655][T13418]  _copy_from_user+0x1e/0xc0
[ 1001.897083][T13418]  map_lookup_elem+0x3a4/0x5c0
[ 1001.901682][T13418]  __sys_bpf+0x4ba/0x7f0
[ 1001.905764][T13418]  ? bpf_link_show_fdinfo+0x300/0x300
[ 1001.910970][T13418]  ? bpf_trace_run1+0x240/0x240
[ 1001.915653][T13418]  ? __ia32_sys_read+0x90/0x90
[ 1001.920260][T13418]  __x64_sys_bpf+0x7c/0x90
[ 1001.924508][T13418]  x64_sys_call+0x87f/0x9a0
[ 1001.928846][T13418]  do_syscall_64+0x3b/0xb0
[ 1001.933097][T13418]  ? clear_bhb_loop+0x55/0xb0
[ 1001.937613][T13418]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1001.943342][T13418] RIP: 0033:0x7f2ada58d169
[ 1001.947593][T13418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1001.967037][T13418] RSP: 002b:00007f2adb383038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1001.975285][T13418] RAX: ffffffffffffffda RBX: 00007f2ada7a5fa0 RCX: 00007f2ada58d169
[ 1001.977142][T13411] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[ 1001.983086][T13418] RDX: 0000000000000020 RSI: 0000200000001100 RDI: 0000000000000001
[ 1001.983106][T13418] RBP: 00007f2adb383090 R08: 0000000000000000 R09: 0000000000000000
[ 1001.983119][T13418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1001.983131][T13418] R13: 0000000000000000 R14: 00007f2ada7a5fa0 R15: 00007ffc02d68238
[ 1001.983152][T13418]  </TASK>
[ 1001.995035][T13411] EXT4-fs (loop2): invalid journal inode
[ 1002.045471][T13411] EXT4-fs (loop2): can't get journal size
[ 1002.092116][T13423] loop4: detected capacity change from 0 to 256
[ 1002.331421][T13411] EXT4-fs (loop2): 1 truncate cleaned up
[ 1002.542523][T13411] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1003.579043][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1005.635768][T13453] loop1: detected capacity change from 0 to 40427
[ 1005.764645][T13456] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3632'.
[ 1006.089420][T13248] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1008.078197][T13480] 9pnet_fd: Insufficient options for proto=fd
[ 1008.511600][T13493] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3644'.
[ 1010.375564][T13519] loop4: detected capacity change from 0 to 256
[ 1010.605801][T13519] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1010.758183][T13523] overlayfs: missing 'lowerdir'
[ 1010.862764][   T28] audit: type=1400 audit(1743263498.749:813): avc:  denied  { map } for  pid=13531 comm="syz.3.3654" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1010.870757][T13532] loop3: detected capacity change from 0 to 512
[ 1011.399372][T13532] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1011.499332][T13532] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[ 1011.860242][T13548] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3657'.
[ 1011.876378][T13548] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3657'.
[ 1011.905778][T13532] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended
[ 1011.933946][T13532] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[ 1011.999745][T13532] System zones: 0-2, 18-18, 34-34
[ 1012.090108][T13532] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended
[ 1012.111258][T13532] EXT4-fs (loop3): 1 truncate cleaned up
[ 1012.116786][T13532] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1012.502070][T13566] loop1: detected capacity change from 0 to 1024
[ 1012.519820][   T28] audit: type=1400 audit(1743263500.379:814): avc:  denied  { append } for  pid=13531 comm="syz.3.3654" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1012.539649][T13566] EXT4-fs: Ignoring removed orlov option
[ 1012.550569][T13566] EXT4-fs: Ignoring removed orlov option
[ 1012.559772][T13566] EXT4-fs: Ignoring removed oldalloc option
[ 1012.570685][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1012.570858][T13566] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1012.620865][T13566] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1012.633251][T13566] EXT4-fs (loop1): invalid journal inode
[ 1012.638753][T13566] EXT4-fs (loop1): can't get journal size
[ 1012.653979][T13566] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1012.774814][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1013.055973][T13581] loop3: detected capacity change from 0 to 512
[ 1013.085948][T13581] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[ 1013.094894][T13581] EXT4-fs (loop3): invalid journal inode
[ 1013.101542][T13581] EXT4-fs (loop3): can't get journal size
[ 1013.119937][T13581] EXT4-fs (loop3): 1 truncate cleaned up
[ 1013.126509][T13581] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1013.180845][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1013.253772][T13592] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3671'.
[ 1013.267807][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3671'.
[ 1014.908322][T13602] loop3: detected capacity change from 0 to 40427
[ 1016.431918][T13634] loop2: detected capacity change from 0 to 256
[ 1016.547230][T13639] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3683'.
[ 1016.559389][T13639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3683'.
[ 1016.573589][T13636] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1016.590240][T13636] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1016.630957][T13644] loop3: detected capacity change from 0 to 256
[ 1016.699745][T13644] FAT-fs (loop3): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1016.805390][T13644] loop3: detected capacity change from 0 to 512
[ 1016.839192][T13650] loop1: detected capacity change from 0 to 512
[ 1016.868884][T13644] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[ 1016.880369][T13650] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1016.908862][T13644] EXT4-fs (loop3): invalid journal inode
[ 1016.919649][T13650] EXT4-fs (loop1): invalid journal inode
[ 1016.939398][T13650] EXT4-fs (loop1): can't get journal size
[ 1016.945380][T13644] EXT4-fs (loop3): can't get journal size
[ 1016.957812][T13650] EXT4-fs (loop1): 1 truncate cleaned up
[ 1016.969339][T13650] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1017.050949][T13644] EXT4-fs (loop3): 1 truncate cleaned up
[ 1017.056553][T13644] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1017.066321][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1017.100833][   T28] audit: type=1400 audit(1743263760.988:815): avc:  denied  { map } for  pid=13641 comm="syz.3.3687" path="/117/file0/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1017.240414][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1018.379363][T13664] loop3: detected capacity change from 0 to 40427
[ 1018.949588][T13248] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1019.941762][T13681] usb usb8: usbfs: process 13681 (syz.0.3696) did not claim interface 0 before use
[ 1020.326828][T13684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3697'.
[ 1020.389332][ T5585] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1020.420764][T13699] loop2: detected capacity change from 0 to 256
[ 1020.429789][T13699] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1020.981086][ T5585] usb 2-1: Using ep0 maxpacket: 16
[ 1022.093303][ T5585] usb 2-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00
[ 1022.108229][ T5585] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1022.117365][ T5585] usb 2-1: config 0 descriptor??
[ 1022.996151][T11877] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[ 1023.010072][T11877] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1023.381472][T13718] loop3: detected capacity change from 0 to 40427
[ 1024.458094][ T5585] usbhid 2-1:0.0: can't add hid device: -71
[ 1024.464009][ T5585] usbhid: probe of 2-1:0.0 failed with error -71
[ 1024.489664][ T5585] usb 2-1: USB disconnect, device number 44
[ 1024.868022][T13728] overlayfs: missing 'workdir'
[ 1028.492713][T13781] loop1: detected capacity change from 0 to 40427
[ 1030.041838][T13802] loop3: detected capacity change from 0 to 256
[ 1030.048615][T13802] FAT-fs (loop3): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1030.116965][T13810] loop2: detected capacity change from 0 to 1024
[ 1030.150883][T13812] loop4: detected capacity change from 0 to 256
[ 1030.159715][T13810] EXT4-fs: Ignoring removed orlov option
[ 1030.170370][T13812] FAT-fs (loop4): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1030.178646][T13810] EXT4-fs: Ignoring removed orlov option
[ 1030.186182][T13810] EXT4-fs: Ignoring removed oldalloc option
[ 1030.194421][T13810] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1030.195793][T13802] loop3: detected capacity change from 0 to 512
[ 1030.211894][T13810] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1030.221634][T13802] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[ 1030.227865][T13810] EXT4-fs (loop2): invalid journal inode
[ 1030.229852][T13802] EXT4-fs (loop3): invalid journal inode
[ 1030.235530][T11775] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1030.251222][T13802] EXT4-fs (loop3): can't get journal size
[ 1030.257685][T13810] EXT4-fs (loop2): can't get journal size
[ 1030.427106][T13802] EXT4-fs (loop3): 1 truncate cleaned up
[ 1030.435992][T13802] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1030.469664][T13810] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1030.577074][T13819] loop1: detected capacity change from 0 to 256
[ 1030.595296][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1030.605275][T13812] loop4: detected capacity change from 0 to 512
[ 1030.614742][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1030.620125][T13819] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1030.623084][T13812] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[ 1030.790060][T13812] EXT4-fs (loop4): invalid journal inode
[ 1030.795578][T13812] EXT4-fs (loop4): can't get journal size
[ 1030.802659][T13812] EXT4-fs (loop4): 1 truncate cleaned up
[ 1030.808746][T13812] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1031.368292][T13832] exFAT-fs (loop1): hint_cluster is invalid (17)
[ 1033.194806][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1034.704146][T13845] loop2: detected capacity change from 0 to 40427
[ 1037.848399][T13857] loop4: detected capacity change from 0 to 40427
[ 1039.629344][T12712] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1040.300395][T12712] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1040.310414][T12712] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1040.339283][T12712] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1040.360245][T12712] usb 4-1: config 1 has no interface number 0
[ 1040.384567][T12712] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[ 1040.462351][T12712] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[ 1040.480470][T12712] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1040.492681][T12712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1040.501379][T12712] usb 4-1: Product: syz
[ 1040.505363][T12712] usb 4-1: Manufacturer: syz
[ 1040.510308][T12712] usb 4-1: SerialNumber: syz
[ 1041.876145][T13905] loop4: detected capacity change from 0 to 40427
[ 1041.885126][T12712] cdc_mbim: probe of 4-1:1.1 failed with error -71
[ 1041.892357][T12712] usb 4-1: USB disconnect, device number 40
[ 1041.942772][T13910] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3758'.
