last executing test programs:

1.258711561s ago: executing program 4 (id=1621):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x11, &(0x7f0000000040)="020000000980ffff", 0x8)

1.205377381s ago: executing program 4 (id=1623):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000fa08020000218447aa8f000007", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kfree\x00'}, 0x18)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r0, &(0x7f0000007700), 0x0, 0x0, 0x0)
clock_adjtime(0x4, &(0x7f0000000380)={0x3fb, 0x8, 0x4101, 0x4000000000000b, 0x0, 0x2, 0x400000400, 0x80000000000a, 0x6, 0x100, 0x7, 0x0, 0x1, 0x81, 0x9f, 0x0, 0x9, 0x6, 0x1ff, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x72a3, 0xe})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="85100000040000009500000000000000180000000000000000000000000000009500000000000000851000"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000200)="1d5fe8317ca952a2ba4bfee0f003", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x8)
write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000280), 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r3 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
readv(r3, &(0x7f0000000100)=[{&(0x7f0000000080)=""/20, 0x14}], 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10)

1.131476812s ago: executing program 1 (id=1625):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000b00), 0x0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000b80)=@security={'security\x00', 0x64, 0x4, 0x2c8, 0x100000c, 0x0, 0xe0, 0x178, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x98, 0xe0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@dscp={{0x28}, {0x10, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x42}}}, {{@ip={@multicast2, @private=0xa010101, 0xff000000, 0xff, 'veth0_macvtap\x00', 'vcan0\x00', {0xff}, {0xff}, 0x21}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x7}, {0x2, 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
socket(0x1d, 0x2, 0x6)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x80)
preadv(r3, &(0x7f0000001380)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1, 0x7, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000200000000000000000000008500000011000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x800, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000038c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000003900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r5], 0xc4}}, 0x40)

967.052263ms ago: executing program 4 (id=1628):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
syz_open_dev$tty1(0xc, 0x4, 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xeb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0)
r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
sendfile(r3, r2, 0x0, 0x3a)
mount$cgroup(0x0, 0x0, 0x0, 0x1, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000040)={'veth0_to_bond\x00', 0x400})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x5}, 0x18)
close(r4)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x2010, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608)
add_key$keyring(&(0x7f0000000140), 0x0, 0x0, 0x0, 0xfffffffffffffffd)

944.289543ms ago: executing program 2 (id=1630):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x1000000000000}, 0x18)
r2 = dup(0xffffffffffffffff)
fsetxattr$security_selinux(r2, &(0x7f0000000000), 0x0, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x6}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r10, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8003, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)

935.735034ms ago: executing program 1 (id=1631):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000e00)=ANY=[@ANYBLOB="6c000000100003052bbd7000249d020000000000", @ANYRES32=<r1=>0x0, @ANYBLOB="15440100018404003c0012800b00010067656e65766500002c00028005000a00000000000500030005000000050008000100000004000600050009"], 0x6c}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYRES32=r0], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', <r4=>0x0})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8=r1, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb3a}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0700000004000000800000000400000028000000", @ANYRES32, @ANYBLOB="000000306000000000c8fe52f908716d7e811137eec9ee0000010000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xff0c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000740)={{0x1, 0x1, 0x18, <r7=>r6, {r3}}, './file1\x00'})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r7, 0x10, &(0x7f0000000a00)={0x5, 0x0, &(0x7f0000000880)=[{&(0x7f0000000840)=""/3, 0x3}, {&(0x7f0000003480)=""/4096, 0x1000}, {&(0x7f0000000ac0)=""/137, 0x89}], &(0x7f00000008c0)=[0x100000000, 0x7], 0x3}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x18)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r9, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYBLOB="20000000000000000000000007000000440cd1700000000700000e0f940401001400000000000000000600000200000002000000000000001100000000000000000000000100000009000000000000001400000000000000eaffffff0100000006000000000000001400000000000000000000000200000006"], 0x80}}, {{&(0x7f00000010c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=ANY=[], 0x28}}], 0x2, 0x4000004)
r10 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
write$UHID_INPUT2(r10, &(0x7f0000000300)=ANY=[@ANYBLOB="0481ef1448486a743996a4549d6d74fb85ac8ad415cc3eb4ab19f9cf9855de1b9a188a9309e1c5e2a604acced4f807aefda657f5c70faa04a458031c1e2468c7351f53d245cdd2e41d9f6e1e8eeb4e535ce79e99798a1e9a3c372b"], 0x6)
preadv2(r10, &(0x7f0000000280)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000680)={&(0x7f0000000c00)=ANY=[@ANYBLOB="48b3000000010900000000000000000003000005080003400000040004000d1540000000030c000280060003400002000014000f8008000240000000080800034000003071ba735418b8bd5f789a6a9777231d0a14ab21601cd3561574361f1a35f4e4b9cf431be244ddaf0d2f8964c47b783d169b3550cc7bd3d3e2eb23f13405cddd1a46000000"], 0x48}}, 0x45)
r12 = socket$netlink(0x10, 0x3, 0x0)
r13 = syz_clone(0x2b00b100, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0)
r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000e80)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ffb245372d2dfc5e5d56990b39657300000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffd7b048c085ffffb70200000800000018230000938e0322cf97bcb570992369145d4a9ba4e9d7e8d6225be49d91d42d0200314f991027cf6ad788c951b5120b8cdb55dd4ef0702c912271336b161a9e033d846031152539c68e6028aa9a1b3027e3b9c269240acd7e1cb0a9182f70f956d93e9a66d1ccf58a3e854500fe6d046e224eb8d23c60815ce27227c76345905b9754f4af5a236f621c24ba6ce675c9d1e7bcb155be1bcac605dfe7fb033a115c6b9bdb4dfbb398e861a0a2523e861dd379178392476e3dad9ecc81b400390c9053c9323353d6ea0ba34b5c59ca21b7e3801968cbd0fc6c6afd2fc53a993dbdeb623f4a0b12ce6102ce32976096dc84b9c33c1acf30ba81859d7c529f0915452e82c99a7178b8145076048cb31e14a317d5010c8434068585a4eded48fd6438", @ANYRES32=r14, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r15 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r15}, 0x18)
ptrace(0x4206, r13)
waitid(0x1, r13, 0x0, 0x40000006, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)

823.607944ms ago: executing program 2 (id=1633):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0}, 0x94)
socket$inet6(0xa, 0x3, 0x3c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

705.684025ms ago: executing program 2 (id=1638):
r0 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=<r2=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00'], 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x13, &(0x7f0000000740)=ANY=[@ANYRES16=r2, @ANYRESHEX=r1, @ANYRESHEX, @ANYRES16=0x0], &(0x7f00000005c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0x1}, 0x18)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
r5 = mq_open(&(0x7f0000000040)='!seli\x1a\x1d!\xa7\x00\x00inux\x00G\xd0\xc6(X', 0x6e93ebbbcc0884f2, 0x10, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedreceive(r5, &(0x7f00000003c0)=""/83, 0x53, 0x8000000000002003, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x20048054, &(0x7f0000000600)={0x2, 0x4e26, @private=0xa010101}, 0x10)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/42, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write(r4, 0x0, 0x38)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0x2, 0x4fd, &(0x7f0000000b00)="$eJzs3ctvW1kZAPDv3jycyWQmGZgFoAHKMFBQVTtxZ6LRbBhWI4RGQsySRSckThTFiaPYGZrQRbpkj0QlVrDiHwCJBVJX7JFYwI5NWSDxqEANEgsjX19nnIcbq03sNv79pCufe47t75xa9xzrc3NPACPrWkQcRMRkRHwcEbN5fZIf8X77aD3v8aO7y4eP7i4n0Wx+9M8ka2/VRddrWl7O33MqIr7/QcQPkxNB/xhR39vfWKpWKzt5VamxuV2q7+3fXN9cWqusVbbK5cWFxfl3b71TvqCR/vqo9LvffvHhHw6++eNWt2byuu5xXKT20CeO4rSMR8R3LyPYEIzl45l8mhc/1Yu4SGlEfCYi3syu/9kYyz7N445/TN+K/NIGAF5QzeZsNGe7zwGAqy7NcmBJWsxzATORpsViO4f3ekyn1Vq9cWO1tru10s6VzcVEurpercznucK5mEhW18crC1m5c16tlE+c34qI1yLip4WXsvPicq26MswvPgAwwl4+sf7/p9Be/wGAK67r1/zCMPsBAAyO/80HAKPH+g8Ao8f6DwCjx/oPAKPH+g8Ao8f6DwAj5Xsfftg6mof5/a9XPtnb3ah9cnOlUt8obu4uF5drO9vFtVptLbtnz+Z571et1bYX3o7dO6VGpd4o1ff2b2/Wdrcat7P7et+uTAxkVADAk7z25Qd/TiLi4L2XsiO67vd/7lr9xmX3DrhM6bA7AAzN2LA7AAzN6d2+gFEhHw90bdF7r6t66lThpPt9vX2a7xsKPEeuf/4Z8v/AC03+H0bX0+X/fZeHq0D+H0ZXs5nY8x8ARowcP5Cc0979+/98s+ukv9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EqayY4kLeZ7gc9EmhaLEa9ExFxMJKvr1cp8RLwaEX8qTBRa5wsRYd8gAHiRpX9L8v2/rs++NXOydbLw30L2GBE/+vlHP7uz1GjsLERMJv86qm/cz+vLw+g/AHCezjrdWcc7Hj+6u9w5Btmfv3+7vbloK+5hfrRbxmM8e5zKcg3T/07y87bW95WxC4h/cC8iPnfW+JMsNzKX73x6Mn4r9isDjZ8ei59mbe3H1r/FZy+gLzBqHrTmn/fPuv7SuJY9nn39T2Uz1LPrzH+Hp+a/9Gj+G+sx/13rN8bbv//OqcrmbLvtXsQXxiMOO2/eNf904ic94r/VZ/y/vPGlN3u1NX8RcT3OGn9yLFapsbldqu/t31zfXFqrrFW2yuXFhcX5d2+9Uy5lOepSJ1N92j/eu/Fqr/it8U/3iD91zvi/1uf4f/m/j3/wlSfE/8ZXz/78X39C/Naa+PU+4y9N/2aqV1sr/kqP8Z/3+d/oM/7Dv+6v9PlUAGAA6nv7G0vVamXnsgvp5YfICknEwQCG0y4UfvWTDwYV6xIL8Xx0Q+F5Kgx7ZgIu26cX/bB7AgAAAAAAAAAAAAAA9DKIPyca9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//2KH0wQ=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
writev(r6, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)

701.103615ms ago: executing program 4 (id=1639):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x8}, 0x10)
dup3(r3, r2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x1a, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)

630.925246ms ago: executing program 4 (id=1640):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000))

611.138206ms ago: executing program 4 (id=1641):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan1\x00'})
socket$can_raw(0x1d, 0x3, 0x1)
fsmount(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10001}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="1a000000e4ffffffffffffff0000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x5, 0x2)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x40008)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r2)
syz_genetlink_get_family_id$ipvs(&(0x7f00000018c0), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='kmem_cache_free\x00'}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d706f6c3d696e7465728a656176650300706f6c3d6c6f63616c"])
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000580)="000000f1000000000000400000000000007c06a348af0fdc83590bfba6052cd89044eede64b3a02ac599dcdee6a7d62a83ce5f89e00fc5861f29c22ef972eef59347d135a4b302a1e64107a67d944a1a60ee94fcd3e3812c4a7580fd25c3ed06ece75b0fbbc14b87f95265dc510cfbf1bf63f95da1b540375a1cdba878d31fdd5593a0dd437aeb5ce6364419531440efbabf7aad16a5936fa3a3bfb4774c1d72b67eeda4fea216ac0e121113d58d983758c6d74e8238ffa921bee0e3fef590e71e250c692a1e3baa622e4cfd224f7bbbb7449d5c1ff735551322f3ca4c78e415ca59b0de7f1f0da0ed335c15edd0c5d11db9", &(0x7f00000004c0)=""/166}, 0x20)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)

529.069006ms ago: executing program 1 (id=1642):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000280)='(', 0x0, 0x2}, 0x20)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x1, 0x0)