[ 1043.438233][T13910] loop3: detected capacity change from 0 to 40427
[ 1043.448372][T13910] F2FS-fs (loop3): Unrecognized mount option "jqfmt=vfsv1����nline_dentry" or missing value
[ 1044.085600][T13943] overlayfs: missing 'lowerdir'
[ 1044.132611][T13949] loop4: detected capacity change from 0 to 256
[ 1044.152071][T13949] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1045.005595][T13954] exFAT-fs (loop4): hint_cluster is invalid (17)
[ 1046.825576][T13962] loop3: detected capacity change from 0 to 40427
[ 1046.870015][T13248] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1048.810852][T13996] loop3: detected capacity change from 0 to 256
[ 1048.841598][T13996] FAT-fs (loop3): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1048.921215][T13996] loop3: detected capacity change from 0 to 512
[ 1048.990714][T13996] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[ 1048.999859][T13996] EXT4-fs (loop3): invalid journal inode
[ 1049.005356][T13996] EXT4-fs (loop3): can't get journal size
[ 1049.150094][T13996] EXT4-fs (loop3): 1 truncate cleaned up
[ 1049.155579][T13996] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1049.502880][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1050.052339][T14017] loop2: detected capacity change from 0 to 256
[ 1050.059706][T14017] FAT-fs (loop2): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1050.615138][T14017] loop2: detected capacity change from 0 to 512
[ 1050.704842][T14017] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[ 1051.530007][T14017] EXT4-fs (loop2): invalid journal inode
[ 1051.535648][T14017] EXT4-fs (loop2): can't get journal size
[ 1052.655572][T14017] EXT4-fs (loop2): 1 truncate cleaned up
[ 1052.671205][T14017] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1052.686926][T14053] loop1: detected capacity change from 0 to 256
[ 1052.709688][T14053] FAT-fs (loop1): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1052.739918][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1052.842228][T14053] loop1: detected capacity change from 0 to 512
[ 1052.867037][T14053] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1052.879475][T14053] EXT4-fs (loop1): invalid journal inode
[ 1052.888106][T14053] EXT4-fs (loop1): can't get journal size
[ 1052.921653][T14053] EXT4-fs (loop1): 1 truncate cleaned up
[ 1052.927194][T14053] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1053.333083][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1054.598944][T14089] loop1: detected capacity change from 0 to 1024
[ 1054.612665][T14089] EXT4-fs: Ignoring removed orlov option
[ 1054.633705][T14090] loop3: detected capacity change from 0 to 1024
[ 1054.640080][T14089] EXT4-fs: Ignoring removed orlov option
[ 1054.645549][T14089] EXT4-fs: Ignoring removed oldalloc option
[ 1054.670919][T14090] EXT4-fs: Ignoring removed orlov option
[ 1054.676406][T14090] EXT4-fs: Ignoring removed orlov option
[ 1054.719454][T14090] EXT4-fs: Ignoring removed oldalloc option
[ 1054.726067][T14089] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1054.737161][T14090] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1054.748184][T14089] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1054.757994][T14090] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1054.839632][T14089] EXT4-fs (loop1): invalid journal inode
[ 1054.855502][T14089] EXT4-fs (loop1): can't get journal size
[ 1054.869829][T14090] EXT4-fs (loop3): invalid journal inode
[ 1055.037298][T14090] EXT4-fs (loop3): can't get journal size
[ 1055.134388][T14089] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1055.145529][T14090] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1055.181631][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1055.268555][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1055.911075][T14115] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3812'.
[ 1055.968738][T14117] loop4: detected capacity change from 0 to 256
[ 1055.988129][T14117] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1057.129630][T14122] exFAT-fs (loop4): hint_cluster is invalid (17)
[ 1059.502057][T14139] device batadv_slave_1 entered promiscuous mode
[ 1059.510507][   T28] audit: type=1400 audit(1743264059.401:816): avc:  denied  { setopt } for  pid=14129 comm="syz.0.3815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1059.528406][T14129] device batadv_slave_1 left promiscuous mode
[ 1059.537701][   T28] audit: type=1400 audit(1743264059.411:817): avc:  denied  { write } for  pid=14129 comm="syz.0.3815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1060.349668][T14158] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3825'.
[ 1064.631301][T14168] loop4: detected capacity change from 0 to 40427
[ 1064.914394][T14187] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3831'.
[ 1065.322993][T14187] netlink: 'syz.1.3831': attribute type 4 has an invalid length.
[ 1065.330688][T14187] netlink: 'syz.1.3831': attribute type 5 has an invalid length.
[ 1065.338319][T14187] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3831'.
[ 1065.585872][T13546] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1066.880322][T13546] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1066.909293][T13546] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1066.922719][T13546] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1066.949272][T13546] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1066.957102][T13546] usb 5-1: SerialNumber: syz
[ 1067.173258][T14191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1067.189423][T14191] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1067.198582][T14191] device pim6reg1 entered promiscuous mode
[ 1067.231262][T13546] usb 5-1: 0:2 : does not exist
[ 1067.236901][T13546] usb 5-1: unit 6 not found!
[ 1067.249938][T13546] usb 5-1: USB disconnect, device number 33
[ 1067.509592][T13248] udevd[13248]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1068.235398][T14240] loop1: detected capacity change from 0 to 40427
[ 1068.279697][T13248] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1068.654142][T14252] loop3: detected capacity change from 0 to 1024
[ 1068.669763][T14252] EXT4-fs: Ignoring removed orlov option
[ 1068.689366][T14252] EXT4-fs: Ignoring removed orlov option
[ 1068.694844][T14252] EXT4-fs: Ignoring removed oldalloc option
[ 1068.709842][T14252] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1068.729310][T14252] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1068.749512][T14252] EXT4-fs (loop3): invalid journal inode
[ 1068.755013][T14252] EXT4-fs (loop3): can't get journal size
[ 1068.780435][T14252] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1068.810372][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1068.842972][T14255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3850'.
[ 1072.849642][T14264] loop2: detected capacity change from 0 to 40427
[ 1073.011653][T13248] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1073.786609][T14278] loop2: detected capacity change from 0 to 128
[ 1075.581547][T14278] device pim6reg1 entered promiscuous mode
[ 1077.364871][  T315] kworker/u4:3: attempt to access beyond end of device
[ 1077.364871][  T315] loop2: rw=1, sector=145, nr_sectors = 896 limit=128
[ 1078.275514][T14328] loop1: detected capacity change from 0 to 256
[ 1078.304107][T14328] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1079.922516][T14336] exFAT-fs (loop1): hint_cluster is invalid (17)
[ 1079.942120][T14335] loop3: detected capacity change from 0 to 40427
[ 1080.043042][T11775] I/O error, dev loop3, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1083.080201][T14378] loop2: detected capacity change from 0 to 256
[ 1083.468858][T14378] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1085.090767][T14392] exFAT-fs (loop2): hint_cluster is invalid (17)
[ 1085.322132][T14400] loop1: detected capacity change from 0 to 2048
[ 1085.366627][T14400] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1085.393437][T14400] EXT4-fs: dax option not supported
[ 1085.705302][T14405] tipc: Started in network mode
[ 1085.710071][T14405] tipc: Node identity ac14140f, cluster identity 4711
[ 1085.716683][T14405] tipc: New replicast peer: 255.255.255.255
[ 1085.722564][T14405] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1087.677362][T14424] loop2: detected capacity change from 0 to 256
[ 1087.716002][T14430] loop3: detected capacity change from 0 to 256
[ 1087.788574][T14430] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1087.820825][T14424] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1089.725063][T12844] tipc: Node number set to 2886997007
[ 1089.752037][T14443] 9pnet_fd: Insufficient options for proto=fd
[ 1094.307289][T14461] loop4: detected capacity change from 0 to 2048
[ 1094.335809][T14461] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1094.343771][T14465] loop1: detected capacity change from 0 to 256
[ 1094.358570][T14461] EXT4-fs: dax option not supported
[ 1094.373652][T14465] FAT-fs (loop1): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1094.606983][T14467] tipc: Started in network mode
[ 1094.611735][T14467] tipc: Node identity ac14140f, cluster identity 4711
[ 1094.618343][T14467] tipc: New replicast peer: 255.255.255.255
[ 1094.624427][T14467] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1094.631102][T14465] loop1: detected capacity change from 0 to 512
[ 1094.640285][T14465] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1094.648407][T14465] EXT4-fs (loop1): invalid journal inode
[ 1094.657024][T14465] EXT4-fs (loop1): can't get journal size
[ 1094.664077][T14465] EXT4-fs (loop1): 1 truncate cleaned up
[ 1094.669606][T14465] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1094.820845][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1094.845035][T14476] loop1: detected capacity change from 0 to 1024
[ 1094.851537][T14476] EXT4-fs: Ignoring removed orlov option
[ 1094.857011][T14476] EXT4-fs: Ignoring removed orlov option
[ 1094.863238][T14476] EXT4-fs: Ignoring removed oldalloc option
[ 1094.870075][T14476] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1094.881522][T14476] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1094.892661][T14476] EXT4-fs (loop1): invalid journal inode
[ 1094.898511][T14476] EXT4-fs (loop1): can't get journal size
[ 1096.148741][  T321] tipc: Node number set to 2886997007
[ 1096.166001][T14476] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1096.202199][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1096.633278][T14498] loop1: detected capacity change from 0 to 1024
[ 1096.646430][T14498] EXT4-fs: Ignoring removed orlov option
[ 1096.652187][T14498] EXT4-fs: Ignoring removed orlov option
[ 1096.657994][T14498] EXT4-fs: Ignoring removed oldalloc option
[ 1096.671737][T14498] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1096.682521][T14498] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1096.692866][T14498] EXT4-fs (loop1): invalid journal inode
[ 1096.698403][T14498] EXT4-fs (loop1): can't get journal size
[ 1096.705782][T14498] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1096.709314][  T321] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1096.776816][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1096.980417][  T321] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1096.996375][  T321] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1097.019534][  T321] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1097.036235][  T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1097.051530][  T321] usb 4-1: SerialNumber: syz
[ 1097.089978][T14511] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3909'.
[ 1097.178773][T14514] loop4: detected capacity change from 0 to 256
[ 1097.218052][T14514] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1097.262660][T14489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1097.340850][T14489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1097.382444][T14489] device pim6reg1 entered promiscuous mode
[ 1097.400643][  T321] usb 4-1: 0:2 : does not exist
[ 1097.415312][  T321] usb 4-1: unit 6 not found!
[ 1097.551157][T14522] exFAT-fs (loop4): hint_cluster is invalid (17)
[ 1097.718117][  T321] usb 4-1: USB disconnect, device number 41
[ 1098.321464][T13248] udevd[13248]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1101.322813][T14558] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3921'.
[ 1101.427955][T14563] loop2: detected capacity change from 0 to 1024
[ 1101.457756][T14563] EXT4-fs: Ignoring removed orlov option
[ 1101.466135][T14563] EXT4-fs: Ignoring removed orlov option
[ 1101.486024][T14563] EXT4-fs: Ignoring removed oldalloc option
[ 1101.499656][T14563] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1101.519272][T14563] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1101.550120][T14563] EXT4-fs (loop2): invalid journal inode
[ 1101.565803][T14563] EXT4-fs (loop2): can't get journal size
[ 1101.584659][T14563] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1101.764493][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1101.820812][T14574] loop2: detected capacity change from 0 to 256
[ 1101.841556][T14574] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1102.104422][T14578] exFAT-fs (loop2): hint_cluster is invalid (17)
[ 1103.042950][T14588] loop2: detected capacity change from 0 to 256
[ 1103.212622][T14588] exfat: Deprecated parameter 'utf8'
[ 1103.267565][T14588] exfat: Deprecated parameter 'utf8'
[ 1103.340307][T14588] exfat: Deprecated parameter 'namecase'
[ 1103.371576][T14588] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[ 1103.431252][   T28] audit: type=1400 audit(1743264103.321:818): avc:  denied  { remount } for  pid=14587 comm="syz.2.3929" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1103.481811][   T28] audit: type=1400 audit(1743264103.351:819): avc:  denied  { write } for  pid=14587 comm="syz.2.3929" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 1104.841748][T14623] device pim6reg1 entered promiscuous mode
[ 1104.902192][T14626] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3940'.
[ 1105.111789][T14633] FAULT_INJECTION: forcing a failure.
[ 1105.111789][T14633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1105.124760][T14633] CPU: 0 PID: 14633 Comm: syz.4.3943 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[ 1105.134575][T14633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1105.144471][T14633] Call Trace:
[ 1105.147589][T14633]  <TASK>
[ 1105.150369][T14633]  dump_stack_lvl+0x151/0x1b7
[ 1105.154886][T14633]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1105.160183][T14633]  dump_stack+0x15/0x18
[ 1105.164175][T14633]  should_fail_ex+0x3d0/0x520
[ 1105.168690][T14633]  should_fail+0xb/0x10
[ 1105.172679][T14633]  should_fail_usercopy+0x1a/0x20
[ 1105.177536][T14633]  _copy_from_user+0x1e/0xc0
[ 1105.181963][T14633]  bpf_test_init+0x12e/0x190
[ 1105.186412][T14633]  bpf_prog_test_run_skb+0x297/0x13a0
[ 1105.191607][T14633]  ? __bpf_prog_test_run_raw_tp+0x2e0/0x2e0
[ 1105.197329][T14633]  ? __kasan_check_write+0x14/0x20
[ 1105.202272][T14633]  ? fput+0x15b/0x1b0
[ 1105.206092][T14633]  ? __bpf_prog_test_run_raw_tp+0x2e0/0x2e0
[ 1105.211823][T14633]  bpf_prog_test_run+0x3b0/0x630
[ 1105.216596][T14633]  ? bpf_prog_query+0x260/0x260
[ 1105.221277][T14633]  ? selinux_bpf+0xd2/0x100
[ 1105.225618][T14633]  ? security_bpf+0x82/0xb0
[ 1105.229962][T14633]  __sys_bpf+0x59f/0x7f0
[ 1105.234039][T14633]  ? bpf_link_show_fdinfo+0x300/0x300
[ 1105.239254][T14633]  ? __ia32_sys_read+0x90/0x90
[ 1105.243846][T14633]  ? debug_smp_processor_id+0x17/0x20
[ 1105.249051][T14633]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1105.254954][T14633]  __x64_sys_bpf+0x7c/0x90
[ 1105.259210][T14633]  x64_sys_call+0x87f/0x9a0
[ 1105.263546][T14633]  do_syscall_64+0x3b/0xb0
[ 1105.267802][T14633]  ? clear_bhb_loop+0x55/0xb0
[ 1105.272312][T14633]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1105.278044][T14633] RIP: 0033:0x7f7361d8d169
[ 1105.282295][T14633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1105.301736][T14633] RSP: 002b:00007f7362b2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1105.309981][T14633] RAX: ffffffffffffffda RBX: 00007f7361fa5fa0 RCX: 00007f7361d8d169
[ 1105.317791][T14633] RDX: 000000000000001e RSI: 0000200000000080 RDI: 000000000000000a
[ 1105.325606][T14633] RBP: 00007f7362b2d090 R08: 0000000000000000 R09: 0000000000000000
[ 1105.333415][T14633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1105.341249][T14633] R13: 0000000000000000 R14: 00007f7361fa5fa0 R15: 00007ffc7a777858
[ 1105.349046][T14633]  </TASK>
[ 1107.091717][T14664] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3952'.
[ 1107.144973][T14668] loop2: detected capacity change from 0 to 16
[ 1107.152444][T14668] erofs: (device loop2): erofs_init_device: empty device tag @ pos 0
[ 1107.233108][T14670] Illegal XDP return value 4294967274 on prog  (id 3530) dev N/A, expect packet loss!
[ 1107.276228][T14677] loop3: detected capacity change from 0 to 512
[ 1107.313735][T14677] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1107.348149][T14677] EXT4-fs: Ignoring removed bh option
[ 1107.360033][T13248] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1107.576322][T14677] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1107.606278][T14677] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1107.638954][T14677] EXT4-fs (loop3): 1 truncate cleaned up
[ 1107.648411][T14677] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1107.715235][   T28] audit: type=1400 audit(1743264107.601:820): avc:  denied  { mount } for  pid=14676 comm="syz.3.3958" name="/" dev="ramfs" ino=80260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 1107.803642][T11535] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /175/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1107.858036][T11535] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1108.008250][T11535] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /175/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1108.046889][T11535] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1108.067164][T11535] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /175/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1108.100342][T11535] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1108.122613][T11535] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /175/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1108.147543][T11535] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1108.169823][T11535] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /175/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[ 1108.204957][T11535] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[ 1108.384010][T11535] EXT4-fs (loop3): unmounting filesystem.
[ 1109.707769][T14722] loop1: detected capacity change from 0 to 40427
[ 1110.083026][T13248] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1110.275891][T14712] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1110.292686][T14712] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.308611][T14712] device bridge_slave_0 entered promiscuous mode
[ 1110.355559][T14712] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1110.444725][T14712] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1110.458557][T14712] device bridge_slave_1 entered promiscuous mode
[ 1110.822189][ T1379] device bridge_slave_1 left promiscuous mode
[ 1110.835421][ T1379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1110.849422][ T1379] device bridge_slave_0 left promiscuous mode
[ 1110.855420][ T1379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.869394][ T1379] device veth1_macvtap left promiscuous mode
[ 1110.875266][ T1379] device veth0_vlan left promiscuous mode
[ 1110.884809][T14743] loop1: detected capacity change from 0 to 16
[ 1110.906121][T14743] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1111.078083][T14712] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1111.085114][T14712] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1111.092305][T14712] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1111.099162][T14712] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1111.113858][   T28] audit: type=1400 audit(1743264111.001:821): avc:  denied  { watch } for  pid=14745 comm="syz.0.3979" path="/255" dev="tmpfs" ino=1404 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1111.158046][T14458] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1111.169304][T14458] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1111.181756][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1111.194716][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1111.253389][T14712] device veth0_vlan entered promiscuous mode
[ 1111.267750][T14712] device veth1_macvtap entered promiscuous mode
[ 1111.284922][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1111.305579][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1111.331169][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1111.339497][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1111.347028][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1111.360752][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1111.371952][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1111.388788][T14458] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1111.395710][T14458] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1111.419722][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1111.428623][T14458] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1111.435522][T14458] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1111.444787][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1111.453919][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1111.475433][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1111.496991][T14458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1111.799050][T14760] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3967'.
[ 1111.821561][   T28] audit: type=1400 audit(1743264111.711:822): avc:  denied  { write } for  pid=14761 comm="syz.1.3984" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1111.821766][T14763] random: crng reseeded on system resumption
[ 1111.936452][   T28] audit: type=1400 audit(1743264111.711:823): avc:  denied  { open } for  pid=14761 comm="syz.1.3984" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1113.649860][T14774] loop5: detected capacity change from 0 to 40427
[ 1113.758011][  T406] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1113.780015][T13248] I/O error, dev loop5, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1115.122789][T14784] loop1: detected capacity change from 0 to 256
[ 1115.331697][T14779] loop2: detected capacity change from 0 to 40427
[ 1115.343920][T14784] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1117.429107][  T406] usb 2-1: device not accepting address 45, error -71
[ 1118.280683][T14811] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3995'.