528.581886ms ago: executing program 1 (id=1643):
r0 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=<r2=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00'], 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x13, &(0x7f0000000740)=ANY=[@ANYRES16=r2, @ANYRESHEX=r1, @ANYRESHEX, @ANYRES16=0x0], &(0x7f00000005c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0x1}, 0x18)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
r5 = mq_open(&(0x7f0000000040)='!seli\x1a\x1d!\xa7\x00\x00inux\x00G\xd0\xc6(X', 0x6e93ebbbcc0884f2, 0x10, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedreceive(r5, &(0x7f00000003c0)=""/83, 0x53, 0x8000000000002003, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x20048054, &(0x7f0000000600)={0x2, 0x4e26, @private=0xa010101}, 0x10)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {0x0}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/42, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
write(r4, 0x0, 0x38)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=ANY=[], 0x1c}], 0x1}, 0x800)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0x2, 0x4fd, &(0x7f0000000b00)="$eJzs3ctvW1kZAPDv3jycyWQmGZgFoAHKMFBQVTtxZ6LRbBhWI4RGQsySRSckThTFiaPYGZrQRbpkj0QlVrDiHwCJBVJX7JFYwI5NWSDxqEANEgsjX19nnIcbq03sNv79pCufe47t75xa9xzrc3NPACPrWkQcRMRkRHwcEbN5fZIf8X77aD3v8aO7y4eP7i4n0Wx+9M8ka2/VRddrWl7O33MqIr7/QcQPkxNB/xhR39vfWKpWKzt5VamxuV2q7+3fXN9cWqusVbbK5cWFxfl3b71TvqCR/vqo9LvffvHhHw6++eNWt2byuu5xXKT20CeO4rSMR8R3LyPYEIzl45l8mhc/1Yu4SGlEfCYi3syu/9kYyz7N445/TN+K/NIGAF5QzeZsNGe7zwGAqy7NcmBJWsxzATORpsViO4f3ekyn1Vq9cWO1tru10s6VzcVEurpercznucK5mEhW18crC1m5c16tlE+c34qI1yLip4WXsvPicq26MswvPgAwwl4+sf7/p9Be/wGAK67r1/zCMPsBAAyO/80HAKPH+g8Ao8f6DwCjx/oPAKPH+g8Ao8f6DwAj5Xsfftg6mof5/a9XPtnb3ah9cnOlUt8obu4uF5drO9vFtVptLbtnz+Z571et1bYX3o7dO6VGpd4o1ff2b2/Wdrcat7P7et+uTAxkVADAk7z25Qd/TiLi4L2XsiO67vd/7lr9xmX3DrhM6bA7AAzN2LA7AAzN6d2+gFEhHw90bdF7r6t66lThpPt9vX2a7xsKPEeuf/4Z8v/AC03+H0bX0+X/fZeHq0D+H0ZXs5nY8x8ARowcP5Cc0979+/98s+ukv9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EqayY4kLeZ7gc9EmhaLEa9ExFxMJKvr1cp8RLwaEX8qTBRa5wsRYd8gAHiRpX9L8v2/rs++NXOydbLw30L2GBE/+vlHP7uz1GjsLERMJv86qm/cz+vLw+g/AHCezjrdWcc7Hj+6u9w5Btmfv3+7vbloK+5hfrRbxmM8e5zKcg3T/07y87bW95WxC4h/cC8iPnfW+JMsNzKX73x6Mn4r9isDjZ8ei59mbe3H1r/FZy+gLzBqHrTmn/fPuv7SuJY9nn39T2Uz1LPrzH+Hp+a/9Gj+G+sx/13rN8bbv//OqcrmbLvtXsQXxiMOO2/eNf904ic94r/VZ/y/vPGlN3u1NX8RcT3OGn9yLFapsbldqu/t31zfXFqrrFW2yuXFhcX5d2+9Uy5lOepSJ1N92j/eu/Fqr/it8U/3iD91zvi/1uf4f/m/j3/wlSfE/8ZXz/78X39C/Naa+PU+4y9N/2aqV1sr/kqP8Z/3+d/oM/7Dv+6v9PlUAGAA6nv7G0vVamXnsgvp5YfICknEwQCG0y4UfvWTDwYV6xIL8Xx0Q+F5Kgx7ZgIu26cX/bB7AgAAAAAAAAAAAAAA9DKIPyca9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//2KH0wQ=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)

496.159527ms ago: executing program 3 (id=1645):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
pwritev(r2, &(0x7f0000000100)=[{0x0, 0x72}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0)

489.154927ms ago: executing program 0 (id=1646):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x1d, 0x2, 0x6)
syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000200000000000000000000008500000011000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x800, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
creat(&(0x7f00000000c0)='./bus\x00', 0x1a2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000038c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000003900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r3], 0xc4}}, 0x40)

450.319997ms ago: executing program 3 (id=1647):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x8}, 0x10)
dup3(r3, r2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r5}, &(0x7f0000000880), &(0x7f00000008c0)=r4}, 0x20)

420.427367ms ago: executing program 3 (id=1648):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r1, &(0x7f0000007700), 0x0, 0x0, 0x0)
clock_adjtime(0x4, &(0x7f0000000380)={0x3fb, 0x8, 0x4101, 0x4000000000000b, 0x0, 0x2, 0x400000400, 0x80000000000a, 0x6, 0x100, 0x7, 0x0, 0x1, 0x81, 0x9f, 0x0, 0x9, 0x6, 0x1ff, 0x9, 0x8001, 0x3, 0x0, 0x3, 0x72a3, 0xe})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="85100000040000009500000000000000180000000000000000000000000000009500000000000000851000"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000200)="1d5fe8317ca952a2ba4bfee0f003", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x8)
write$UHID_CREATE2(r3, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000280), 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r4 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
readv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/20, 0x14}], 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10)

404.724328ms ago: executing program 0 (id=1649):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a0)
r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001600)={r2, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

303.922778ms ago: executing program 0 (id=1650):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000009c0)="010000000037a788a11d1f000000000000006923c63a4541062101b60a2156566de770620865", 0x26, r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYBLOB="0a1fcea39368c7c4c7fc82c2376c9b0e6d3a215e4f4f2984668c77ef41ed72f9b80b01d2f6fe809526407b041e7aa9ff66b94bb3946993b6149417d37998002a0d07a480118ffbc4d665701faf56c3ff2af6b2c9ead5a36e93b0fefa20b76b984707560000000000", @ANYRESDEC=0x0], 0x48)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x288000, 0x0)
ioctl$TCSETSW2(r2, 0x5453, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
io_setup(0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x16, 0x0, 0x0, 0x5}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = semget$private(0x0, 0x7, 0x0)
ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x3, 0x0, 0x9, 0xe, 0x119, &(0x7f0000000740)})
semtimedop(r3, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x9)
semop(r3, &(0x7f0000000180)=[{0x1, 0x2, 0x1800}], 0x1)
semop(r3, 0x0, 0x0)
semctl$GETZCNT(r3, 0x0, 0xf, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000300), &(0x7f00000005c0)=r4}, 0x20)
socket(0x10, 0x3, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000700)='./file1\x00', 0xf0000617)
inotify_init1(0x80800)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)

285.145598ms ago: executing program 0 (id=1651):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
r1 = socket$inet6(0xa, 0x3, 0x3c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r6}, 0x10)
r7 = dup(r4)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[], [], 0x6b}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r2}, 0x18)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448cb, 0x0)
bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000800)="2fae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c78f4aa73c0", 0x2de}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826727f5f62", 0x1e9}, {&(0x7f00000000c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859207067c10aa7352abbdf98e9bf033a3184a11e84639d3b9164d9c5d729f3dd409d39ff6d5cf367cd939f790732e8d2310e876fcb299cd44b72bda697035b7b475bc35afbb483db39ac864dbee0c9760c22a1d32d83588afd7c994652413b22db76874ca052ef2013317eb7fc", 0x8c}, {&(0x7f0000000200)="f610e61fc81cc3edc86f0500194d27a5a42cf1880b0dfd1ecda0fd0ed9a444b7fbb161860c18ff8519", 0x29}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r9}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

238.024569ms ago: executing program 0 (id=1652):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f00000002c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r3, &(0x7f0000000380)={0xf97cff8c, 0x8, 'SE Linux', "8e8490717e20bb4a9cc93d0e15151edf"}, 0x20)

223.285849ms ago: executing program 2 (id=1653):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800"/20, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000000000000000000007020000f8ffffffb703000008000000b713a48df9341f7dca6968d204000000000000850000005700000095000000000000000000008b92143f35561dbeef5205fd5f1f260f9341fb6c9e4cd5cc6d6d612e3d12df3929aec02d43e22901da2f896b37ce7626f4da88fae9c5ed921aaece98bc1a53d27a0cb7ffa35bd67443534060b22d03e204b669a491491728041c4d0ecf508dabe0836535c9f659e58a3c680c21d656f8675f87e913565fc6e43be5e1bdb5e3783b759fa6b37d596db65b52589e95f4f55d4a6e52f20499f88a33c8ea1888d9d3bfe33bf16d66c6b3ad5ca86f826caa320fc7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r2)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fbdbdf250c0000002000058008000100657468001400028008000300411e7353080001000e000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x4)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @my=0x1}, 0x0, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47bc, 0xf5, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@nojournal_checksum}]}, 0x21, 0x4b2, &(0x7f0000001500)="$eJzs3cFvVFsZAPDv3ra0lEKLslCjgoiiIcy0AzSEFW40hpAYiSsXUNuhaTrTaTpTpJVF+R9MJHGlf4ILExcmrNy7050bXJigkvdCX/IW83LvTEspM9D3KDMvnd8vObn33FPmO2du7jnDB50TwMA6FxFbEXEsIu5FxGT7etIucbNVsp97+eLR/PaLR/NJNJt3/pfk7dm12PNnMifarzkWET//ScSvkjfj1jc2l+cqlfJau15sVFeL9Y3Ny0vVucXyYnmlVJqdmZ2+fuVa6dDGerb6p+c/Xrr1i7/+5VvP/r71w99k3Zpot+0dx2FqDX1kN05mOCJufYhgfTDUHs+xfneELySNiK9ExPn8+Z+MofxuAgBHWbM5Gc3JvXUA4KhL8xxYkhbauYCJSNNCoZXDOxPjaaVWb1y6X1tfWWjlyqZiJL2/VClPt3OFUzGSZPWZ/PxVvbSvfiUiTkfEb0eP5/XCfK2y0M8PPgAwwE7sW/8/Hm2t/wDAETfW7w4AAD1n/QeAwWP9B4DBY/0HgMFj/QeAwWP9B4DBY/0HgIHys9u3s9Lcbn//9cKDjfXl2oPLC+X6cqG6Pl+Yr62tFhZrtcX8O3uq73q9Sq22OnM11h8WG+V6o1jf2Lxbra2vNO7m3+t9tzzSk1EBAG9z+uzTfyYRsXXjeF5iz14O1mo42tJ+dwDom6F+dwDoG7t9weDyd3ygwxa9r+n6X4SeHH5fgN64+HX5fxhU8v8wuOT/YXDJ/8PgajYTe/4DwICR4wf8+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8fhN5SdJCey/wiUjTQiHiZERMxUhyf6lSno6IUxHxj9GR0aw+0+9OAwDvKf1P0t7/6+LkhYn9rceST0bzY0T8+vd3fvdwrtFYm8mu/3/3euNJ+3qpH/0HAN5lZ53eWcd3vHzxaH6n9LI/z3/U2lw0i7vdLq2W4RjOj2MxEhHjHyXtekv2eWXoEOJvPY6Ir3Uaf5LnRqbaO5/uj5/FPtnT+Olr8dO8rXXM3ouvHkJfYNA8zeafm52evzTO5cfOz/9YPkO9v535b/uN+S/dnf+Gusx/5w4a4+rfftq17XHEN4Y7xU924ydd4l84YPx/ffPb57u1Nf8QcTE6x98bq9iorhbrG5uXl6pzi+XF8kqpNDszO339yrVSMc9RF3cy1W/6741Lp942/vEu8fM7f3ui6/i/d8Dx//HTe7/8zlvi/+C7ne//mfzY+f3P1sTvHzD+3Pifu27fncVf6DL+d93/SweM/+zfmwsH/FEAoAfqG5vLc5VKec2Jk92TnU96X5b+OOn9SZ8nJuCDe/XQ97snAAAAAAAAAAAAAABAN734daJ+jxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICj67MAAAD//9QD1i8=")
r4 = open(&(0x7f0000000040)='.\x00', 0x0, 0x28)
quotactl_fd$Q_GETINFO(r4, 0xffffffff80000500, 0x0, &(0x7f0000000000))
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7, 0x0, 0x3}, 0x18)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x511a01, 0x80)
r8 = openat$selinux_context(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
close(r8)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000440)={0x1, 0x0, [0x0]})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180500000000000000000000000000001800000020696c2500000000002020207b0af8ff00000000bd510000000000000701000000feffffb702000008000000b703000000000000850000001900000095", @ANYRES32=r5, @ANYRESOCT=r8, @ANYRESOCT=r0], &(0x7f00000006c0)='syzkaller\x00', 0x8, 0xd9, &(0x7f0000003e40)=""/217, 0x0, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000b1}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r9}, 0x10)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0)
close(r10)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x34, 0x3, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40)
openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)

180.257859ms ago: executing program 3 (id=1654):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000280)='(', 0x0, 0x2}, 0x20)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x1, 0x0)

136.819639ms ago: executing program 0 (id=1655):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r2], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="610304087b02040912c90e2fba6bad80f032148548fcee0e28fdc801"], 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
umount2(&(0x7f0000000580)='./file0\x00', 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000004000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
syz_read_part_table(0x5c2, &(0x7f0000000000)="$eJzs2z1oU2sYB/AnavCil+vi5GQdnFwURzOoJFFRCNEu4qCgiBi4EEGIECjoYDO0NEPp2KUUsvRjapqhw6Wlhc6ldOil0KHTpV0KXZpL6Xv39vYDhN8PDg/v+/7Pec4znPEEv7QL8U+3281ERPfy8e/ubeULT2+WHpZfRWTiTUT0/PXH1MFJJiX+e+qttF5P67HRK53+nSfZ1trL3dtv5xsX0nlfuq6Ot3tPPBxnbiK3cO37j2pxoJb7tFqsb/5cWX4xuZ0vt583mlPPso/fp9xiqpdS/RK1+Baf411UohIfonpK/UdaG3f3bxRbMx8f7BU6g3P3Uq50wjmP2v9rz9DrZv3Rnenrw/drs0vlrYuHucr/+LoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh/E7mFa99/VIsDtdyn1WJ98+fK8ovJ7Xy5/bzRnHqWffw+5RZTvZTql6jFt/gc76ISlfgQ1VPqP9LauLt/o9ia+fhgr9AZnLuXcqUTznnU/l97hl4364/uTF8fvl+bXSpvXTzMVS6f0QsAAAAAAAAAAAAAAAAAAABAROQLT2+WHpZfRWTiTUT8+fvczMF+N/3vnkm5W6mup/2x0Sud/p0n2dbay93bb+cbf6f9vt8i+iLi6ni799yH4dj+DQAA///B9JXf")
open(&(0x7f0000000740)='./bus\x00', 0x163361, 0x501c998c4dfcafcd)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
r7 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x3, 0x2, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r7, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, @perf_config_ext={0x8, 0x6}, 0x120, 0x10000, 0x33f8, 0x1, 0x8, 0x20007, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, r7, 0x2)

128.74825ms ago: executing program 2 (id=1656):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080))