[ 1122.912079][T14876] loop1: detected capacity change from 0 to 256
[ 1122.953518][T14878] loop2: detected capacity change from 0 to 256
[ 1122.961557][T14876] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1123.006452][T14878] FAT-fs (loop2): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1123.054075][T14884] loop4: detected capacity change from 0 to 256
[ 1123.069662][T14884] FAT-fs (loop4): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1123.104278][T13248] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1124.779860][T11775] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1124.790916][T14878] loop2: detected capacity change from 0 to 512
[ 1124.809993][T14878] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[ 1124.919585][T14889] syz.0.4014 (14889) used greatest stack depth: 19904 bytes left
[ 1125.741091][T14878] EXT4-fs (loop2): invalid journal inode
[ 1125.756812][T14878] EXT4-fs (loop2): can't get journal size
[ 1125.790116][T14878] EXT4-fs (loop2): 1 truncate cleaned up
[ 1125.797241][T14878] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1125.833901][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1126.006840][T14884] loop4: detected capacity change from 0 to 512
[ 1126.025678][T14912] x_tables: duplicate underflow at hook 1
[ 1126.137308][T14884] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[ 1126.262015][T14884] EXT4-fs (loop4): invalid journal inode
[ 1126.274863][T14884] EXT4-fs (loop4): can't get journal size
[ 1126.447580][T14884] EXT4-fs (loop4): 1 truncate cleaned up
[ 1126.453246][T14884] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1126.488032][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1129.951250][T14942] loop4: detected capacity change from 0 to 40427
[ 1130.895919][T14953] loop2: detected capacity change from 0 to 256
[ 1130.937620][T14953] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1131.296064][T14960] exFAT-fs (loop2): hint_cluster is invalid (17)
[ 1132.710631][T14981] loop1: detected capacity change from 0 to 1024
[ 1132.722304][T14981] EXT4-fs: Ignoring removed orlov option
[ 1132.728002][T14981] EXT4-fs: Ignoring removed orlov option
[ 1132.736474][T14981] EXT4-fs: Ignoring removed oldalloc option
[ 1132.751328][T14981] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1132.777634][T14981] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1132.801784][T14981] EXT4-fs (loop1): invalid journal inode
[ 1132.807291][T14981] EXT4-fs (loop1): can't get journal size
[ 1132.823649][T14981] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1132.851415][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1137.547312][T15043] loop4: detected capacity change from 0 to 40427
[ 1137.711602][T13248] I/O error, dev loop4, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1141.343406][T15087] loop2: detected capacity change from 0 to 40427
[ 1141.658439][T13248] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1142.194881][T15090] loop1: detected capacity change from 0 to 256
[ 1142.216618][T15090] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1148.160573][T15128] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1149.789317][T15141] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4078'.
[ 1149.798120][T15141] device lo entered promiscuous mode
[ 1149.803787][T15141] device tunl0 entered promiscuous mode
[ 1149.809503][T15141] device gre0 entered promiscuous mode
[ 1149.815109][T15141] device gretap0 entered promiscuous mode
[ 1149.821398][T15141] device erspan0 entered promiscuous mode
[ 1149.827485][T15141] device ip_vti0 entered promiscuous mode
[ 1149.833403][T15141] device ip6_vti0 entered promiscuous mode
[ 1149.839404][T15141] device sit0 entered promiscuous mode
[ 1149.845043][T15141] device ip6tnl0 entered promiscuous mode
[ 1149.851118][T15141] device ip6gre0 entered promiscuous mode
[ 1149.856987][T15141] device syz_tun entered promiscuous mode
[ 1149.863189][T15141] device ip6gretap0 entered promiscuous mode
[ 1149.869593][T15141] device bridge0 entered promiscuous mode
[ 1149.875760][T15141] device vcan0 entered promiscuous mode
[ 1149.881219][T15141] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1149.888194][T15141] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1149.895294][T15141] device dummy0 entered promiscuous mode
[ 1149.901065][T15141] device veth0 entered promiscuous mode
[ 1149.907031][T15141] device veth1 entered promiscuous mode
[ 1149.913038][T15141] device wg0 entered promiscuous mode
[ 1149.918606][T15141] device wg1 entered promiscuous mode
[ 1149.924305][T15141] device wg2 entered promiscuous mode
[ 1149.929880][T15141] device veth0_to_bridge entered promiscuous mode
[ 1149.937174][T15141] device veth1_to_bridge entered promiscuous mode
[ 1149.944488][T15141] device veth0_to_bond entered promiscuous mode
[ 1149.951157][T15141] device bond_slave_0 entered promiscuous mode
[ 1149.957548][T15141] device veth1_to_bond entered promiscuous mode
[ 1149.964408][T15141] device bond_slave_1 entered promiscuous mode
[ 1149.970847][T15141] device veth0_to_team entered promiscuous mode
[ 1149.977485][T15141] device team_slave_0 entered promiscuous mode
[ 1149.983889][T15141] device veth1_to_team entered promiscuous mode
[ 1149.990802][T15141] device team_slave_1 entered promiscuous mode
[ 1149.997867][T15141] device veth0_to_batadv entered promiscuous mode
[ 1150.004721][T15141] device batadv_slave_0 entered promiscuous mode
[ 1150.011495][T15141] device veth1_to_batadv entered promiscuous mode
[ 1150.018448][T15141] device batadv_slave_1 entered promiscuous mode
[ 1150.025320][T15141] device xfrm0 entered promiscuous mode
[ 1150.031053][T15141] device veth0_to_hsr entered promiscuous mode
[ 1150.037588][T15141] device hsr_slave_0 entered promiscuous mode
[ 1150.044309][T15141] device veth1_to_hsr entered promiscuous mode
[ 1150.050917][T15141] device hsr_slave_1 entered promiscuous mode
[ 1150.057337][T15141] device veth1_virt_wifi entered promiscuous mode
[ 1150.064219][T15141] device veth0_virt_wifi entered promiscuous mode
[ 1150.071155][T15141] device veth1_vlan entered promiscuous mode
[ 1150.078701][T15141] device vlan0 entered promiscuous mode
[ 1150.084728][T15141] device vlan1 entered promiscuous mode
[ 1150.091218][T15141] device veth0_macvtap entered promiscuous mode
[ 1150.097827][T15141] device macsec0 entered promiscuous mode
[ 1150.224221][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 1150.232979][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1150.241615][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 1150.256992][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1150.270594][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1150.279971][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1150.289018][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1150.297953][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1150.629991][T15169] loop2: detected capacity change from 0 to 1024
[ 1150.636402][T15169] EXT4-fs: Ignoring removed orlov option
[ 1150.642054][T15169] EXT4-fs: Ignoring removed orlov option
[ 1150.647563][T15169] EXT4-fs: Ignoring removed oldalloc option
[ 1150.654080][T15169] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1150.665668][T15169] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1150.672589][T15171] loop4: detected capacity change from 0 to 512
[ 1150.676096][T15169] EXT4-fs (loop2): invalid journal inode
[ 1150.687082][T15169] EXT4-fs (loop2): can't get journal size
[ 1150.687384][T15171] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1150.698436][T15169] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1150.722845][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1150.736881][T15171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1150.746312][T15171] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1151.581104][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1153.226674][T15203] loop5: detected capacity change from 0 to 40427
[ 1153.569986][T13248] I/O error, dev loop5, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1155.328761][T15222] loop1: detected capacity change from 0 to 256
[ 1155.352096][T15222] loop7: detected capacity change from 0 to 16384
[ 1155.465673][T15225] FAULT_INJECTION: forcing a failure.
[ 1155.465673][T15225] name failslab, interval 1, probability 0, space 0, times 0
[ 1155.488545][T15225] CPU: 0 PID: 15225 Comm: syz.2.4099 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[ 1155.498285][T15225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1155.508192][T15225] Call Trace:
[ 1155.511303][T15225]  <TASK>
[ 1155.514081][T15225]  dump_stack_lvl+0x151/0x1b7
[ 1155.518593][T15225]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1155.523896][T15225]  ? x64_sys_call+0x98/0x9a0
[ 1155.528318][T15225]  dump_stack+0x15/0x18
[ 1155.532305][T15225]  should_fail_ex+0x3d0/0x520
[ 1155.536817][T15225]  __should_failslab+0xaf/0xf0
[ 1155.541421][T15225]  ? kobject_get_path+0xbf/0x210
[ 1155.546197][T15225]  should_failslab+0x9/0x20
[ 1155.550532][T15225]  __kmem_cache_alloc_node+0x3d/0x2a0
[ 1155.555741][T15225]  ? kobject_get_path+0xbf/0x210
[ 1155.560513][T15225]  __kmalloc+0xa3/0x1e0
[ 1155.564504][T15225]  kobject_get_path+0xbf/0x210
[ 1155.569104][T15225]  ? kmalloc_trace+0x44/0xa0
[ 1155.573542][T15225]  kobject_uevent_env+0x27c/0x720
[ 1155.578395][T15225]  kobject_uevent+0x1f/0x30
[ 1155.582730][T15225]  __kobject_del+0xee/0x300
[ 1155.587073][T15225]  kobject_put+0x1cc/0x260
[ 1155.591356][T15225]  netdev_queue_update_kobjects+0x406/0x4a0
[ 1155.597053][T15225]  ? skb_queue_purge+0x1a0/0x1b0
[ 1155.601830][T15225]  netif_set_real_num_tx_queues+0x15c/0x770
[ 1155.607559][T15225]  __tun_detach+0xb78/0x1510
[ 1155.611983][T15225]  __tun_chr_ioctl+0xb14/0x22d0
[ 1155.616673][T15225]  ? tun_flow_create+0x320/0x320
[ 1155.621442][T15225]  ? __fget_files+0x2cb/0x330
[ 1155.625958][T15225]  tun_chr_ioctl+0x2a/0x40
[ 1155.630203][T15225]  ? tun_chr_poll+0x670/0x670
[ 1155.634723][T15225]  __se_sys_ioctl+0x114/0x190
[ 1155.639235][T15225]  __x64_sys_ioctl+0x7b/0x90
[ 1155.643765][T15225]  x64_sys_call+0x98/0x9a0
[ 1155.648013][T15225]  do_syscall_64+0x3b/0xb0
[ 1155.652263][T15225]  ? clear_bhb_loop+0x55/0xb0
[ 1155.656776][T15225]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1155.662507][T15225] RIP: 0033:0x7f8d2058d169
[ 1155.666759][T15225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1155.686375][T15225] RSP: 002b:00007f8d21313038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1155.694617][T15225] RAX: ffffffffffffffda RBX: 00007f8d207a5fa0 RCX: 00007f8d2058d169
[ 1155.702427][T15225] RDX: 0000200000000100 RSI: 00000000400454d9 RDI: 0000000000000007
[ 1155.710239][T15225] RBP: 00007f8d21313090 R08: 0000000000000000 R09: 0000000000000000
[ 1155.718055][T15225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1155.725864][T15225] R13: 0000000000000000 R14: 00007f8d207a5fa0 R15: 00007ffebd869778
[ 1155.733684][T15225]  </TASK>
[ 1156.888096][T15251] loop4: detected capacity change from 0 to 512
[ 1156.922738][T15251] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1156.968615][T15251] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1158.493491][T15264] loop5: detected capacity change from 0 to 40427
[ 1158.551934][T15264] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[ 1158.572148][T15264] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 1158.590573][T15264] F2FS-fs (loop5): heap/no_heap options were deprecated
[ 1158.702768][T15286] loop2: detected capacity change from 0 to 512
[ 1158.773682][T15264] F2FS-fs (loop5): invalid crc value
[ 1158.893476][T15286] fscrypt (loop2, inode 2): Error -61 getting encryption context
[ 1158.901265][T15286] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -61
[ 1158.911209][T15286] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945729 > max in inode 13
[ 1158.921397][T15286] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945730 > max in inode 13
[ 1158.932507][T15286] EXT4-fs (loop2): 1 truncate cleaned up
[ 1158.938018][T15286] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1159.043872][T15264] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 1159.840619][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1159.906935][T15296] loop2: detected capacity change from 0 to 256
[ 1159.969337][T15296] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1159.992563][T15264] F2FS-fs (loop5): Start checkpoint disabled!
[ 1160.020071][T15264] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[ 1160.041414][T15264] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1160.371502][T15301] exFAT-fs (loop2): hint_cluster is invalid (17)
[ 1161.660211][T15310] loop5: detected capacity change from 0 to 1024
[ 1161.710325][T15310] EXT4-fs: Ignoring removed orlov option
[ 1161.736068][T15310] EXT4-fs: Ignoring removed orlov option
[ 1161.746342][T15310] EXT4-fs: Ignoring removed oldalloc option
[ 1161.752566][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1161.752935][T15310] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1161.769299][T15310] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1161.780040][T15310] EXT4-fs (loop5): invalid journal inode
[ 1161.807867][T15310] EXT4-fs (loop5): can't get journal size
[ 1161.819815][T15310] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1161.939080][T14712] EXT4-fs (loop5): unmounting filesystem.
[ 1163.632902][T15336] loop1: detected capacity change from 0 to 256
[ 1163.680968][T15336] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1163.714243][   T28] audit: type=1400 audit(1743264163.601:824): avc:  denied  { append } for  pid=15338 comm="syz.0.4126" name="001" dev="devtmpfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1163.738268][T15339] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1163.787790][T15339] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1164.675446][T15342] exFAT-fs (loop1): hint_cluster is invalid (17)
[ 1165.338020][T15337] loop4: detected capacity change from 0 to 40427
[ 1165.350910][T15350] loop2: detected capacity change from 0 to 256
[ 1165.357815][T15337] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[ 1165.389928][T15337] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1165.390150][T15351] syz.2.4128: attempt to access beyond end of device
[ 1165.390150][T15351] loop2: rw=2049, sector=256, nr_sectors = 4 limit=256
[ 1165.435675][T15337] F2FS-fs (loop4): heap/no_heap options were deprecated
[ 1165.575454][T15337] F2FS-fs (loop4): invalid crc value
[ 1166.222185][T15337] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1166.549228][T15337] F2FS-fs (loop4): Start checkpoint disabled!
[ 1166.608936][T15337] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1166.626324][T15337] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[ 1168.747734][T15407] loop1: detected capacity change from 0 to 256
[ 1168.829868][T15407] FAT-fs (loop1): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1168.957197][T15407] loop1: detected capacity change from 0 to 512
[ 1168.982960][T15407] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1169.013012][T15407] EXT4-fs (loop1): invalid journal inode
[ 1169.032724][T15407] EXT4-fs (loop1): can't get journal size
[ 1169.063817][T15407] EXT4-fs (loop1): 1 truncate cleaned up
[ 1169.069384][T15407] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1169.136009][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1170.422954][T15438] loop1: detected capacity change from 0 to 1024
[ 1170.429507][T15438] EXT4-fs: Ignoring removed orlov option
[ 1170.460060][T15438] EXT4-fs: Ignoring removed orlov option
[ 1170.487869][T15438] EXT4-fs: Ignoring removed oldalloc option
[ 1170.623986][T15438] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1170.785773][T15438] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1170.849840][T15438] EXT4-fs (loop1): invalid journal inode
[ 1170.868120][T15442] loop5: detected capacity change from 0 to 1024
[ 1170.879279][T15438] EXT4-fs (loop1): can't get journal size
[ 1170.899660][T15442] EXT4-fs: Ignoring removed orlov option
[ 1170.905149][T15442] EXT4-fs: Ignoring removed orlov option
[ 1170.922056][T15438] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1170.931700][T15442] EXT4-fs: Ignoring removed oldalloc option
[ 1170.942227][T15442] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1170.960330][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1170.995713][T15442] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1171.007698][T15449] loop1: detected capacity change from 0 to 512
[ 1171.018658][T15442] EXT4-fs (loop5): invalid journal inode
[ 1171.031614][T15449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1171.036829][T15442] EXT4-fs (loop5): can't get journal size
[ 1171.060469][T15442] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[ 1171.088703][T15449] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1171.109660][T14712] EXT4-fs (loop5): unmounting filesystem.
[ 1171.115340][T15449] ext4 filesystem being mounted at /245/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1172.253403][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1172.327452][   T28] audit: type=1400 audit(1743264172.211:825): avc:  denied  { write } for  pid=15467 comm="syz.1.4157" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1172.895598][T15482] loop1: detected capacity change from 0 to 128
[ 1173.040038][T15466] loop4: detected capacity change from 0 to 256
[ 1173.068272][T15466] exfat: Deprecated parameter 'namecase'
[ 1173.079729][T15466] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[ 1173.459238][  T406] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[ 1175.167292][T15493] loop4: detected capacity change from 0 to 256
[ 1175.180421][  T406] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.191711][T15493] FAT-fs (loop4): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1175.199288][  T406] usb 2-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[ 1175.215065][  T406] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.237277][  T406] snd-usb-audio: probe of 2-1:27.0 failed with error -2
[ 1175.258607][T13248] udevd[13248]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1175.258866][T15493] loop4: detected capacity change from 0 to 512
[ 1175.286852][T15493] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[ 1175.297470][T15493] EXT4-fs (loop4): invalid journal inode
[ 1175.303453][T15493] EXT4-fs (loop4): can't get journal size
[ 1175.310809][T15493] EXT4-fs (loop4): 1 truncate cleaned up
[ 1175.326441][T15493] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1175.363277][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1175.452888][T15486] loop1: detected capacity change from 0 to 2048
[ 1175.488907][T15486] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1175.549687][   T28] audit: type=1400 audit(1743264175.441:826): avc:  denied  { execute } for  pid=15485 comm="syz.1.4164" path="/248/file1/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 1175.743023][  T406] usb 2-1: USB disconnect, device number 47
[ 1178.673232][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1178.903202][   T28] audit: type=1400 audit(1743264178.791:827): avc:  denied  { transfer } for  pid=15534 comm="syz.4.4178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1179.118396][T15554] fuse: Bad value for 'fd'
[ 1179.161997][T15561] loop4: detected capacity change from 0 to 256
[ 1179.174728][T15561] FAT-fs (loop4): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1179.317194][T15557] loop2: detected capacity change from 0 to 40427
[ 1180.615694][T15574] loop2: detected capacity change from 0 to 256
[ 1180.626640][T15574] FAT-fs (loop2): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1180.677160][T15574] loop2: detected capacity change from 0 to 512
[ 1180.693580][T15574] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[ 1180.704657][T15574] EXT4-fs (loop2): invalid journal inode
[ 1180.710324][T15574] EXT4-fs (loop2): can't get journal size
[ 1180.770598][T15574] EXT4-fs (loop2): 1 truncate cleaned up
[ 1180.776210][T15574] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1180.832266][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1181.050495][T15595] fuse: Bad value for 'fd'
[ 1181.248654][T15602] loop2: detected capacity change from 0 to 256
[ 1181.323432][T15602] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1182.753787][T15614] exFAT-fs (loop2): hint_cluster is invalid (17)
[ 1184.712515][T15637] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4206'.
[ 1184.820031][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1184.858178][T15621] loop5: detected capacity change from 0 to 40427
[ 1184.898509][T15643] fuse: Bad value for 'fd'
[ 1184.911368][T13248] I/O error, dev loop5, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1184.929795][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1185.048452][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1185.209563][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1185.239730][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1185.717027][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1186.369865][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1186.879555][ T1812] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[ 1188.159154][T15689] loop5: detected capacity change from 0 to 256
[ 1188.272790][T15689] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1189.401961][T15699] exFAT-fs (loop5): hint_cluster is invalid (17)
[ 1189.418578][T15702] loop1: detected capacity change from 0 to 256
[ 1189.435551][T15702] FAT-fs (loop1): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1189.555435][T15702] loop1: detected capacity change from 0 to 512
[ 1189.568021][T15702] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[ 1189.579571][T15702] EXT4-fs (loop1): invalid journal inode
[ 1189.585455][T15702] EXT4-fs (loop1): can't get journal size
[ 1189.594563][T15702] EXT4-fs (loop1): 1 truncate cleaned up
[ 1189.640664][T15702] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1190.212837][T10891] EXT4-fs (loop1): unmounting filesystem.
[ 1190.973738][T15732] syz.4.4233 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1192.114361][T15749] loop5: detected capacity change from 0 to 256
[ 1192.133433][T15749] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[ 1193.060511][T15751] fuse: Bad value for 'fd'
[ 1193.162297][T15762] exFAT-fs (loop5): hint_cluster is invalid (17)
[ 1193.182877][T15758] FAULT_INJECTION: forcing a failure.