107.428999ms ago: executing program 2 (id=1657):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48)
r0 = socket(0x11, 0x3, 0x0)
getsockopt$packet_buf(r0, 0x107, 0x6, 0x0, &(0x7f00000001c0))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000002000000040000000240000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000048000000fd00"/28], 0x48)
r2 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
r3 = syz_io_uring_setup(0x1038a9, &(0x7f0000000300)={0x0, 0x4, 0x10100, 0x10000, 0x30e}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffd}})
io_uring_enter(r3, 0x44fd, 0x3, 0x1, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ac0)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0xffffffffffffffff}}, @TCA_CT_MARK={0x8, 0x10, 0x80000000}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x85, &(0x7f0000000000)={r9, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x85, &(0x7f00000001c0)={r9, @in={{0x2, 0x4e23, @empty}}, 0xfffc}, 0x90)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000080)={r9, 0x2, 0x10, 0x8, 0xfffffffffffffffb}, &(0x7f0000000180)=0x18)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
rt_sigsuspend(&(0x7f0000000400), 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x3e, &(0x7f0000000080)=[{0x1, 0x9, 0x4, 0x7ffc0002}]})
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

99.618979ms ago: executing program 3 (id=1658):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000100)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0x19, &(0x7f0000000200)=""/25, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x94)

98.31131ms ago: executing program 1 (id=1659):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x8}, 0x10)
dup3(r3, r2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r5}, &(0x7f0000000880), &(0x7f00000008c0)=r4}, 0x20)

86.97865ms ago: executing program 3 (id=1660):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x3, 0x2a0, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x1d0, 0xffffffff, 0xffffffff, 0x1d0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private1, [0xff000000, 0xffffff00, 0x6dc8f3d6512d1aed, 0xffffffff], [0x0, 0xff000000, 0xff000000], 'bond_slave_0\x00', 'vxcan1\x00', {}, {0xff}, 0xff, 0x2, 0x0, 0x1a}, 0x0, 0xa8, 0xe8}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xb, 0x0, "f7b38f48fc07de923d80c83dadb47eaf24861864a1ac76439aa1637babfc"}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "4199fc6505f93cb13d0617f57700c7ab234fe52cca008b1ef12500"}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000040)={[], [{@fsuuid={'fsuuid', 0x3d, {[0x0, 0xf37872b4ffc98033, 0x36, 0x35, 0x33, 0x32, 0x37, 0x37], 0x2d, [0x62, 0x35, 0x62, 0x31], 0x2d, [0x62, 0x66, 0x64, 0x61], 0x2d, [0x63, 0x63, 0x39, 0x32], 0x2d, [0x57, 0x37, 0x30, 0x62, 0x37, 0x31, 0x34, 0x35]}}}, {@fsname}]}, 0x67, 0x52b, &(0x7f0000000a00)="$eJzs3V9rLGcZAPBnNrvHk3NymlS90IK12krOQc9u0tg2eFEriF4V1HpfY7IJIZtsyG7ak1BMDn4AQUQFr/TGG8EPIEjBGy9FKOi1oqKInuqFF9qR2Z1Nc5L913aTTZPfDybzvjPvzPO8G2Z2ZmeYCeDKeiIiXoiIt9I0vRMR0/n0Qj7EYXvI2r354LXlbEgiTV/6RxJJPq2zriQf38wXux4RX/tyxDeT03Ebe/sbS7VadSevV5qb25XG3v7d9c2ltepadWthYf7ZxecWn1mcG0k/b0XE81/8y/e/89MvPf/Lz7z6x5f/dvtbWVpT+fzj/XiHiv1mtrtean0WxxfYeZfBLqJiq4e5yW4tJk5NuX/GOQEA0F12jP/BiPhkRNyJ6ZjofzgLAAAAvA+ln5+K/yYRaXfXekwHAAAA3kcKrXtgk0I5vxdgKgqFcrl9D++H40ahVm80P71a391aad8rOxOlwup6rTqX3ys8E6Ukq8+3ym/Xnz5RX4iIRyPie9OTrXp5uV5bGfePHwAAAHBF3Dxx/v/v6fb5f8fBOJMDAAAARmdm3AkAAAAAZ27Y8/8bZ5wHAAAAcHZc/wcAAIBL7SsvvpgNaef91yuv7O1u1F+5u1JtbJQ3d5fLy/Wd7fJavb7Wembf5qD11er17c/G1u69SrPaaFYae9djs7671Xx5/aFXYAMAAADn6NGPv/77JCIOPzfZGjLXhlt0yGbARVU8KiX5uMtm/YdH2uM/n1NSwLmYGHcCwNgUx50AMDalcScAjF0yYH7Pm3d+k48/Mdp8AACA0Zv9aO/r/4W+Sx72nw1ceDZiuLpc/4erq3X9f9g7eR0swKVSGnQE0HebPxhxNsA4vOfr/wOl6TtKCAAAGLmp1pAUysVOvVAolyNutV4LUEpW12vVuYh4JCJ+N136QFafb7VMBp4zAAAAAAAAAAAAAAAAAAAAAAAAAABtaZpECgAAAFxqEYW/Jr9qP8t/dvqpqZO/D1xL/jMd+StCX/3RSz+4t9Rs7sxn0/95NL35w3z60+P4BQMAAACuhAEv8H9Y5zy9cx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP05oPXljvDecb9+xciYqZb/GJcb42vRykibvwrieKx5ZKImBhB/Mnsz0e6xU+ytI5Cdos/OYL4h/f7xo/D/FPoFv/mCOLDVfZ6tv95odv2V4gnWuPu218x4qH6u9V7/xdH+7+JHtv/rSFjPPbGzys949+PeKx4Kv5BFqETP+kR/8kh43/j6/v7vealP46Y7fr9k3SaZHvIqDQ3tyuNvf2765tLa9W16tbCwvyzi88tPrM4V1ldr1Xzv11jfPdjv3irX/9v9Ig/M6D/T51a27WuMf73xr0HH2oXS93i336yS/xf/yRvcTp+If/u+1RezubPdsqH7fJxj//st4/36/9Kj/4P+v/f7rXSE+589dt/GrIpAHAOGnv7G0u1WnXn0hays/QhG2dHZxciZ4XzKRyMdIVpmqbZNvUe1pPERfhYWoVx75kAAIBRe/ugf9yZAAAAAAAAAAAAAAAAAAAAwNV1Ho8TOxnz8KiUjOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/H/AAAA///s19ky")
socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
unshare(0x2a020400)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r3)
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001c80)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000000), 0x1, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe")
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
link(0x0, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r4}, 0x18)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNISCRNMAP(r5, 0x4b6a, &(0x7f0000000880))
r6 = dup(r1)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x43403d05, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000240)="4acdd94747d148e30ebf9fd87df5509ac2fa796e", 0x0, 0x2}, 0x20)
r7 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
pivot_root(&(0x7f0000000080)='./bus\x00', &(0x7f0000000200)='./file2\x00')
r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
write$binfmt_register(r8, &(0x7f0000000140)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x0, 0x3a, 'usrjquota=', 0x3a, '\x96\xd5\xdaV\x88V\xc8h\xbar@v\xdf\xbfo\x9f\xb0>\xa8\xdd\xa3\xbb\xaa\xd4f@Y\xa4\xea\x98\x85$\x00\x00\x00\x00\x00\x00\x00\x00e\x88\x00', 0x3a, './file2'}, 0x5c)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r7, 0x7, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=1661):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000009c0)="010000000037a788a11d1f000000000000006923c63a4541062101b60a2156566de770620865", 0x26, r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYBLOB="0a1fcea39368c7c4c7fc82c2376c9b0e6d3a215e4f4f2984668c77ef41ed72f9b80b01d2f6fe809526407b041e7aa9ff66b94bb3946993b6149417d37998002a0d07a480118ffbc4d665701faf56c3ff2af6b2c9ead5a36e93b0fefa20b76b984707560000000000", @ANYRESDEC=0x0], 0x48)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x288000, 0x0)
ioctl$TCSETSW2(r2, 0x5453, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
io_setup(0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x16, 0x0, 0x0, 0x5}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = semget$private(0x0, 0x7, 0x0)
ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x3, 0x0, 0x9, 0xe, 0x119, &(0x7f0000000740)})
semtimedop(r3, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x4, 0x3, 0x1800}], 0x2, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x9)
semop(r3, &(0x7f0000000180)=[{0x1, 0x2, 0x1800}], 0x1)
semop(r3, 0x0, 0x0)
semctl$GETZCNT(r3, 0x0, 0xf, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000300), &(0x7f00000005c0)=r4}, 0x20)
socket(0x10, 0x3, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000700)='./file1\x00', 0xf0000617)
inotify_init1(0x80800)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)

kernel console output (not intermixed with test programs):

ysadm_r:sysadm_t pid=6529 comm="syz.0.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   89.536771][   T29] audit: type=1326 audit(1762400003.296:4721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6529 comm="syz.0.1052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   89.586103][   T37] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:2: bg 0: block 345: padding at end of block bitmap is not set
[   89.595583][ T3421] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[   89.600845][   T37] EXT4-fs (loop4): Remounting filesystem read-only
[   89.612399][ T3421] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   89.624306][   T52] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[   89.638050][ T6525] loop1: detected capacity change from 0 to 512
[   89.669638][   T29] audit: type=1326 audit(1762400003.466:4722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6521 comm="syz.3.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86dd46f6c9 code=0x7ffc0000
[   89.693144][   T29] audit: type=1326 audit(1762400003.466:4723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6521 comm="syz.3.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86dd46f6c9 code=0x7ffc0000
[   89.718523][ T6525] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1048: bad orphan inode 11862016
[   89.729758][ T6525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   89.742419][ T6525] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.762308][   T29] audit: type=1400 audit(1762400003.566:4724): avc:  denied  { read write open } for  pid=6519 comm="syz.1.1048" path="/190/file1/file1" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   89.798115][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.822801][   T29] audit: type=1400 audit(1762400003.626:4725): avc:  denied  { prog_load } for  pid=6539 comm="syz.0.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   89.825514][ T6540] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1057' sets config #0
[   89.842026][   T29] audit: type=1400 audit(1762400003.626:4726): avc:  denied  { bpf } for  pid=6539 comm="syz.0.1057" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   89.928891][ T6546] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1057' sets config #1
[   89.996356][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   90.008806][ T6540] lo speed is unknown, defaulting to 1000
[   90.016093][ T6540] lo speed is unknown, defaulting to 1000
[   90.099076][ T6568] sd 0:0:1:0: device reset
[   90.130089][   T37] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   90.136352][ T6569] loop3: detected capacity change from 0 to 2048
[   90.157288][ T6573] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   90.210331][ T6575] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6575 comm=syz.0.1066
[   90.226493][ T6579] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   90.244405][ T6569] Alternate GPT is invalid, using primary GPT.
[   90.250903][ T6569]  loop3: p1 p2 p3
[   90.254736][ T6569] loop3: partition table partially beyond EOD, truncated
[   90.262063][ T6579] SELinux: failed to load policy
[   90.345262][ T6594] tap0: tun_chr_ioctl cmd 35111
[   90.456185][ T6599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   90.465624][ T6599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   90.474689][ T6599] bond0 (unregistering): Released all slaves
[   90.573996][ T6601] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1078' sets config #0
[   90.633485][ T6601] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1078' sets config #1
[   90.689867][ T6601] lo speed is unknown, defaulting to 1000
[   90.696523][ T6601] lo speed is unknown, defaulting to 1000
[   90.745044][ T6614] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   90.756202][ T6614] SELinux: failed to load policy
[   90.798262][ T6621] xt_CONNSECMARK: invalid mode: 66
[   90.911238][ T6632] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   90.995087][  T295] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   91.017660][ T6644] loop4: detected capacity change from 0 to 2048
[   91.084079][ T6644] Alternate GPT is invalid, using primary GPT.
[   91.090389][ T6644]  loop4: p1 p2 p3
[   91.094225][ T6644] loop4: partition table partially beyond EOD, truncated
[   91.137301][ T6650] loop9: detected capacity change from 0 to 7
[   91.168723][ T6654] xt_CONNSECMARK: invalid mode: 66
[   91.175159][ T6650] Buffer I/O error on dev loop9, logical block 0, async page read
[   91.193053][ T6650] Buffer I/O error on dev loop9, logical block 0, async page read
[   91.201019][ T6650]  loop9: unable to read partition table
[   91.230687][ T6650] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   91.230687][ T6650] 
) failed (rc=-5)
[   91.307020][ T6662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6662 comm=syz.3.1101
[   91.354669][ T6666] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   91.438441][ T6676] tap0: tun_chr_ioctl cmd 35111
[   91.547264][ T3421] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[   91.561559][ T6680] loop1: detected capacity change from 0 to 2048
[   91.568296][ T3421] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   91.581499][ T6686] xt_CONNSECMARK: invalid mode: 66
[   91.594708][ T6680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   91.616960][ T6690] loop3: detected capacity change from 0 to 2048
[   91.629887][ T6692] loop9: detected capacity change from 0 to 7
[   91.636260][ T6692]  loop9: unable to read partition table
[   91.641961][ T6692] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   91.641961][ T6692] 
) failed (rc=-5)
[   91.642393][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.684615][ T6690] Alternate GPT is invalid, using primary GPT.
[   91.690889][ T6690]  loop3: p1 p2 p3
[   91.694662][ T6690] loop3: partition table partially beyond EOD, truncated
[   91.789196][ T6701] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   91.856738][ T6710] sd 0:0:1:0: device reset
[   91.883343][ T6711] tap0: tun_chr_ioctl cmd 35111
[   91.889827][ T6713] tap0: tun_chr_ioctl cmd 35111
[   92.022736][ T6722] loop4: detected capacity change from 0 to 128
[   92.033113][ T6722] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   92.041158][ T6722] FAT-fs (loop4): Filesystem has been set read-only
[   92.047873][ T6722] bio_check_eod: 46428 callbacks suppressed
[   92.047958][ T6722] +\{]: attempt to access beyond end of device
[   92.047958][ T6722] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   92.067310][ T6722] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   92.075316][ T6722] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   92.083451][ T6722] +\{]: attempt to access beyond end of device
[   92.083451][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.096192][ T6722] +\{]: attempt to access beyond end of device
[   92.096192][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.103002][   T31] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   92.108961][ T6722] +\{]: attempt to access beyond end of device
[   92.108961][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.130842][ T6722] +\{]: attempt to access beyond end of device
[   92.130842][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.143647][ T6722] +\{]: attempt to access beyond end of device
[   92.143647][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.161427][ T6722] +\{]: attempt to access beyond end of device
[   92.161427][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.174397][ T6722] +\{]: attempt to access beyond end of device
[   92.174397][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.187336][ T6722] +\{]: attempt to access beyond end of device
[   92.187336][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.204492][ T6722] +\{]: attempt to access beyond end of device
[   92.204492][ T6722] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   92.622555][ T6744] tap0: tun_chr_ioctl cmd 35111
[   92.689709][ T6746] __nla_validate_parse: 43 callbacks suppressed
[   92.689727][ T6746] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'.
[   92.967878][ T6766] FAULT_INJECTION: forcing a failure.
[   92.967878][ T6766] name failslab, interval 1, probability 0, space 0, times 0
[   92.980544][ T6766] CPU: 1 UID: 0 PID: 6766 Comm: syz.2.1142 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.980568][ T6766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   92.980579][ T6766] Call Trace:
[   92.980584][ T6766]  <TASK>
[   92.980589][ T6766]  __dump_stack+0x1d/0x30
[   92.980682][ T6766]  dump_stack_lvl+0xe8/0x140
[   92.980706][ T6766]  dump_stack+0x15/0x1b
[   92.980744][ T6766]  should_fail_ex+0x265/0x280
[   92.980771][ T6766]  should_failslab+0x8c/0xb0
[   92.980810][ T6766]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[   92.980843][ T6766]  ? sidtab_sid2str_get+0xa0/0x130
[   92.980882][ T6766]  ? skb_put+0xa9/0xf0
[   92.980912][ T6766]  kmemdup_noprof+0x2b/0x70
[   92.980962][ T6766]  sidtab_sid2str_get+0xa0/0x130
[   92.981001][ T6766]  security_sid_to_context_core+0x1eb/0x2e0
[   92.981171][ T6766]  security_sid_to_context+0x27/0x40
[   92.981206][ T6766]  avc_audit_post_callback+0x9d/0x520
[   92.981253][ T6766]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   92.981316][ T6766]  common_lsm_audit+0x1bb/0x230
[   92.981350][ T6766]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   92.981392][ T6766]  slow_avc_audit+0x104/0x140
[   92.981488][ T6766]  avc_has_perm+0x13a/0x180
[   92.981513][ T6766]  selinux_socket_sendmsg+0x175/0x1b0
[   92.981624][ T6766]  security_socket_sendmsg+0x48/0x80
[   92.981658][ T6766]  __sock_sendmsg+0x30/0x180
[   92.981693][ T6766]  ____sys_sendmsg+0x31e/0x4e0
[   92.981730][ T6766]  ___sys_sendmsg+0x17b/0x1d0
[   92.981768][ T6766]  __x64_sys_sendmsg+0xd4/0x160
[   92.981841][ T6766]  x64_sys_call+0x191e/0x3000
[   92.981867][ T6766]  do_syscall_64+0xd2/0x200
[   92.981886][ T6766]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   92.981962][ T6766]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   92.982011][ T6766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.982034][ T6766] RIP: 0033:0x7f0a8f3ef6c9
[   92.982051][ T6766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.982126][ T6766] RSP: 002b:00007f0a8de57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.982148][ T6766] RAX: ffffffffffffffda RBX: 00007f0a8f645fa0 RCX: 00007f0a8f3ef6c9
[   92.982160][ T6766] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[   92.982171][ T6766] RBP: 00007f0a8de57090 R08: 0000000000000000 R09: 0000000000000000
[   92.982227][ T6766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.982242][ T6766] R13: 00007f0a8f646038 R14: 00007f0a8f645fa0 R15: 00007fffde82d548
[   92.982261][ T6766]  </TASK>
[   93.052380][ T6758] loop3: detected capacity change from 0 to 512
[   93.260534][ T6773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1144'.
[   93.272150][ T6758] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1139: bad orphan inode 11862016
[   93.301849][ T6758] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   93.316396][ T6758] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.328322][ T3421] IPVS: starting estimator thread 0...
[   93.396480][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   93.415378][ T6790] xt_CONNSECMARK: invalid mode: 66
[   93.433138][ T6784] IPVS: using max 2208 ests per chain, 110400 per kthread
[   93.478488][ T6795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1151'.
[   93.487603][ T6795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1151'.
[   93.513108][ T6795] FAULT_INJECTION: forcing a failure.
[   93.513108][ T6795] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.526292][ T6795] CPU: 0 UID: 0 PID: 6795 Comm: syz.2.1151 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.526321][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   93.526336][ T6795] Call Trace:
[   93.526408][ T6795]  <TASK>
[   93.526416][ T6795]  __dump_stack+0x1d/0x30
[   93.526514][ T6795]  dump_stack_lvl+0xe8/0x140
[   93.526532][ T6795]  dump_stack+0x15/0x1b
[   93.526548][ T6795]  should_fail_ex+0x265/0x280
[   93.526565][ T6795]  should_fail+0xb/0x20
[   93.526594][ T6795]  should_fail_usercopy+0x1a/0x20
[   93.526612][ T6795]  _copy_from_user+0x1c/0xb0
[   93.526635][ T6795]  ___sys_sendmsg+0xc1/0x1d0
[   93.526666][ T6795]  __x64_sys_sendmsg+0xd4/0x160
[   93.526691][ T6795]  x64_sys_call+0x191e/0x3000
[   93.526712][ T6795]  do_syscall_64+0xd2/0x200
[   93.526728][ T6795]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   93.526754][ T6795]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   93.526792][ T6795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.526811][ T6795] RIP: 0033:0x7f0a8f3ef6c9
[   93.526839][ T6795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.526855][ T6795] RSP: 002b:00007f0a8de57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.526871][ T6795] RAX: ffffffffffffffda RBX: 00007f0a8f645fa0 RCX: 00007f0a8f3ef6c9
[   93.526882][ T6795] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   93.526893][ T6795] RBP: 00007f0a8de57090 R08: 0000000000000000 R09: 0000000000000000
[   93.526973][ T6795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.526984][ T6795] R13: 00007f0a8f646038 R14: 00007f0a8f645fa0 R15: 00007fffde82d548
[   93.527001][ T6795]  </TASK>
[   93.756174][ T6798] loop3: detected capacity change from 0 to 512
[   93.765658][ T6798] EXT4-fs: Ignoring removed nobh option
[   93.773059][ T6798] EXT4-fs (loop3): unable to read superblock
[   93.791260][  T295] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   93.871735][ T6830] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1161'.
[   93.902643][ T6831] loop4: detected capacity change from 0 to 2048
[   93.910039][ T3421] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[   93.917767][ T3421] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   93.937320][ T6830] loop3: detected capacity change from 0 to 2048
[   93.954313][ T6831] Alternate GPT is invalid, using primary GPT.
[   93.960804][ T6831]  loop4: p1 p2 p3
[   93.964566][ T6831] loop4: partition table partially beyond EOD, truncated
[   93.974204][ T6830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   94.001773][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.038369][ T6828] loop1: detected capacity change from 0 to 512
[   94.064328][ T6828] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1160: bad orphan inode 11862016
[   94.075554][ T6828] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   94.088397][ T6828] ext4 filesystem being mounted at /219/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.124436][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   94.142822][ T6842] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1164'.
[   94.604366][   T29] kauditd_printk_skb: 489 callbacks suppressed
[   94.604381][   T29] audit: type=1326 audit(1762400008.416:5214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.0.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   94.636911][   T29] audit: type=1326 audit(1762400008.446:5215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.0.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   94.660396][   T29] audit: type=1326 audit(1762400008.446:5216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.0.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   94.684005][   T29] audit: type=1326 audit(1762400008.446:5217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.0.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   94.707468][   T29] audit: type=1326 audit(1762400008.446:5218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.0.1166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7f037a96f6c9 code=0x7ffc0000
[   94.732007][   T29] audit: type=1400 audit(1762400008.506:5219): avc:  denied  { validate_trans } for  pid=6850 comm="syz.2.1167" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   94.746679][ T6855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1167'.
[   94.761453][   T29] audit: type=1400 audit(1762400008.546:5220): avc:  denied  { sys_module } for  pid=6850 comm="syz.2.1167" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   94.792648][   T29] audit: type=1326 audit(1762400008.596:5221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6850 comm="syz.2.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a8f3ef6c9 code=0x7ffc0000
[   94.816164][   T29] audit: type=1326 audit(1762400008.596:5222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6850 comm="syz.2.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0a8f3ef6c9 code=0x7ffc0000