[ 1193.182877][T15758] name failslab, interval 1, probability 0, space 0, times 0
[ 1193.209458][T15758] CPU: 0 PID: 15758 Comm: syz.0.4240 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[ 1193.219201][T15758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1193.229091][T15758] Call Trace:
[ 1193.232216][T15758]  <TASK>
[ 1193.234990][T15758]  dump_stack_lvl+0x151/0x1b7
[ 1193.239506][T15758]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1193.244799][T15758]  ? x64_sys_call+0x98/0x9a0
[ 1193.249226][T15758]  dump_stack+0x15/0x18
[ 1193.253218][T15758]  should_fail_ex+0x3d0/0x520
[ 1193.257732][T15758]  __should_failslab+0xaf/0xf0
[ 1193.262330][T15758]  ? kobject_get_path+0xbf/0x210
[ 1193.267106][T15758]  should_failslab+0x9/0x20
[ 1193.271443][T15758]  __kmem_cache_alloc_node+0x3d/0x2a0
[ 1193.276654][T15758]  ? kobject_get_path+0xbf/0x210
[ 1193.281429][T15758]  __kmalloc+0xa3/0x1e0
[ 1193.285416][T15758]  kobject_get_path+0xbf/0x210
[ 1193.290018][T15758]  ? kmalloc_trace+0x44/0xa0
[ 1193.294447][T15758]  kobject_uevent_env+0x27c/0x720
[ 1193.299312][T15758]  kobject_uevent+0x1f/0x30
[ 1193.303644][T15758]  __kobject_del+0xee/0x300
[ 1193.307984][T15758]  kobject_put+0x1cc/0x260
[ 1193.312244][T15758]  netdev_queue_update_kobjects+0x406/0x4a0
[ 1193.317972][T15758]  ? skb_queue_purge+0x1a0/0x1b0
[ 1193.322746][T15758]  netif_set_real_num_tx_queues+0x15c/0x770
[ 1193.328472][T15758]  __tun_detach+0xb78/0x1510
[ 1193.332901][T15758]  __tun_chr_ioctl+0xb14/0x22d0
[ 1193.337585][T15758]  ? tun_flow_create+0x320/0x320
[ 1193.342353][T15758]  ? __fget_files+0x2cb/0x330
[ 1193.346868][T15758]  tun_chr_ioctl+0x2a/0x40
[ 1193.351117][T15758]  ? tun_chr_poll+0x670/0x670
[ 1193.355633][T15758]  __se_sys_ioctl+0x114/0x190
[ 1193.360147][T15758]  __x64_sys_ioctl+0x7b/0x90
[ 1193.364570][T15758]  x64_sys_call+0x98/0x9a0
[ 1193.368825][T15758]  do_syscall_64+0x3b/0xb0
[ 1193.373076][T15758]  ? clear_bhb_loop+0x55/0xb0
[ 1193.377589][T15758]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1193.383320][T15758] RIP: 0033:0x7f2c3078d169
[ 1193.387573][T15758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1193.407101][T15758] RSP: 002b:00007f2c315cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1193.415355][T15758] RAX: ffffffffffffffda RBX: 00007f2c309a5fa0 RCX: 00007f2c3078d169
[ 1193.423166][T15758] RDX: 0000200000000100 RSI: 00000000400454d9 RDI: 0000000000000007
[ 1193.431078][T15758] RBP: 00007f2c315cd090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.438866][T15758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1193.446678][T15758] R13: 0000000000000000 R14: 00007f2c309a5fa0 R15: 00007ffdbb9a3bf8
[ 1193.454501][T15758]  </TASK>
[ 1193.960197][T15772] loop5: detected capacity change from 0 to 256
[ 1193.996205][T15772] FAT-fs (loop5): Directory bread(block 64) failed
[ 1194.005220][T15772] FAT-fs (loop5): Directory bread(block 65) failed
[ 1194.012739][T15772] FAT-fs (loop5): Directory bread(block 66) failed
[ 1194.089511][T15772] FAT-fs (loop5): Directory bread(block 67) failed
[ 1194.166956][T15772] FAT-fs (loop5): Directory bread(block 68) failed
[ 1194.270108][T15772] FAT-fs (loop5): Directory bread(block 69) failed
[ 1194.364145][T15772] FAT-fs (loop5): Directory bread(block 70) failed
[ 1194.483272][T15772] FAT-fs (loop5): Directory bread(block 71) failed
[ 1194.565671][T15772] FAT-fs (loop5): Directory bread(block 72) failed
[ 1194.656029][T15772] FAT-fs (loop5): Directory bread(block 73) failed
[ 1197.305682][T15814] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4254'.
[ 1197.348717][T15814] netlink: 'syz.0.4254': attribute type 3 has an invalid length.
[ 1197.363277][T15818] loop4: detected capacity change from 0 to 256
[ 1197.388060][T15818] incfs: Error accessing: ./file0.
[ 1197.393251][T15818] incfs: mount failed -20
[ 1198.390498][T15830] netlink: 100 bytes leftover after parsing attributes in process `syz.1.4259'.
[ 1201.420447][T15872] loop2: detected capacity change from 0 to 512
[ 1201.442948][T15872] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[ 1201.456157][T15872] EXT4-fs (loop2): invalid journal inode
[ 1201.462982][T15872] EXT4-fs (loop2): can't get journal size
[ 1201.484483][T15883] loop4: detected capacity change from 0 to 256
[ 1201.493428][T15872] EXT4-fs (loop2): 1 truncate cleaned up
[ 1201.498903][T15872] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1201.536111][T15883] FAT-fs (loop4): Unrecognized mount option "check=stric���{J�set=koi8-r" or missing value
[ 1201.597786][T10613] EXT4-fs (loop2): unmounting filesystem.
[ 1201.642571][T15883] loop4: detected capacity change from 0 to 512
[ 1201.649874][T15883] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[ 1201.658059][T15883] EXT4-fs (loop4): invalid journal inode
[ 1201.663847][T15883] EXT4-fs (loop4): can't get journal size
[ 1201.677451][T15883] EXT4-fs (loop4): 1 truncate cleaned up
[ 1202.002807][T15883] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1202.284617][T11706] EXT4-fs (loop4): unmounting filesystem.
[ 1203.278862][T15910] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4281'.
[ 1203.288293][T15910] netlink: 'syz.5.4281': attribute type 3 has an invalid length.
[ 1206.398834][T15942] loop5: detected capacity change from 0 to 256
[ 1206.421362][T15945] loop4: detected capacity change from 0 to 256
[ 1206.460023][T15941] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[ 1206.477399][T15942] FAT-fs (loop5): Directory bread(block 64) failed
[ 1206.483907][T15942] FAT-fs (loop5): Directory bread(block 65) failed
[ 1206.495790][T15942] FAT-fs (loop5): Directory bread(block 66) failed
[ 1206.504315][T15942] FAT-fs (loop5): Directory bread(block 67) failed
[ 1206.511264][T15942] FAT-fs (loop5): Directory bread(block 68) failed
[ 1206.518268][T15942] FAT-fs (loop5): Directory bread(block 69) failed
[ 1206.525246][T15942] FAT-fs (loop5): Directory bread(block 70) failed
[ 1206.532131][T15942] FAT-fs (loop5): Directory bread(block 71) failed
[ 1206.538525][T15942] FAT-fs (loop5): Directory bread(block 72) failed
[ 1206.555670][T15942] FAT-fs (loop5): Directory bread(block 73) failed
[ 1206.576197][T15945] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[ 1206.637732][T15951] random: crng reseeded on system resumption
[ 1206.899395][   T28] audit: type=1400 audit(1743264206.521:828): avc:  denied  { append } for  pid=15939 comm="syz.1.4288" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1211.119421][   T28] audit: type=1400 audit(1743264210.971:829): avc:  denied  { compute_member } for  pid=15995 comm="syz.5.4302" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1211.870741][   T28] audit: type=1400 audit(1743264211.761:830): avc:  denied  { create } for  pid=16011 comm="syz.2.4306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1212.435437][ T5857] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1212.619316][ T5857] usb 5-1: Using ep0 maxpacket: 16
[ 1212.636251][ T5857] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a
[ 1212.695919][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.737704][ T5857] usb 5-1: Product: syz
[ 1212.919442][ T5857] usb 5-1: Manufacturer: syz
[ 1212.923929][ T5857] usb 5-1: SerialNumber: syz
[ 1212.937465][ T5857] usb 5-1: config 0 descriptor??