[   94.839650][   T29] audit: type=1326 audit(1762400008.596:5223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6850 comm="syz.2.1167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0a8f3ef703 code=0x7ffc0000
[   94.907006][ T6860] FAULT_INJECTION: forcing a failure.
[   94.907006][ T6860] name failslab, interval 1, probability 0, space 0, times 0
[   94.919918][ T6860] CPU: 0 UID: 0 PID: 6860 Comm: syz.4.1169 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.919951][ T6860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   94.919968][ T6860] Call Trace:
[   94.919976][ T6860]  <TASK>
[   94.919985][ T6860]  __dump_stack+0x1d/0x30
[   94.920037][ T6860]  dump_stack_lvl+0xe8/0x140
[   94.920064][ T6860]  dump_stack+0x15/0x1b
[   94.920083][ T6860]  should_fail_ex+0x265/0x280
[   94.920101][ T6860]  ? __pfx_inetaddr_event+0x10/0x10
[   94.920133][ T6860]  ? addr_event+0x9b/0x270
[   94.920185][ T6860]  should_failslab+0x8c/0xb0
[   94.920222][ T6860]  __kmalloc_cache_noprof+0x4c/0x4a0
[   94.920263][ T6860]  ? __pfx_inetaddr_event+0x10/0x10
[   94.920302][ T6860]  addr_event+0x9b/0x270
[   94.920333][ T6860]  ? __pfx_inetaddr_event+0x10/0x10
[   94.920462][ T6860]  inetaddr_event+0x71/0xa0
[   94.920521][ T6860]  blocking_notifier_call_chain+0x9b/0x1f0
[   94.920646][ T6860]  __inet_del_ifa+0x4e5/0x7f0
[   94.920673][ T6860]  ? netdev_name_node_lookup+0xa4/0xd0
[   94.920771][ T6860]  devinet_ioctl+0x7bd/0xe40
[   94.920809][ T6860]  inet_ioctl+0x2f8/0x3a0
[   94.920885][ T6860]  sock_do_ioctl+0x73/0x220
[   94.920915][ T6860]  sock_ioctl+0x41b/0x610
[   94.920949][ T6860]  ? __pfx_sock_ioctl+0x10/0x10
[   94.921020][ T6860]  __se_sys_ioctl+0xce/0x140
[   94.921057][ T6860]  __x64_sys_ioctl+0x43/0x50
[   94.921153][ T6860]  x64_sys_call+0x1816/0x3000
[   94.921181][ T6860]  do_syscall_64+0xd2/0x200
[   94.921200][ T6860]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   94.921307][ T6860]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   94.921351][ T6860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.921381][ T6860] RIP: 0033:0x7f7b8b21f6c9
[   94.921400][ T6860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.921424][ T6860] RSP: 002b:00007f7b89c7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.921446][ T6860] RAX: ffffffffffffffda RBX: 00007f7b8b475fa0 RCX: 00007f7b8b21f6c9
[   94.921459][ T6860] RDX: 0000200000000080 RSI: 0000000000008916 RDI: 0000000000000003
[   94.921471][ T6860] RBP: 00007f7b89c7f090 R08: 0000000000000000 R09: 0000000000000000
[   94.921483][ T6860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.921538][ T6860] R13: 00007f7b8b476038 R14: 00007f7b8b475fa0 R15: 00007ffeb9513308
[   94.921639][ T6860]  </TASK>
[   95.182275][ T6870] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1174'.
[   95.183566][ T6871] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1175'.
[   95.221012][ T6874] xt_CONNSECMARK: invalid mode: 66
[   95.306184][ T6889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1180'.
[   95.334932][ T6893] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   95.373322][  T295] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   95.376798][ T6893] SELinux: failed to load policy
[   95.387583][ T6894] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   95.397097][ T6894] SELinux: failed to load policy
[   95.594024][ T6905] 8021q: adding VLAN 0 to HW filter on device team0
[   95.644138][ T6905] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   95.662701][ T1034] lo speed is unknown, defaulting to 1000
[   95.668547][ T1034] s
z1: Port: 1 Link ACTIVE
[   95.673250][ T1034] lo speed is unknown, defaulting to 1000
[   95.706711][ T6914] loop9: detected capacity change from 0 to 7
[   95.711813][ T6916] loop1: detected capacity change from 0 to 128
[   95.713113][ T6914] buffer_io_error: 2 callbacks suppressed
[   95.713127][ T6914] Buffer I/O error on dev loop9, logical block 0, async page read
[   95.732829][ T6914] Buffer I/O error on dev loop9, logical block 0, async page read
[   95.740882][ T6914]  loop9: unable to read partition table
[   95.746858][ T6914] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   95.746858][ T6914] 
) failed (rc=-5)
[   95.750852][ T6916] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[   95.768045][ T6916] FAT-fs (loop1): Filesystem has been set read-only
[   95.775848][ T6916] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[   95.783708][ T6916] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[   95.793283][ T6918] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   95.818434][ T6920] xt_CONNSECMARK: invalid mode: 66
[   95.839514][ T6922] FAULT_INJECTION: forcing a failure.
[   95.839514][ T6922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.852682][ T6922] CPU: 1 UID: 0 PID: 6922 Comm: syz.0.1191 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   95.852707][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   95.852720][ T6922] Call Trace:
[   95.852727][ T6922]  <TASK>
[   95.852834][ T6922]  __dump_stack+0x1d/0x30
[   95.852863][ T6922]  dump_stack_lvl+0xe8/0x140
[   95.852893][ T6922]  dump_stack+0x15/0x1b
[   95.852945][ T6922]  should_fail_ex+0x265/0x280
[   95.852965][ T6922]  should_fail+0xb/0x20
[   95.852980][ T6922]  should_fail_usercopy+0x1a/0x20
[   95.853033][ T6922]  _copy_from_iter+0xd2/0xe80
[   95.853068][ T6922]  ? __build_skb_around+0x1ab/0x200
[   95.853106][ T6922]  ? __alloc_skb+0x223/0x320
[   95.853138][ T6922]  netlink_sendmsg+0x471/0x6b0
[   95.853162][ T6922]  ? __pfx_netlink_sendmsg+0x10/0x10
[   95.853179][ T6922]  __sock_sendmsg+0x145/0x180
[   95.853203][ T6922]  ____sys_sendmsg+0x31e/0x4e0
[   95.853271][ T6922]  ___sys_sendmsg+0x17b/0x1d0
[   95.853311][ T6922]  __x64_sys_sendmsg+0xd4/0x160
[   95.853336][ T6922]  x64_sys_call+0x191e/0x3000
[   95.853395][ T6922]  do_syscall_64+0xd2/0x200
[   95.853417][ T6922]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   95.853470][ T6922]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   95.853532][ T6922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.853560][ T6922] RIP: 0033:0x7f037a96f6c9
[   95.853575][ T6922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.853599][ T6922] RSP: 002b:00007f03793d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   95.853641][ T6922] RAX: ffffffffffffffda RBX: 00007f037abc5fa0 RCX: 00007f037a96f6c9
[   95.853653][ T6922] RDX: 0000000000004004 RSI: 0000200000000040 RDI: 0000000000000006
[   95.853665][ T6922] RBP: 00007f03793d7090 R08: 0000000000000000 R09: 0000000000000000
[   95.853676][ T6922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.853688][ T6922] R13: 00007f037abc6038 R14: 00007f037abc5fa0 R15: 00007fff5adfe0d8
[   95.853713][ T6922]  </TASK>
[   96.201436][ T6930] FAULT_INJECTION: forcing a failure.
[   96.201436][ T6930] name failslab, interval 1, probability 0, space 0, times 0
[   96.214110][ T6930] CPU: 0 UID: 0 PID: 6930 Comm: syz.0.1195 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.214171][ T6930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.214181][ T6930] Call Trace:
[   96.214245][ T6930]  <TASK>
[   96.214252][ T6930]  __dump_stack+0x1d/0x30
[   96.214355][ T6930]  dump_stack_lvl+0xe8/0x140
[   96.214372][ T6930]  dump_stack+0x15/0x1b
[   96.214387][ T6930]  should_fail_ex+0x265/0x280
[   96.214404][ T6930]  should_failslab+0x8c/0xb0
[   96.214514][ T6930]  kmem_cache_alloc_noprof+0x50/0x480
[   96.214550][ T6930]  ? security_file_alloc+0x32/0x100
[   96.214583][ T6930]  security_file_alloc+0x32/0x100
[   96.214623][ T6930]  init_file+0x5c/0x1d0
[   96.214695][ T6930]  alloc_empty_file+0x8b/0x200
[   96.214718][ T6930]  path_openat+0x68/0x2170
[   96.214744][ T6930]  ? trace_reschedule_exit+0xd/0xc0
[   96.214805][ T6930]  ? sysvec_reschedule_ipi+0x4f/0x70
[   96.214838][ T6930]  ? _parse_integer_limit+0x170/0x190
[   96.214922][ T6930]  ? _parse_integer+0x27/0x40
[   96.214958][ T6930]  ? kstrtoull+0x111/0x140
[   96.215065][ T6930]  ? kstrtouint+0x76/0xc0
[   96.215102][ T6930]  do_filp_open+0x109/0x230
[   96.215148][ T6930]  do_sys_openat2+0xa6/0x110
[   96.215174][ T6930]  __x64_sys_creat+0x65/0x90
[   96.215196][ T6930]  x64_sys_call+0x2da3/0x3000
[   96.215250][ T6930]  do_syscall_64+0xd2/0x200
[   96.215274][ T6930]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   96.215356][ T6930]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   96.215385][ T6930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.215406][ T6930] RIP: 0033:0x7f037a96f6c9
[   96.215453][ T6930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.215474][ T6930] RSP: 002b:00007f03793d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   96.215548][ T6930] RAX: ffffffffffffffda RBX: 00007f037abc5fa0 RCX: 00007f037a96f6c9
[   96.215563][ T6930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0
[   96.215651][ T6930] RBP: 00007f03793d7090 R08: 0000000000000000 R09: 0000000000000000
[   96.215662][ T6930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.215672][ T6930] R13: 00007f037abc6038 R14: 00007f037abc5fa0 R15: 00007fff5adfe0d8
[   96.215693][ T6930]  </TASK>
[   96.456186][ T6932] loop3: detected capacity change from 0 to 2048
[   96.469524][ T6928] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   96.485862][ T6928] SELinux: failed to load policy
[   96.534091][ T6932] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.563322][ T6932] ext4 filesystem being mounted at /264/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.585920][ T6942] FAULT_INJECTION: forcing a failure.
[   96.585920][ T6942] name failslab, interval 1, probability 0, space 0, times 0
[   96.598618][ T6942] CPU: 1 UID: 0 PID: 6942 Comm: syz.2.1199 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   96.598642][ T6942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   96.598656][ T6942] Call Trace:
[   96.598663][ T6942]  <TASK>
[   96.598670][ T6942]  __dump_stack+0x1d/0x30
[   96.598695][ T6942]  dump_stack_lvl+0xe8/0x140
[   96.598765][ T6942]  dump_stack+0x15/0x1b
[   96.598787][ T6942]  should_fail_ex+0x265/0x280
[   96.598838][ T6942]  should_failslab+0x8c/0xb0
[   96.598870][ T6942]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   96.598906][ T6942]  ? __alloc_skb+0x101/0x320
[   96.598989][ T6942]  __alloc_skb+0x101/0x320
[   96.599020][ T6942]  ? audit_log_start+0x342/0x720
[   96.599046][ T6942]  audit_log_start+0x3a0/0x720
[   96.599067][ T6942]  ? kstrtouint+0x76/0xc0
[   96.599152][ T6942]  audit_seccomp+0x48/0x100
[   96.599190][ T6942]  ? __seccomp_filter+0x82d/0x1250
[   96.599214][ T6942]  __seccomp_filter+0x83e/0x1250
[   96.599319][ T6942]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   96.599357][ T6942]  ? vfs_write+0x7e8/0x960
[   96.599381][ T6942]  ? __rcu_read_unlock+0x4f/0x70
[   96.599403][ T6942]  ? __fget_files+0x184/0x1c0
[   96.599504][ T6942]  __secure_computing+0x82/0x150
[   96.599530][ T6942]  syscall_trace_enter+0xcf/0x1e0
[   96.599561][ T6942]  do_syscall_64+0xac/0x200
[   96.599593][ T6942]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   96.599623][ T6942]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   96.599656][ T6942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.599680][ T6942] RIP: 0033:0x7f0a8f3ef6c9
[   96.599697][ T6942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.599797][ T6942] RSP: 002b:00007f0a8de57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129
[   96.599818][ T6942] RAX: ffffffffffffffda RBX: 00007f0a8f645fa0 RCX: 00007f0a8f3ef6c9
[   96.599833][ T6942] RDX: 0000000000000035 RSI: 000000000000024b RDI: 000000000000024b
[   96.599848][ T6942] RBP: 00007f0a8de57090 R08: 0000000000000000 R09: 0000000000000000
[   96.599862][ T6942] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.599876][ T6942] R13: 00007f0a8f646038 R14: 00007f0a8f645fa0 R15: 00007fffde82d548
[   96.599893][ T6942]  </TASK>
[   96.884039][ T6945] hub 1-0:1.0: USB hub found
[   96.888859][ T6945] hub 1-0:1.0: 8 ports detected
[   96.994641][ T6947] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   97.074081][   T31] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:1: bg 0: block 345: padding at end of block bitmap is not set
[   97.104391][   T31] EXT4-fs (loop3): Remounting filesystem read-only
[   97.110970][  T295] EXT4-fs warning (device loop3): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[   97.115154][ T6945] lo speed is unknown, defaulting to 1000
[   97.132742][ T6945] lo speed is unknown, defaulting to 1000
[   97.195618][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.204798][   T31] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   97.218770][ T6963] loop4: detected capacity change from 0 to 2048
[   97.282973][ T6963] Alternate GPT is invalid, using primary GPT.
[   97.289338][ T6963]  loop4: p1 p2 p3
[   97.293150][ T6963] loop4: partition table partially beyond EOD, truncated
[   97.982817][ T6984] SELinux:  policydb version 1905296526 does not match my version range 15-35
[   97.992268][ T6984] SELinux: failed to load policy
[   98.000121][ T6986] loop4: detected capacity change from 0 to 128
[   98.009664][ T6986] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   98.017574][ T6986] FAT-fs (loop4): Filesystem has been set read-only
[   98.021142][ T6979] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   98.024298][ T6986] bio_check_eod: 38609 callbacks suppressed
[   98.024314][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.024314][ T6986] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   98.044408][ T6989] loop9: detected capacity change from 0 to 7
[   98.053612][ T6986] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   98.059077][ T6989] Buffer I/O error on dev loop9, logical block 0, async page read
[   98.066452][ T6986] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   98.066673][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.066673][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.101024][ T6989] Buffer I/O error on dev loop9, logical block 0, async page read
[   98.108893][ T6989]  loop9: unable to read partition table
[   98.116347][ T6991] __nla_validate_parse: 15 callbacks suppressed
[   98.116364][ T6991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1212'.
[   98.136083][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.136083][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.149625][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.149625][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.164612][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.164612][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.164846][ T6989] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   98.164846][ T6989] 
) failed (rc=-5)
[   98.178046][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.178046][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.208009][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.208009][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.226772][ T6996] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   98.237431][ T6997] xt_CONNSECMARK: invalid mode: 66
[   98.244914][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.244914][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.258365][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.258365][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.274816][ T6986] syz.4.1210: attempt to access beyond end of device
[   98.274816][ T6986] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   98.300511][ T7002] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1217' sets config #0
[   98.329432][   T52] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   98.360176][ T7008] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1217' sets config #1
[   98.453022][ T7008] lo speed is unknown, defaulting to 1000
[   98.459154][ T7008] lo speed is unknown, defaulting to 1000
[   98.695859][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1222'.
[   98.704837][ T7022] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1222'.
[   98.714000][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1222'.
[   98.723072][ T7022] netlink: 348 bytes leftover after parsing attributes in process `syz.1.1222'.
[   98.733013][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1222'.
[   98.748157][ T7022] netlink: 8 bytes leftover after parsing attributes in process `wޣ��'.
[   98.756702][ T7022] netlink: 4 bytes leftover after parsing attributes in process `wޣ��'.
[   98.879231][ T7031] FAULT_INJECTION: forcing a failure.
[   98.879231][ T7031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.892566][ T7031] CPU: 1 UID: 0 PID: 7031 Comm: syz.1.1225 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   98.892595][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   98.892605][ T7031] Call Trace:
[   98.892609][ T7031]  <TASK>
[   98.892614][ T7031]  __dump_stack+0x1d/0x30
[   98.892632][ T7031]  dump_stack_lvl+0xe8/0x140
[   98.892666][ T7031]  dump_stack+0x15/0x1b
[   98.892680][ T7031]  should_fail_ex+0x265/0x280
[   98.892695][ T7031]  should_fail+0xb/0x20
[   98.892707][ T7031]  should_fail_usercopy+0x1a/0x20
[   98.892804][ T7031]  _copy_from_user+0x1c/0xb0
[   98.892823][ T7031]  __copy_msghdr+0x244/0x300
[   98.892849][ T7031]  ___sys_sendmsg+0x109/0x1d0
[   98.892884][ T7031]  __x64_sys_sendmsg+0xd4/0x160
[   98.892986][ T7031]  x64_sys_call+0x191e/0x3000
[   98.893040][ T7031]  do_syscall_64+0xd2/0x200
[   98.893060][ T7031]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   98.893085][ T7031]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   98.893153][ T7031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.893170][ T7031] RIP: 0033:0x7f2c2a8bf6c9
[   98.893181][ T7031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.893201][ T7031] RSP: 002b:00007f2c2931f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.893215][ T7031] RAX: ffffffffffffffda RBX: 00007f2c2ab15fa0 RCX: 00007f2c2a8bf6c9
[   98.893225][ T7031] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[   98.893234][ T7031] RBP: 00007f2c2931f090 R08: 0000000000000000 R09: 0000000000000000
[   98.893244][ T7031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.893253][ T7031] R13: 00007f2c2ab16038 R14: 00007f2c2ab15fa0 R15: 00007ffdfea73ce8
[   98.893268][ T7031]  </TASK>
[   99.099610][ T7039] loop9: detected capacity change from 0 to 7
[   99.105864][ T7039] Buffer I/O error on dev loop9, logical block 0, async page read
[   99.115760][ T7039] Buffer I/O error on dev loop9, logical block 0, async page read
[   99.123655][ T7039]  loop9: unable to read partition table
[   99.139401][ T7039] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   99.139401][ T7039] 
) failed (rc=-5)
[   99.159564][ T7041] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[   99.216192][ T7051] sd 0:0:1:0: device reset
[   99.245909][ T7053] sd 0:0:1:0: device reset
[   99.277575][ T7056] loop3: detected capacity change from 0 to 512
[   99.294363][ T7056] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   99.322876][ T7056] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   99.330957][ T7056] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002]
[   99.361134][ T7056] System zones: 0-1, 15-15, 18-18, 34-34
[   99.367833][ T7047] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.369363][ T7056] EXT4-fs (loop3): orphan cleanup on readonly fs
[   99.382456][ T7056] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   99.397084][ T7056] EXT4-fs (loop3): Cannot turn on quotas: error -22
[   99.406391][ T7056] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1235: bg 0: block 40: padding at end of block bitmap is not set
[   99.419142][ T7047] 8021q: adding VLAN 0 to HW filter on device team0
[   99.423167][ T7068] loop9: detected capacity change from 0 to 7
[   99.434681][ T7068] Buffer I/O error on dev loop9, logical block 0, async page read
[   99.443822][ T7068] Buffer I/O error on dev loop9, logical block 0, async page read
[   99.451788][ T7068]  loop9: unable to read partition table
[   99.457722][ T7068] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   99.457722][ T7068] 
) failed (rc=-5)
[   99.471144][ T7056] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   99.481507][ T7047] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.504739][ T7056] EXT4-fs (loop3): 1 truncate cleaned up
[   99.510788][ T7056] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   99.523472][ T7069] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   99.535120][ T7056] EXT4-fs error (device loop3): ext4_encrypted_get_link:46: inode #16: comm syz.3.1235: bad symlink.
[   99.546139][ T7072] netlink: 'syz.1.1240': attribute type 39 has an invalid length.
[   99.573600][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.643309][   T37] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   99.655384][ T7083] loop3: detected capacity change from 0 to 2048
[   99.694830][ T7083] Alternate GPT is invalid, using primary GPT.
[   99.701323][ T7083]  loop3: p1 p2 p3
[   99.704440][   T29] kauditd_printk_skb: 270 callbacks suppressed
[   99.704455][   T29] audit: type=1326 audit(1762400013.516:5491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.705136][ T7083] loop3: partition table partially beyond EOD, 
[   99.711215][   T29] audit: type=1326 audit(1762400013.516:5492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.734591][ T7083] truncated
[   99.782265][   T29] audit: type=1326 audit(1762400013.576:5493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.805691][   T29] audit: type=1326 audit(1762400013.576:5494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.810777][ T7092] loop1: detected capacity change from 0 to 2048
[   99.829132][   T29] audit: type=1326 audit(1762400013.576:5495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.858887][   T29] audit: type=1326 audit(1762400013.576:5496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.882368][   T29] audit: type=1326 audit(1762400013.576:5497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.905792][   T29] audit: type=1326 audit(1762400013.576:5498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.929266][   T29] audit: type=1326 audit(1762400013.576:5499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[   99.952693][   T29] audit: type=1326 audit(1762400013.576:5500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7090 comm="syz.4.1244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b8b21f6c9 code=0x7ffc0000
[  100.015087][ T7092] Alternate GPT is invalid, using primary GPT.
[  100.021401][ T7092]  loop1: p1 p2 p3
[  100.025175][ T7092] loop1: partition table partially beyond EOD, truncated
[  100.176407][ T7104] xt_CONNSECMARK: invalid mode: 66
[  100.405853][ T7109] loop9: detected capacity change from 0 to 7
[  100.412127][ T7109] Buffer I/O error on dev loop9, logical block 0, async page read
[  100.420029][ T7109] Buffer I/O error on dev loop9, logical block 0, async page read
[  100.427989][ T7109]  loop9: unable to read partition table
[  100.434250][ T7109] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  100.434250][ T7109] 
) failed (rc=-5)
[  100.510672][ T7117] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  100.565756][ T7120] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  100.574750][ T7120] SELinux: failed to load policy
[  100.603101][ T7124] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1257'.
[  100.638163][ T7127] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1258'.
[  100.679472][ T7129] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  100.721501][ T7114] loop1: detected capacity change from 0 to 512
[  100.745780][ T7114] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1252: bad orphan inode 11862016
[  100.804065][ T7114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  100.820507][ T7114] ext4 filesystem being mounted at /249/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.872431][   T52] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  100.941494][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  101.019041][ T7166] loop3: detected capacity change from 0 to 128
[  101.025721][ T7166] vfat: Unknown parameter '017777777777777777777770000000000000000000000018446744073709551615��'
[  101.042111][ T7166] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  101.061343][ T7167] FAULT_INJECTION: forcing a failure.
[  101.061343][ T7167] name failslab, interval 1, probability 0, space 0, times 0
[  101.074071][ T7167] CPU: 1 UID: 0 PID: 7167 Comm: syz.1.1269 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  101.074092][ T7167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  101.074176][ T7167] Call Trace:
[  101.074180][ T7167]  <TASK>
[  101.074186][ T7167]  __dump_stack+0x1d/0x30
[  101.074203][ T7167]  dump_stack_lvl+0xe8/0x140
[  101.074260][ T7167]  dump_stack+0x15/0x1b
[  101.074273][ T7167]  should_fail_ex+0x265/0x280
[  101.074289][ T7167]  should_failslab+0x8c/0xb0
[  101.074337][ T7167]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  101.074361][ T7167]  ? __alloc_skb+0x101/0x320
[  101.074435][ T7167]  __alloc_skb+0x101/0x320
[  101.074457][ T7167]  netlink_alloc_large_skb+0xbf/0xf0
[  101.074514][ T7167]  netlink_sendmsg+0x3cf/0x6b0
[  101.074608][ T7167]  ? __pfx_netlink_sendmsg+0x10/0x10
[  101.074623][ T7167]  __sock_sendmsg+0x145/0x180
[  101.074642][ T7167]  ____sys_sendmsg+0x31e/0x4e0
[  101.074670][ T7167]  ___sys_sendmsg+0x17b/0x1d0
[  101.074740][ T7167]  __x64_sys_sendmsg+0xd4/0x160
[  101.074758][ T7167]  x64_sys_call+0x191e/0x3000
[  101.074775][ T7167]  do_syscall_64+0xd2/0x200
[  101.074790][ T7167]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  101.074870][ T7167]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  101.074896][ T7167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.074917][ T7167] RIP: 0033:0x7f2c2a8bf6c9
[  101.074928][ T7167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.074951][ T7167] RSP: 002b:00007f2c292dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.074965][ T7167] RAX: ffffffffffffffda RBX: 00007f2c2ab16180 RCX: 00007f2c2a8bf6c9
[  101.074975][ T7167] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000007
[  101.074984][ T7167] RBP: 00007f2c292dd090 R08: 0000000000000000 R09: 0000000000000000
[  101.074994][ T7167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.075025][ T7167] R13: 00007f2c2ab16218 R14: 00007f2c2ab16180 R15: 00007ffdfea73ce8
[  101.075041][ T7167]  </TASK>
[  101.673357][ T7171] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  101.722002][ T7176] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  101.822270][ T7185] tap0: tun_chr_ioctl cmd 35111
[  101.993452][ T7205] loop9: detected capacity change from 0 to 7
[  101.999751][ T7205] Buffer I/O error on dev loop9, logical block 0, async page read
[  102.007714][ T7205] Buffer I/O error on dev loop9, logical block 0, async page read
[  102.015715][ T7205]  loop9: unable to read partition table
[  102.021455][ T7205] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  102.021455][ T7205] 
) failed (rc=-5)
[  102.026164][   T52] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  102.056414][ T7206] loop3: detected capacity change from 0 to 2048
[  102.105563][ T7206] Alternate GPT is invalid, using primary GPT.
[  102.111892][ T7206]  loop3: p1 p2 p3
[  102.115668][ T7206] loop3: partition table partially beyond EOD, truncated
[  102.154549][ T7214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.163117][ T7214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.171503][ T7214] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7214 comm=syz.2.1287
[  102.184131][ T7214] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7214 comm=syz.2.1287
[  102.506559][ T3394] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  102.514290][ T3394] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  102.524659][ T7216] loop4: detected capacity change from 0 to 2048
[  102.534503][ T7216] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.560454][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.582061][ T3394] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  102.589913][ T3394] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  102.599651][ T7220] loop4: detected capacity change from 0 to 2048
[  102.619244][ T7220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.637908][ T7224] tap0: tun_chr_ioctl cmd 35111
[  102.649745][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.668649][ T7226] loop4: detected capacity change from 0 to 128
[  102.677633][ T7226] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  102.685564][ T7226] FAT-fs (loop4): Filesystem has been set read-only
[  102.692199][ T7226] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  102.700102][ T7226] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  102.900880][   T52] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  103.032980][ T7226] bio_check_eod: 23725 callbacks suppressed
[  103.032997][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.032997][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.041473][ T7245] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  103.082938][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.082938][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.090424][ T7245] SELinux: failed to load policy
[  103.143096][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.143096][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.163300][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.163300][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.199041][ T7241] 8021q: adding VLAN 0 to HW filter on device team0
[  103.218507][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.218507][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.232554][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.232554][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.246199][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.246199][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.259515][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.259515][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.272797][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.272797][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.272843][ T7226] syz.4.1291: attempt to access beyond end of device
[  103.272843][ T7226] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  103.300060][ T7241] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  103.332606][ T7250] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1299' sets config #0
[  103.374543][ T7250] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1299' sets config #1
[  103.433106][ T7250] lo speed is unknown, defaulting to 1000
[  103.440171][ T7250] lo speed is unknown, defaulting to 1000
[  103.715769][ T7273] atomic_op ffff888136717128 conn xmit_atomic 0000000000000000
[  103.751857][ T7282] dvmrp1: entered allmulticast mode
[  103.787878][ T7282] dvmrp1: left allmulticast mode
[  103.939514][ T7291] syzkaller0: entered promiscuous mode
[  103.945061][ T7291] syzkaller0: entered allmulticast mode
[  103.963848][ T7296] loop4: detected capacity change from 0 to 764
[  103.983950][ T7296] rock: directory entry would overflow storage
[  103.990116][ T7296] rock: sig=0x4f50, size=4, remaining=3
[  103.995719][ T7296] iso9660: Corrupted directory entry in block 6 of inode 1792
[  104.208970][ T7309] loop9: detected capacity change from 0 to 7
[  104.215236][ T7309] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.223724][ T7309] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.231552][ T7309]  loop9: unable to read partition table
[  104.237576][ T7309] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  104.237576][ T7309] 
) failed (rc=-5)
[  104.293615][ T7315] loop9: detected capacity change from 0 to 7
[  104.299922][ T7315] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.307957][ T7315] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.315951][ T7315]  loop9: unable to read partition table
[  104.321661][ T7315] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  104.321661][ T7315] 
) failed (rc=-5)
[  104.366564][ T7318] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1320' sets config #0
[  104.393388][ T7318] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1320' sets config #1
[  104.457379][ T7316] loop4: detected capacity change from 0 to 512
[  104.470848][ T7318] lo speed is unknown, defaulting to 1000
[  104.477079][ T7318] lo speed is unknown, defaulting to 1000
[  104.495034][ T7316] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1317: bad orphan inode 11862016
[  104.506487][ T7316] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  104.519215][ T7316] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.627165][ T7328] loop3: detected capacity change from 0 to 2048
[  104.665194][ T7328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.680288][ T7328] ext4 filesystem being mounted at /285/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.692366][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  104.720409][ T7338] __nla_validate_parse: 10 callbacks suppressed
[  104.720422][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1326'.
[  104.764872][   T29] kauditd_printk_skb: 613 callbacks suppressed