[ 1213.147172][   T28] audit: type=1400 audit(1743264213.031:831): avc:  denied  { mounton } for  pid=16005 comm="syz.4.4305" path="/proc/690/task" dev="proc" ino=85989 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1314.119152][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1314.125955][    C0] 	(detected by 0, t=10002 jiffies, g=79869, q=199 ncpus=2)
[ 1314.133059][    C0] rcu: All QSes seen, last rcu_preempt kthread activity 10003 (4295068627-4295058624), jiffies_till_next_fqs=1, root ->qsmask 0x0
[ 1314.146253][    C0] rcu: rcu_preempt kthread starved for 10004 jiffies! g79869 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1314.157272][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1314.167085][    C0] rcu: RCU grace-period kthread stack dump:
[ 1314.172808][    C0] task:rcu_preempt     state:R  running task     stack:27496 pid:14    ppid:2      flags:0x00004000
[ 1314.183400][    C0] Call Trace:
[ 1314.186523][    C0]  <TASK>
[ 1314.189304][    C0]  __schedule+0xcb5/0x1560
[ 1314.193643][    C0]  ? __sched_text_start+0x8/0x8
[ 1314.198330][    C0]  ? __kasan_check_write+0x14/0x20
[ 1314.203279][    C0]  schedule+0xc3/0x180
[ 1314.207179][    C0]  schedule_timeout+0x18c/0x380
[ 1314.211866][    C0]  ? __kasan_check_read+0x11/0x20
[ 1314.216727][    C0]  ? preempt_schedule_common+0xbe/0xf0
[ 1314.222019][    C0]  ? console_conditional_schedule+0x10/0x10
[ 1314.227746][    C0]  ? preempt_schedule+0xd9/0xe0
[ 1314.232438][    C0]  ? update_process_times+0x1b0/0x1b0
[ 1314.237644][    C0]  ? prepare_to_swait_event+0x308/0x320
[ 1314.243026][    C0]  rcu_gp_fqs_loop+0x2ed/0x10a0
[ 1314.247729][    C0]  ? _raw_spin_unlock_irq+0x60/0x70
[ 1314.252750][    C0]  ? rcu_gp_init+0xc7f/0xfa0
[ 1314.257186][    C0]  ? rcu_gp_init+0xfa0/0xfa0
[ 1314.261599][    C0]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 1314.267241][    C0]  ? finish_swait+0x17d/0x1b0
[ 1314.271755][    C0]  rcu_gp_kthread+0xa3/0x3a0
[ 1314.276180][    C0]  ? queued_spin_lock_slowpath+0x50/0x50
[ 1314.281644][    C0]  ? set_cpus_allowed_ptr+0xa4/0xe0
[ 1314.286681][    C0]  ? __kasan_check_read+0x11/0x20
[ 1314.291544][    C0]  ? __kthread_parkme+0x12d/0x180
[ 1314.296405][    C0]  kthread+0x26d/0x300
[ 1314.300309][    C0]  ? queued_spin_lock_slowpath+0x50/0x50
[ 1314.305773][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 1314.310202][    C0]  ret_from_fork+0x1f/0x30
[ 1314.314456][    C0]  </TASK>
[ 1314.317317][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1314.323493][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1314.328526][    C1] NMI backtrace for cpu 1
[ 1314.328539][    C1] CPU: 1 PID: 16029 Comm: syz.2.4320 Not tainted 6.1.129-syzkaller-00051-gc1fd50266bd6 #0
[ 1314.328559][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1314.328569][    C1] RIP: 0010:__kernel_text_address+0x5/0x40
[ 1314.328592][    C1] Code: 5d c3 48 c7 c1 00 bc 92 87 80 e1 07 80 c1 03 38 c1 7c c3 48 c7 c7 00 bc 92 87 e8 86 57 70 00 eb b5 0f 1f 40 00 55 48 89 e5 53 <48> 89 fb e8 33 00 00 00 85 c0 0f 95 c0 48 c7 c1 00 80 9a 87 48 39
[ 1314.328607][    C1] RSP: 0018:ffffc900001b0760 EFLAGS: 00000046
[ 1314.328624][    C1] RAX: 0000000000000000 RBX: ffffc900001b07e8 RCX: 00000000001b0701
[ 1314.328637][    C1] RDX: 1ffff920000360f6 RSI: ffffc90004e2fee8 RDI: ffffffff851c85d6
[ 1314.328651][    C1] RBP: ffffc900001b0768 R08: ffffc900001b0888 R09: 0000000000000019
[ 1314.328664][    C1] R10: ffffc900001b0890 R11: dffffc0000000001 R12: ffff8881148f2880
[ 1314.328678][    C1] R13: ffffffff8165beb0 R14: dffffc0000000000 R15: 1ffff920000360fd
[ 1314.328692][    C1] FS:  00007f8d213136c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 1314.328708][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1314.328721][    C1] CR2: 0000001b33616ff8 CR3: 0000000124d04000 CR4: 00000000003506a0
[ 1314.328737][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1314.328748][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1314.328759][    C1] Call Trace:
[ 1314.328764][    C1]  <NMI>
[ 1314.328770][    C1]  ? show_regs+0x58/0x60
[ 1314.328789][    C1]  ? nmi_cpu_backtrace+0x285/0x2f0
[ 1314.328808][    C1]  ? nmi_trigger_cpumask_backtrace+0x3b0/0x3b0
[ 1314.328828][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.328844][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.328860][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1314.328882][    C1]  ? nmi_handle+0xa7/0x280
[ 1314.328901][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.328918][    C1]  ? default_do_nmi+0x69/0x160
[ 1314.328945][    C1]  ? exc_nmi+0xad/0x100
[ 1314.328970][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1314.328986][    C1]  ? stack_trace_save+0x1c0/0x1c0
[ 1314.329007][    C1]  ? syscall_enter_from_user_mode+0x176/0x190
[ 1314.329031][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.329048][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.329066][    C1]  ? __kernel_text_address+0x5/0x40
[ 1314.329083][    C1]  </NMI>
[ 1314.329088][    C1]  <IRQ>
[ 1314.329094][    C1]  unwind_get_return_address+0x4d/0x90
[ 1314.329117][    C1]  arch_stack_walk+0xf3/0x140
[ 1314.329147][    C1]  ? syscall_enter_from_user_mode+0x176/0x190
[ 1314.329165][    C1]  stack_trace_save+0x113/0x1c0
[ 1314.329184][    C1]  ? stack_trace_snprint+0xf0/0xf0
[ 1314.329204][    C1]  ? __stack_depot_save+0x36/0x480
[ 1314.329230][    C1]  kasan_set_track+0x4b/0x70
[ 1314.329255][    C1]  ? kasan_set_track+0x4b/0x70
[ 1314.329279][    C1]  ? kasan_save_alloc_info+0x1f/0x30
[ 1314.329296][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[ 1314.329321][    C1]  ? slab_post_alloc_hook+0x53/0x2c0
[ 1314.329341][    C1]  ? kmem_cache_alloc+0x175/0x320
[ 1314.329360][    C1]  ? __sigqueue_alloc+0x138/0x210
[ 1314.329379][    C1]  ? __send_signal_locked+0x1a3/0xc30
[ 1314.329398][    C1]  ? send_signal_locked+0x43a/0x590
[ 1314.329415][    C1]  ? do_send_sig_info+0xde/0x230
[ 1314.329433][    C1]  ? group_send_sig_info+0x113/0x320
[ 1314.329451][    C1]  ? do_bpf_send_signal+0x8c/0x150
[ 1314.329469][    C1]  ? irq_work_run_list+0x1d8/0x2f0
[ 1314.329486][    C1]  ? irq_work_run+0x69/0xf0
[ 1314.329501][    C1]  ? __sysvec_irq_work+0x63/0x1b0
[ 1314.329522][    C1]  ? sysvec_irq_work+0xa1/0xc0
[ 1314.329547][    C1]  ? asm_sysvec_irq_work+0x1b/0x20
[ 1314.329573][    C1]  ? native_apic_msr_write+0x39/0x50
[ 1314.329597][    C1]  ? x2apic_send_IPI_self+0x5f/0x70
[ 1314.329620][    C1]  ? arch_irq_work_raise+0x86/0xd0
[ 1314.329642][    C1]  ? __irq_work_queue_local+0x111/0x180
[ 1314.329659][    C1]  ? irq_work_queue+0xaa/0x160
[ 1314.329674][    C1]  ? bpf_send_signal_common+0x2e6/0x450
[ 1314.329694][    C1]  ? bpf_send_signal+0x19/0x20
[ 1314.329720][    C1]  ? bpf_prog_7ba5217f62dcd359+0x38/0x3c
[ 1314.329736][    C1]  ? bpf_trace_run2+0x133/0x290
[ 1314.329753][    C1]  ? __bpf_trace_sys_enter+0x62/0x70
[ 1314.329782][    C1]  ? __sigqueue_alloc+0x138/0x210
[ 1314.329802][    C1]  kasan_save_alloc_info+0x1f/0x30
[ 1314.329819][    C1]  __kasan_slab_alloc+0x6c/0x80
[ 1314.329844][    C1]  slab_post_alloc_hook+0x53/0x2c0
[ 1314.329864][    C1]  ? __sigqueue_alloc+0x138/0x210
[ 1314.329884][    C1]  ? __sigqueue_alloc+0x138/0x210
[ 1314.329904][    C1]  kmem_cache_alloc+0x175/0x320
[ 1314.329923][    C1]  ? __sigqueue_alloc+0x138/0x210
[ 1314.329943][    C1]  __sigqueue_alloc+0x138/0x210
[ 1314.329963][    C1]  __send_signal_locked+0x1a3/0xc30
[ 1314.329983][    C1]  send_signal_locked+0x43a/0x590
[ 1314.330003][    C1]  do_send_sig_info+0xde/0x230
[ 1314.330028][    C1]  group_send_sig_info+0x113/0x320
[ 1314.330048][    C1]  ? __lock_task_sighand+0x100/0x100
[ 1314.330068][    C1]  ? try_to_wake_up+0x670/0x1220
[ 1314.330093][    C1]  do_bpf_send_signal+0x8c/0x150
[ 1314.330112][    C1]  irq_work_run_list+0x1d8/0x2f0
[ 1314.330129][    C1]  ? irq_work_run+0xf0/0xf0
[ 1314.330147][    C1]  irq_work_run+0x69/0xf0
[ 1314.330163][    C1]  __sysvec_irq_work+0x63/0x1b0
[ 1314.330184][    C1]  sysvec_irq_work+0xa1/0xc0
[ 1314.330210][    C1]  </IRQ>
[ 1314.330215][    C1]  <TASK>
[ 1314.330221][    C1]  asm_sysvec_irq_work+0x1b/0x20
[ 1314.330248][    C1] RIP: 0010:native_apic_msr_write+0x39/0x50
[ 1314.330274][    C1] Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 eb d9 89 f6 31 d2 e8 fa 0d 6c 01 5d c3 0f 1f 84 00 00 00 00
[ 1314.330289][    C1] RSP: 0018:ffffc90004e2fc38 EFLAGS: 00000246
[ 1314.330303][    C1] RAX: 00000000000000f6 RBX: ffffffff8674fb50 RCX: 000000000000083f
[ 1314.330315][    C1] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f
[ 1314.330326][    C1] RBP: ffffc90004e2fc38 R08: ffffffff82775384 R09: fffff520009c5f81
[ 1314.330340][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 1314.330352][    C1] R13: 0000000000000000 R14: 00000000000000f6 R15: dffffc0000000000
[ 1314.330366][    C1]  ? llist_add_batch+0x134/0x1d0
[ 1314.330388][    C1]  x2apic_send_IPI_self+0x5f/0x70
[ 1314.330413][    C1]  arch_irq_work_raise+0x86/0xd0
[ 1314.330435][    C1]  __irq_work_queue_local+0x111/0x180
[ 1314.330453][    C1]  irq_work_queue+0xaa/0x160
[ 1314.330469][    C1]  bpf_send_signal_common+0x2e6/0x450
[ 1314.330489][    C1]  ? trace_raw_output_bpf_trace_printk+0xd0/0xd0
[ 1314.330511][    C1]  bpf_send_signal+0x19/0x20
[ 1314.330537][    C1]  bpf_prog_7ba5217f62dcd359+0x38/0x3c
[ 1314.330553][    C1]  bpf_trace_run2+0x133/0x290
[ 1314.330571][    C1]  ? bpf_trace_run1+0x240/0x240
[ 1314.330591][    C1]  __bpf_trace_sys_enter+0x62/0x70
[ 1314.330613][    C1]  syscall_enter_from_user_mode+0x176/0x190
[ 1314.330632][    C1]  do_syscall_64+0x1e/0xb0
[ 1314.330655][    C1]  ? clear_bhb_loop+0x55/0xb0
[ 1314.330671][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1314.330697][    C1] RIP: 0033:0x7f8d20529359
[ 1314.330711][    C1] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[ 1314.330726][    C1] RSP: 002b:00007f8d21312b40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[ 1314.330743][    C1] RAX: ffffffffffffffda RBX: 00007f8d207a5fa8 RCX: 00007f8d20529359
[ 1314.330757][    C1] RDX: 00007f8d21312b40 RSI: 00007f8d21312c70 RDI: 0000000000000011
[ 1314.330770][    C1] RBP: 00007f8d207a5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1314.330782][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d207a5fac
[ 1314.330793][    C1] R13: 0000000000000000 R14: 00007ffebd869690 R15: 00007ffebd869778
[ 1314.330809][    C1]  </TASK>
[ 1432.339229][    C0] BUG: workqueue lockup - pool cpus=0-1 flags=0x4 nice=0 stuck for 217s!