[  104.764895][   T29] audit: type=1400 audit(1762400018.576:6112): avc:  denied  { read write } for  pid=7336 comm="syz.1.1326" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  104.794521][   T29] audit: type=1400 audit(1762400018.576:6113): avc:  denied  { open } for  pid=7336 comm="syz.1.1326" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  104.823558][ T3421] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  104.838819][   T29] audit: type=1326 audit(1762400018.586:6114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7331 comm="syz.2.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f0a8f3ef6c9 code=0x7ffc0000
[  104.843590][ T3421] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  104.862177][   T29] audit: type=1326 audit(1762400018.626:6115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7329 comm="syz.2.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a8f3ef6c9 code=0x7ffc0000
[  104.895176][   T29] audit: type=1326 audit(1762400018.626:6116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7329 comm="syz.2.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a8f3ef6c9 code=0x7ffc0000
[  104.897492][ T7338] loop1: detected capacity change from 0 to 2048
[  104.942702][ T7347] loop9: detected capacity change from 0 to 7
[  104.949015][ T7347] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.956882][ T7347] Buffer I/O error on dev loop9, logical block 0, async page read
[  104.964795][ T7347]  loop9: unable to read partition table
[  104.973115][ T7347] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  104.973115][ T7347] 
) failed (rc=-5)
[  104.986523][   T29] audit: type=1400 audit(1762400018.746:6117): avc:  denied  { create } for  pid=7344 comm="syz.4.1324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  105.006236][   T29] audit: type=1400 audit(1762400018.746:6118): avc:  denied  { setopt } for  pid=7344 comm="syz.4.1324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  105.026045][   T29] audit: type=1400 audit(1762400018.746:6119): avc:  denied  { unlink } for  pid=3321 comm="syz-executor" name="file0" dev="tmpfs" ino=1491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  105.049537][   T29] audit: type=1400 audit(1762400018.806:6120): avc:  denied  { kexec_image_load } for  pid=7344 comm="syz.4.1324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  105.119180][   T29] audit: type=1400 audit(1762400018.916:6121): avc:  denied  { getopt } for  pid=7356 comm="syz.0.1331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  105.139654][ T7338] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.172100][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.315252][ T7362] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  105.324203][ T3459] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:7: bg 0: block 345: padding at end of block bitmap is not set
[  105.336162][ T7362] SELinux: failed to load policy
[  105.344105][ T3459] EXT4-fs (loop3): Remounting filesystem read-only
[  105.350655][   T31] EXT4-fs warning (device loop3): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  105.438563][ T7368] loop4: detected capacity change from 0 to 512
[  105.450931][ T7368] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  105.460887][ T7368] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  105.471726][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.481274][ T7364] FAULT_INJECTION: forcing a failure.
[  105.481274][ T7364] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  105.494530][ T7364] CPU: 1 UID: 0 PID: 7364 Comm: syz.1.1336 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  105.494553][ T7364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  105.494567][ T7364] Call Trace:
[  105.494573][ T7364]  <TASK>
[  105.494581][ T7364]  __dump_stack+0x1d/0x30
[  105.494636][ T7364]  dump_stack_lvl+0xe8/0x140
[  105.494655][ T7364]  dump_stack+0x15/0x1b
[  105.494670][ T7364]  should_fail_ex+0x265/0x280
[  105.494735][ T7364]  should_fail+0xb/0x20
[  105.494826][ T7364]  should_fail_usercopy+0x1a/0x20
[  105.494844][ T7364]  _copy_from_user+0x1c/0xb0
[  105.494867][ T7364]  __ia32_sys_rt_sigreturn+0x128/0x350
[  105.494910][ T7364]  x64_sys_call+0x2d4b/0x3000
[  105.494930][ T7364]  do_syscall_64+0xd2/0x200
[  105.494947][ T7364]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  105.494973][ T7364]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  105.495048][ T7364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.495135][ T7364] RIP: 0033:0x7f2c2a85b779
[  105.495148][ T7364] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  105.495164][ T7364] RSP: 002b:00007f2c2931ea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  105.495180][ T7364] RAX: ffffffffffffffda RBX: 00007f2c2ab15fa0 RCX: 00007f2c2a85b779
[  105.495258][ T7364] RDX: 00007f2c2931ea80 RSI: 00007f2c2931ebb0 RDI: 0000000000000021
[  105.495269][ T7364] RBP: 00007f2c2931f090 R08: 0000000000000000 R09: 0000000000000000
[  105.495279][ T7364] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[  105.495290][ T7364] R13: 00007f2c2ab16038 R14: 00007f2c2ab15fa0 R15: 00007ffdfea73ce8
[  105.495307][ T7364]  </TASK>
[  105.513346][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1338'.
[  105.541574][ T7370] sd 0:0:1:0: device reset
[  105.563447][ T1034] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0
[  105.590030][ T7373] loop4: detected capacity change from 0 to 2048
[  105.662373][ T1034] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  105.711077][ T7373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.714672][ T7381] tap0: tun_chr_ioctl cmd 35111
[  105.747037][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.757276][ T7377] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  105.768965][ T7388] program syz.2.1342 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  105.778202][ T7377] loop3: detected capacity change from 0 to 2048
[  105.814041][ T7377] Alternate GPT is invalid, using primary GPT.
[  105.820354][ T7377]  loop3: p1 p2 p3
[  105.824149][ T7377] loop3: partition table partially beyond EOD, truncated
[  105.835087][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1344'.
[  105.850651][ T1034] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0
[  105.862723][ T7395] loop1: detected capacity change from 0 to 2048
[  105.869407][ T1034] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  105.884492][ T7395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.913482][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.981364][ T7404] loop3: detected capacity change from 0 to 2048
[  105.994595][ T7404] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.006893][ T7404] ext4 filesystem being mounted at /287/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.028344][ T7417] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1351' sets config #0
[  106.033570][   T37] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  106.057786][ T7418] loop4: detected capacity change from 0 to 2048
[  106.074516][ T7417] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1351' sets config #1
[  106.093923][ T7418] Alternate GPT is invalid, using primary GPT.
[  106.100209][ T7418]  loop4: p1 p2 p3
[  106.103994][ T7418] loop4: partition table partially beyond EOD, truncated
[  106.131533][ T7417] lo speed is unknown, defaulting to 1000
[  106.138325][ T7417] lo speed is unknown, defaulting to 1000
[  106.305031][   T31] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:1: bg 0: block 345: padding at end of block bitmap is not set
[  106.319786][   T31] EXT4-fs (loop3): Remounting filesystem read-only
[  106.326462][ T3459] EXT4-fs warning (device loop3): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  106.411666][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.550971][ T7441] loop1: detected capacity change from 0 to 2048
[  106.593947][ T7441] Alternate GPT is invalid, using primary GPT.
[  106.598541][ T7443] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  106.600336][ T7441]  loop1: p1 p2 p3
[  106.609052][ T7443] SELinux: failed to load policy
[  106.612776][ T7441] loop1: partition table partially beyond EOD, truncated
[  106.741638][ T7448] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  106.750633][ T7448] SELinux: failed to load policy
[  106.771249][ T7450] sd 0:0:1:0: device reset
[  106.800172][ T7452] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1363' sets config #0
[  106.861076][ T7453] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1363' sets config #1
[  106.914289][ T7457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1364'.
[  106.925696][ T7453] lo speed is unknown, defaulting to 1000
[  106.938957][ T7453] lo speed is unknown, defaulting to 1000
[  106.972203][ T7462] sd 0:0:1:0: device reset
[  107.005145][ T7464] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  107.028602][ T7468] FAULT_INJECTION: forcing a failure.
[  107.028602][ T7468] name failslab, interval 1, probability 0, space 0, times 0
[  107.041337][ T7468] CPU: 0 UID: 0 PID: 7468 Comm: syz.0.1370 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  107.041367][ T7468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.041444][ T7468] Call Trace:
[  107.041450][ T7468]  <TASK>
[  107.041457][ T7468]  __dump_stack+0x1d/0x30
[  107.041479][ T7468]  dump_stack_lvl+0xe8/0x140
[  107.041524][ T7468]  dump_stack+0x15/0x1b
[  107.041541][ T7468]  should_fail_ex+0x265/0x280
[  107.041559][ T7468]  should_failslab+0x8c/0xb0
[  107.041586][ T7468]  kmem_cache_alloc_lru_noprof+0x55/0x490
[  107.041639][ T7468]  ? __d_alloc+0x3d/0x340
[  107.041668][ T7468]  __d_alloc+0x3d/0x340
[  107.041704][ T7468]  d_alloc_pseudo+0x1e/0x80
[  107.041850][ T7468]  alloc_file_pseudo+0x71/0x160
[  107.041871][ T7468]  anon_inode_getfd+0xc1/0x150
[  107.041892][ T7468]  bpf_map_new_fd+0x52/0x70
[  107.041928][ T7468]  map_create+0xd25/0xda0
[  107.041944][ T7468]  ? security_bpf+0x2b/0x90
[  107.042011][ T7468]  __sys_bpf+0x54e/0x7c0
[  107.042083][ T7468]  __x64_sys_bpf+0x41/0x50
[  107.042110][ T7468]  x64_sys_call+0x2aee/0x3000
[  107.042136][ T7468]  do_syscall_64+0xd2/0x200
[  107.042152][ T7468]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  107.042176][ T7468]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  107.042204][ T7468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.042299][ T7468] RIP: 0033:0x7f037a96f6c9
[  107.042311][ T7468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.042326][ T7468] RSP: 002b:00007f03793d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  107.042341][ T7468] RAX: ffffffffffffffda RBX: 00007f037abc5fa0 RCX: 00007f037a96f6c9
[  107.042351][ T7468] RDX: 0000000000000048 RSI: 0000200000000740 RDI: 0000000000000000
[  107.042363][ T7468] RBP: 00007f03793d7090 R08: 0000000000000000 R09: 0000000000000000
[  107.042379][ T7468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.042397][ T7468] R13: 00007f037abc6038 R14: 00007f037abc5fa0 R15: 00007fff5adfe0d8
[  107.042437][ T7468]  </TASK>
[  107.274792][ T7474] loop1: detected capacity change from 0 to 128
[  107.288616][ T7474] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  107.289127][ T7478] sd 0:0:1:0: device reset
[  107.296510][ T7474] FAT-fs (loop1): Filesystem has been set read-only
[  107.303273][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1372'.
[  107.316356][ T7476] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1372'.
[  107.323107][ T7474] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  107.325428][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1372'.
[  107.333235][ T7474] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  107.342080][ T7476] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1372'.
[  107.358607][ T7479] netlink: 8 bytes leftover after parsing attributes in process `wޣ��'.
[  107.359308][ T7476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1372'.
[  107.459229][ T7484] FAULT_INJECTION: forcing a failure.
[  107.459229][ T7484] name failslab, interval 1, probability 0, space 0, times 0
[  107.472075][ T7484] CPU: 1 UID: 0 PID: 7484 Comm: syz.4.1376 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  107.472163][ T7484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.472175][ T7484] Call Trace:
[  107.472181][ T7484]  <TASK>
[  107.472187][ T7484]  __dump_stack+0x1d/0x30
[  107.472208][ T7484]  dump_stack_lvl+0xe8/0x140
[  107.472227][ T7484]  dump_stack+0x15/0x1b
[  107.472244][ T7484]  should_fail_ex+0x265/0x280
[  107.472277][ T7484]  ? nfnetlink_rcv+0x555/0x16c0
[  107.472303][ T7484]  should_failslab+0x8c/0xb0
[  107.472352][ T7484]  __kmalloc_cache_noprof+0x4c/0x4a0
[  107.472384][ T7484]  nfnetlink_rcv+0x555/0x16c0
[  107.472409][ T7484]  ? kmem_cache_free+0xe4/0x3d0
[  107.472454][ T7484]  ? __dev_queue_xmit+0x1200/0x2000
[  107.472530][ T7484]  ? __dev_queue_xmit+0x182/0x2000
[  107.472563][ T7484]  ? ref_tracker_free+0x37d/0x3e0
[  107.472608][ T7484]  netlink_unicast+0x5c0/0x690
[  107.472724][ T7484]  netlink_sendmsg+0x58b/0x6b0
[  107.472745][ T7484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  107.472763][ T7484]  __sock_sendmsg+0x145/0x180
[  107.472787][ T7484]  ____sys_sendmsg+0x31e/0x4e0
[  107.472841][ T7484]  ___sys_sendmsg+0x17b/0x1d0
[  107.472879][ T7484]  __x64_sys_sendmsg+0xd4/0x160
[  107.472908][ T7484]  x64_sys_call+0x191e/0x3000
[  107.472989][ T7484]  do_syscall_64+0xd2/0x200
[  107.473006][ T7484]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  107.473034][ T7484]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  107.473065][ T7484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.473148][ T7484] RIP: 0033:0x7f7b8b21f6c9
[  107.473161][ T7484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.473178][ T7484] RSP: 002b:00007f7b89c7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  107.473265][ T7484] RAX: ffffffffffffffda RBX: 00007f7b8b475fa0 RCX: 00007f7b8b21f6c9
[  107.473277][ T7484] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[  107.473299][ T7484] RBP: 00007f7b89c7f090 R08: 0000000000000000 R09: 0000000000000000
[  107.473352][ T7484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.473363][ T7484] R13: 00007f7b8b476038 R14: 00007f7b8b475fa0 R15: 00007ffeb9513308
[  107.473380][ T7484]  </TASK>
[  107.549514][ T7489] loop3: detected capacity change from 0 to 2048
[  107.683437][ T3421] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0
[  107.696121][ T1034] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  107.715426][ T3421] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  107.716117][ T1034] hid-generic 0000:0000:0000.0018: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  107.744262][ T7489] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.809727][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.848216][ T7499] tap0: tun_chr_ioctl cmd 35111
[  107.910626][ T7508] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  107.919273][   T37] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  107.969559][ T7510] loop3: detected capacity change from 0 to 2048
[  107.976091][ T7513] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  107.986290][ T7513] SELinux: failed to load policy
[  108.006977][ T7510] Alternate GPT is invalid, using primary GPT.
[  108.013288][ T7510]  loop3: p1 p2 p3
[  108.017012][ T7510] loop3: partition table partially beyond EOD, truncated
[  108.042954][ T7474] bio_check_eod: 20083 callbacks suppressed
[  108.043032][ T7474] +\{]: attempt to access beyond end of device
[  108.043032][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.061762][ T7474] +\{]: attempt to access beyond end of device
[  108.061762][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.061811][ T7521] loop4: detected capacity change from 0 to 2048
[  108.074522][ T7474] +\{]: attempt to access beyond end of device
[  108.074522][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.093650][ T7474] +\{]: attempt to access beyond end of device
[  108.093650][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.106508][ T7474] +\{]: attempt to access beyond end of device
[  108.106508][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.119253][ T7474] +\{]: attempt to access beyond end of device
[  108.119253][ T7474] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128
[  108.146855][ T7521] Alternate GPT is invalid, using primary GPT.
[  108.153189][ T7521]  loop4: p1 p2 p3
[  108.156920][ T7521] loop4: partition table partially beyond EOD, truncated
[  108.200646][ T7525] FAULT_INJECTION: forcing a failure.
[  108.200646][ T7525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.213758][ T7525] CPU: 0 UID: 0 PID: 7525 Comm: syz.1.1387 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  108.213839][ T7525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  108.213850][ T7525] Call Trace:
[  108.213855][ T7525]  <TASK>
[  108.213860][ T7525]  __dump_stack+0x1d/0x30