[ 1432.347532][    C0] Showing busy workqueues and worker pools:
[ 1432.353276][    C0] workqueue events: flags=0x0
[ 1432.357770][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
[ 1432.357818][    C0]     pending: kfree_rcu_monitor, rht_deferred_worker, rht_deferred_worker
[ 1432.357908][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=6/256 refcnt=7
[ 1432.357949][    C0]     pending: bpf_prog_free_deferred, kfree_rcu_monitor, bpf_prog_free_deferred, psi_avgs_work, vmstat_shepherd, bpf_prog_free_deferred
[ 1432.358088][    C0] workqueue events_highpri: flags=0x10
[ 1432.400528][    C0]   pwq 1: cpus=0 node=0 flags=0x0 nice=-20 active=1/256 refcnt=3
[ 1432.400586][    C0]     pending: flush_backlog BAR(10)
[ 1432.400624][    C0] workqueue events_long: flags=0x0
[ 1432.418320][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
[ 1432.418367][    C0]     pending: br_multicast_gc_work, br_multicast_gc_work, br_fdb_cleanup
[ 1432.418457][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256 refcnt=5
[ 1432.418504][    C0]     pending: br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup
[ 1432.418617][    C0] workqueue events_unbound: flags=0x2
[ 1432.455920][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=3/512 refcnt=5
[ 1432.455972][    C0]     in-flight: 13957:bpf_map_free_deferred
[ 1432.456017][    C0]     pending: toggle_allocation_gate, flush_memcg_stats_dwork
[ 1432.456070][    C0] workqueue events_power_efficient: flags=0x80
[ 1432.482362][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.482418][    C0]     pending: gc_worker
[ 1432.482458][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=6/256 refcnt=7
[ 1432.482499][    C0]     pending: wg_ratelimiter_gc_entries, neigh_managed_work, neigh_managed_work, neigh_periodic_work, neigh_periodic_work, check_lifetime
[ 1432.482655][    C0] workqueue events_freezable_power_: flags=0x84
[ 1432.521704][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.521759][    C0]     pending: sync_hw_clock
[ 1432.521792][    C0] workqueue netns: flags=0xe000a
[ 1432.538358][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=4
[ 1432.538400][    C0]     in-flight: 10:cleanup_net
[ 1432.538443][    C0]     inactive: cleanup_net
[ 1432.538477][    C0] workqueue mm_percpu_wq: flags=0x8
[ 1432.559387][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.559437][    C0]     pending: vmstat_update
[ 1432.559478][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.559521][    C0]     pending: vmstat_update
[ 1432.559564][    C0] workqueue writeback: flags=0x4a
[ 1432.588304][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1432.588352][    C0]     pending: wb_workfn
[ 1432.588390][    C0] workqueue kblockd: flags=0x18
[ 1432.604185][    C0]   pwq 3: cpus=1 node=0 flags=0x0 nice=-20 active=1/256 refcnt=2
[ 1432.604231][    C0]     pending: blk_mq_timeout_work
[ 1432.604273][    C0] workqueue dm_bufio_cache: flags=0x8
[ 1432.622000][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.622052][    C0]     pending: work_fn
[ 1432.622093][    C0] workqueue ipv6_addrconf: flags=0x40008
[ 1432.638903][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
[ 1432.638952][    C0]     pending: addrconf_verify_work
[ 1432.638994][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=6
[ 1432.639037][    C0]     pending: addrconf_verify_work
[ 1432.639077][    C0]     inactive: addrconf_verify_work, addrconf_verify_work, addrconf_verify_work, addrconf_verify_work
[ 1432.674700][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1432.679790][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.679839][    C0]     pending: wg_packet_encrypt_worker
[ 1432.679897][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.679940][    C0]     pending: wg_packet_encrypt_worker
[ 1432.679976][    C0] workqueue wg-kex-wg1: flags=0x6
[ 1432.710518][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1432.710571][    C0]     pending: wg_packet_handshake_send_worker
[ 1432.710614][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1432.728642][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 1432.728697][    C0]     pending: wg_packet_tx_worker, wg_packet_encrypt_worker
[ 1432.728762][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1432.748428][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.748483][    C0]     pending: wg_packet_encrypt_worker
[ 1432.748523][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.748569][    C0]     pending: wg_packet_encrypt_worker
[ 1432.748606][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1432.779405][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.779457][    C0]     pending: wg_packet_encrypt_worker
[ 1432.779498][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1432.797356][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.797404][    C0]     pending: wg_packet_encrypt_worker
[ 1432.797443][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.797486][    C0]     pending: wg_packet_encrypt_worker
[ 1432.797521][    C0] workqueue wg-kex-wg2: flags=0x6
[ 1432.828044][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1432.828090][    C0]     pending: wg_packet_handshake_send_worker
[ 1432.828130][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1432.846378][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.846440][    C0]     pending: wg_packet_encrypt_worker
[ 1432.846481][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.846534][    C0]     pending: wg_packet_encrypt_worker
[ 1432.846572][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1432.877358][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.877409][    C0]     pending: wg_packet_encrypt_worker
[ 1432.877447][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.877489][    C0]     pending: wg_packet_encrypt_worker
[ 1432.877533][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1432.908322][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.908379][    C0]     pending: wg_packet_encrypt_worker
[ 1432.908419][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.908464][    C0]     pending: wg_packet_encrypt_worker
[ 1432.908502][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1432.939304][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.939358][    C0]     pending: wg_packet_encrypt_worker
[ 1432.939397][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.939444][    C0]     pending: wg_packet_encrypt_worker
[ 1432.939482][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1432.970021][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1432.970070][    C0]     pending: wg_packet_handshake_send_worker
[ 1432.970109][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1432.988148][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.988195][    C0]     pending: wg_packet_encrypt_worker
[ 1432.988235][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1432.988283][    C0]     pending: wg_packet_encrypt_worker
[ 1432.988321][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1433.019117][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.019169][    C0]     pending: wg_packet_encrypt_worker
[ 1433.019209][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.019259][    C0]     pending: wg_packet_encrypt_worker
[ 1433.019295][    C0] workqueue wg-kex-wg2: flags=0x6
[ 1433.049831][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1433.049882][    C0]     pending: wg_packet_handshake_send_worker
[ 1433.049925][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1433.067959][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.068011][    C0]     pending: wg_packet_encrypt_worker
[ 1433.068050][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.068096][    C0]     pending: wg_packet_encrypt_worker
[ 1433.068135][    C0] workqueue wg-kex-wg0: flags=0x6
[ 1433.098748][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1433.098796][    C0]     pending: wg_packet_handshake_send_worker
[ 1433.098837][    C0] workqueue wg-crypt-wg0: flags=0x28
[ 1433.116889][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.116937][    C0]     pending: wg_packet_encrypt_worker
[ 1433.116975][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.117019][    C0]     pending: wg_packet_encrypt_worker
[ 1433.117055][    C0] workqueue wg-kex-wg1: flags=0x6
[ 1433.147791][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1433.147838][    C0]     pending: wg_packet_handshake_send_worker
[ 1433.147879][    C0] workqueue wg-crypt-wg1: flags=0x28
[ 1433.165928][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.165980][    C0]     pending: wg_packet_encrypt_worker
[ 1433.166020][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.166066][    C0]     pending: wg_packet_encrypt_worker
[ 1433.166103][    C0] workqueue wg-kex-wg2: flags=0x6
[ 1433.196637][    C0]   pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3
[ 1433.196685][    C0]     pending: wg_packet_handshake_send_worker
[ 1433.196725][    C0] workqueue wg-crypt-wg2: flags=0x28
[ 1433.214767][    C0]   pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.214817][    C0]     pending: wg_packet_encrypt_worker
[ 1433.214855][    C0]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 1433.214901][    C0]     pending: wg_packet_encrypt_worker
[ 1433.214942][    C0] pool 4: cpus=0-1 flags=0x4 nice=0 hung=218s workers=7 idle: 43 8 1379 14458 315