[  108.213881][ T7525]  dump_stack_lvl+0xe8/0x140
[  108.213905][ T7525]  dump_stack+0x15/0x1b
[  108.213995][ T7525]  should_fail_ex+0x265/0x280
[  108.214018][ T7525]  should_fail+0xb/0x20
[  108.214037][ T7525]  should_fail_usercopy+0x1a/0x20
[  108.214076][ T7525]  _copy_from_user+0x1c/0xb0
[  108.214106][ T7525]  restore_altstack+0x4b/0x2d0
[  108.214131][ T7525]  ? __set_task_blocked+0x1dc/0x2a0
[  108.214211][ T7525]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  108.214231][ T7525]  ? lapic_next_event+0x11/0x20
[  108.214255][ T7525]  ? clockevents_program_event+0x240/0x4e0
[  108.214323][ T7525]  ? tick_program_event+0x79/0xc0
[  108.214418][ T7525]  ? hrtimer_interrupt+0x367/0x460
[  108.214448][ T7525]  x64_sys_call+0x2d4b/0x3000
[  108.214546][ T7525]  do_syscall_64+0xd2/0x200
[  108.214562][ T7525]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  108.214593][ T7525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.214622][ T7525] RIP: 0033:0x7f2c2a85b779
[  108.214639][ T7525] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  108.214727][ T7525] RSP: 002b:00007f2c2931ea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  108.214748][ T7525] RAX: ffffffffffffffda RBX: 00007f2c2ab15fa0 RCX: 00007f2c2a85b779
[  108.214762][ T7525] RDX: 00007f2c2931ea80 RSI: 00007f2c2931ebb0 RDI: 0000000000000021
[  108.214776][ T7525] RBP: 00007f2c2931f090 R08: 0000000000000000 R09: 0000000000000000
[  108.214790][ T7525] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[  108.214803][ T7525] R13: 00007f2c2ab16038 R14: 00007f2c2ab15fa0 R15: 00007ffdfea73ce8
[  108.214824][ T7525]  </TASK>
[  108.454040][ T3421] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  108.461780][ T3421] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  108.482012][ T7533] loop1: detected capacity change from 0 to 2048
[  108.494221][ T7533] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.518916][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.625915][ T7545] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  108.656636][ T7549] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  108.695244][ T7549] netlink: '+}[@': attribute type 3 has an invalid length.
[  108.799167][ T7551] 8021q: adding VLAN 0 to HW filter on device team0
[  108.830645][ T7551] 0�X���: left allmulticast mode
[  108.837598][ T7551] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  108.908576][ T7562] sd 0:0:1:0: device reset
[  108.913453][ T7566] FAULT_INJECTION: forcing a failure.
[  108.913453][ T7566] name failslab, interval 1, probability 0, space 0, times 0
[  108.926151][ T7566] CPU: 0 UID: 0 PID: 7566 Comm: syz.1.1403 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  108.926179][ T7566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  108.926193][ T7566] Call Trace:
[  108.926200][ T7566]  <TASK>
[  108.926258][ T7566]  __dump_stack+0x1d/0x30
[  108.926283][ T7566]  dump_stack_lvl+0xe8/0x140
[  108.926307][ T7566]  dump_stack+0x15/0x1b
[  108.926373][ T7566]  should_fail_ex+0x265/0x280
[  108.926396][ T7566]  should_failslab+0x8c/0xb0
[  108.926427][ T7566]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  108.926533][ T7566]  ? sidtab_sid2str_get+0xa0/0x130
[  108.926608][ T7566]  ? skb_put+0xa9/0xf0
[  108.926637][ T7566]  kmemdup_noprof+0x2b/0x70
[  108.926723][ T7566]  sidtab_sid2str_get+0xa0/0x130
[  108.926759][ T7566]  security_sid_to_context_core+0x1eb/0x2e0
[  108.926846][ T7566]  security_sid_to_context+0x27/0x40
[  108.926928][ T7566]  avc_audit_post_callback+0x9d/0x520
[  108.926966][ T7566]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  108.926999][ T7566]  common_lsm_audit+0x1bb/0x230
[  108.927030][ T7566]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  108.927070][ T7566]  ? avc_denied+0xe4/0x100
[  108.927092][ T7566]  slow_avc_audit+0x104/0x140
[  108.927181][ T7566]  avc_has_perm+0x13a/0x180
[  108.927202][ T7566]  selinux_socket_sendmsg+0x175/0x1b0
[  108.927227][ T7566]  security_socket_sendmsg+0x48/0x80
[  108.927330][ T7566]  __sock_sendmsg+0x30/0x180
[  108.927359][ T7566]  __sys_sendto+0x268/0x330
[  108.927405][ T7566]  __x64_sys_sendto+0x76/0x90
[  108.927513][ T7566]  x64_sys_call+0x2d14/0x3000
[  108.927561][ T7566]  do_syscall_64+0xd2/0x200
[  108.927580][ T7566]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  108.927667][ T7566]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  108.927703][ T7566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.927726][ T7566] RIP: 0033:0x7f2c2a8bf6c9
[  108.927740][ T7566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.927826][ T7566] RSP: 002b:00007f2c2931f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  108.927842][ T7566] RAX: ffffffffffffffda RBX: 00007f2c2ab15fa0 RCX: 00007f2c2a8bf6c9
[  108.927853][ T7566] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003
[  108.927863][ T7566] RBP: 00007f2c2931f090 R08: 00002000000000c0 R09: 0000000000000010
[  108.927875][ T7566] R10: 000000002000c8d4 R11: 0000000000000246 R12: 0000000000000001
[  108.927888][ T7566] R13: 00007f2c2ab16038 R14: 00007f2c2ab15fa0 R15: 00007ffdfea73ce8
[  108.927910][ T7566]  </TASK>
[  108.929011][ T7564] xt_CONNSECMARK: invalid mode: 66
[  109.073365][ T7556] loop3: detected capacity change from 0 to 512
[  109.108863][ T7573] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  109.198028][ T7573] SELinux: failed to load policy
[  109.238512][ T7580] loop4: detected capacity change from 0 to 2048
[  109.246694][ T7582] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  109.255796][ T7580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.267929][ T7580] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.419934][ T7601] FAULT_INJECTION: forcing a failure.
[  109.419934][ T7601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.433127][ T7601] CPU: 0 UID: 0 PID: 7601 Comm: syz.2.1416 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  109.433156][ T7601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  109.433170][ T7601] Call Trace:
[  109.433178][ T7601]  <TASK>
[  109.433185][ T7601]  __dump_stack+0x1d/0x30
[  109.433256][ T7601]  dump_stack_lvl+0xe8/0x140
[  109.433273][ T7601]  dump_stack+0x15/0x1b
[  109.433295][ T7601]  should_fail_ex+0x265/0x280
[  109.433317][ T7601]  should_fail+0xb/0x20
[  109.433336][ T7601]  should_fail_usercopy+0x1a/0x20
[  109.433411][ T7601]  _copy_to_iter+0xd2/0xe70
[  109.433439][ T7601]  ? __pfx_woken_wake_function+0x10/0x10
[  109.433471][ T7601]  tty_read+0x1a9/0x4a0
[  109.433568][ T7601]  ? __import_iovec+0x428/0x540
[  109.433598][ T7601]  do_iter_readv_writev+0x4a1/0x540
[  109.433669][ T7601]  vfs_readv+0x1ea/0x690
[  109.433752][ T7601]  do_readv+0xe7/0x210
[  109.433783][ T7601]  __x64_sys_readv+0x45/0x50
[  109.433835][ T7601]  x64_sys_call+0x29fc/0x3000
[  109.433909][ T7601]  do_syscall_64+0xd2/0x200
[  109.433926][ T7601]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  109.433992][ T7601]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  109.434025][ T7601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.434109][ T7601] RIP: 0033:0x7f0a8f3ef6c9
[  109.434124][ T7601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.434144][ T7601] RSP: 002b:00007f0a8de57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  109.434165][ T7601] RAX: ffffffffffffffda RBX: 00007f0a8f645fa0 RCX: 00007f0a8f3ef6c9
[  109.434179][ T7601] RDX: 0000000000000001 RSI: 00002000000013c0 RDI: 0000000000000004
[  109.434193][ T7601] RBP: 00007f0a8de57090 R08: 0000000000000000 R09: 0000000000000000
[  109.434241][ T7601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.434252][ T7601] R13: 00007f0a8f646038 R14: 00007f0a8f645fa0 R15: 00007fffde82d548
[  109.434272][ T7601]  </TASK>
[  109.552518][ T7598] lo speed is unknown, defaulting to 1000
[  109.641805][ T7598] lo speed is unknown, defaulting to 1000
[  109.652190][ T7612] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  109.661467][ T7612] SELinux: failed to load policy
[  109.709513][   T31] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:1: bg 0: block 345: padding at end of block bitmap is not set
[  109.726458][   T31] EXT4-fs (loop4): Remounting filesystem read-only
[  109.733041][   T52] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  109.754756][ T7616] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  109.807281][   T29] kauditd_printk_skb: 233 callbacks suppressed
[  109.807299][   T29] audit: type=1400 audit(1762400023.616:6355): avc:  denied  { execmem } for  pid=7623 comm="syz.0.1427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  109.834133][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.863073][   T29] audit: type=1400 audit(1762400023.646:6356): avc:  denied  { create } for  pid=7619 comm="syz.1.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  109.882499][ T7628] loop3: detected capacity change from 0 to 2048
[  109.888867][   T29] audit: type=1400 audit(1762400023.656:6357): avc:  denied  { write } for  pid=7619 comm="syz.1.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  109.935801][ T7628] Alternate GPT is invalid, using primary GPT.
[  109.942092][ T7628]  loop3: p1 p2 p3
[  109.945889][ T7628] loop3: partition table partially beyond EOD, truncated
[  109.987191][ T7634] xt_CONNSECMARK: invalid mode: 66
[  110.001374][ T7636] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  110.032972][   T29] audit: type=1400 audit(1762400023.836:6358): avc:  denied  { nlmsg_write } for  pid=7623 comm="syz.0.1427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.058934][   T29] audit: type=1400 audit(1762400023.866:6359): avc:  denied  { create } for  pid=7640 comm="syz.2.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  110.080387][   T29] audit: type=1400 audit(1762400023.886:6360): avc:  denied  { write } for  pid=7640 comm="syz.2.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  110.100451][   T29] audit: type=1400 audit(1762400023.886:6361): avc:  denied  { read } for  pid=7640 comm="syz.2.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  110.140911][ T7643] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  110.173530][ T7649] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  110.173537][ T7647] __nla_validate_parse: 13 callbacks suppressed
[  110.173550][ T7647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1434'.
[  110.182542][ T7649] SELinux: failed to load policy
[  110.210173][   T29] audit: type=1400 audit(1762400024.016:6362): avc:  denied  { create } for  pid=7650 comm="syz.1.1437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  110.233896][ T3421] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[  110.253118][ T3421] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  110.323138][ T7658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1440'.
[  110.332107][ T7658] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1440'.
[  110.341195][ T7658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1440'.
[  110.350115][ T7658] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1440'.
[  110.389773][ T7658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1440'.
[  110.415538][ T7658] netlink: 8 bytes leftover after parsing attributes in process `wޣ��'.
[  110.424083][ T7658] netlink: 4 bytes leftover after parsing attributes in process `wޣ��'.
[  110.489195][   T29] audit: type=1400 audit(1762400024.296:6363): avc:  denied  { read write } for  pid=7662 comm="syz.2.1441" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  110.513438][   T29] audit: type=1400 audit(1762400024.296:6364): avc:  denied  { open } for  pid=7662 comm="syz.2.1441" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  110.566220][ T7654] loop4: detected capacity change from 0 to 512
[  110.606028][ T7654] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1438: bad orphan inode 11862016
[  110.637627][ T7654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  110.650375][ T7654] ext4 filesystem being mounted at /244/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.661296][ T7656] loop1: detected capacity change from 0 to 512
[  110.698235][ T7656] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1439: bad orphan inode 11862016
[  110.709282][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  110.722446][ T7656] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  110.741379][ T7656] ext4 filesystem being mounted at /288/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.832177][ T7692] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1451'.
[  110.855913][ T7694] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  110.876033][ T7694] SELinux: failed to load policy
[  110.925991][ T7699] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  111.005388][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  111.227127][ T7720] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  111.245853][ T7720] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  111.258382][ T7720] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  111.269937][ T7713] lo speed is unknown, defaulting to 1000
[  111.276487][ T7713] lo speed is unknown, defaulting to 1000
[  111.359900][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1466'.
[  111.375670][ T7733] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  111.385063][ T7733] SELinux: failed to load policy
[  111.393455][ T1034] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[  111.401593][ T1034] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  111.432701][ T7737] loop3: detected capacity change from 0 to 128
[  111.442987][ T7737] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  111.450886][ T7737] FAT-fs (loop3): Filesystem has been set read-only
[  111.482426][ T7741] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  111.483305][ T7737] +\{]: attempt to access beyond end of device
[  111.483305][ T7737] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  111.507494][ T7737] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  111.515601][ T7737] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  111.542963][ T7737] +\{]: attempt to access beyond end of device
[  111.542963][ T7737] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  111.558291][ T7737] +\{]: attempt to access beyond end of device
[  111.558291][ T7737] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  111.601120][ T7737] +\{]: attempt to access beyond end of device
[  111.601120][ T7737] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  111.614263][ T7745] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  111.923395][ T7758] loop9: detected capacity change from 0 to 7
[  111.935181][ T7758] Buffer I/O error on dev loop9, logical block 0, async page read
[  111.956467][ T7758] Buffer I/O error on dev loop9, logical block 0, async page read
[  111.964437][ T7758]  loop9: unable to read partition table
[  111.982254][ T7758] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  111.982254][ T7758] 
) failed (rc=-5)
[  112.084336][   T52] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  112.211836][ T7782] FAULT_INJECTION: forcing a failure.
[  112.211836][ T7782] name failslab, interval 1, probability 0, space 0, times 0
[  112.224533][ T7782] CPU: 1 UID: 0 PID: 7782 Comm: syz.4.1483 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  112.224567][ T7782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  112.224582][ T7782] Call Trace:
[  112.224588][ T7782]  <TASK>
[  112.224596][ T7782]  __dump_stack+0x1d/0x30
[  112.224682][ T7782]  dump_stack_lvl+0xe8/0x140
[  112.224710][ T7782]  dump_stack+0x15/0x1b
[  112.224734][ T7782]  should_fail_ex+0x265/0x280
[  112.224773][ T7782]  ? alloc_pipe_info+0xae/0x350
[  112.224809][ T7782]  should_failslab+0x8c/0xb0
[  112.224839][ T7782]  __kmalloc_cache_noprof+0x4c/0x4a0
[  112.224919][ T7782]  alloc_pipe_info+0xae/0x350
[  112.224989][ T7782]  splice_direct_to_actor+0x592/0x680
[  112.225016][ T7782]  ? kstrtouint_from_user+0x9f/0xf0
[  112.225043][ T7782]  ? __pfx_direct_splice_actor+0x10/0x10
[  112.225147][ T7782]  ? __rcu_read_unlock+0x4f/0x70
[  112.225183][ T7782]  ? get_pid_task+0x96/0xd0
[  112.225212][ T7782]  ? avc_policy_seqno+0x15/0x30
[  112.225301][ T7782]  ? selinux_file_permission+0x1e4/0x320
[  112.225364][ T7782]  do_splice_direct+0xda/0x150
[  112.225396][ T7782]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  112.225426][ T7782]  do_sendfile+0x380/0x650
[  112.225501][ T7782]  __x64_sys_sendfile64+0x105/0x150
[  112.225537][ T7782]  x64_sys_call+0x2bb4/0x3000
[  112.225564][ T7782]  do_syscall_64+0xd2/0x200
[  112.225668][ T7782]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  112.225707][ T7782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.225736][ T7782] RIP: 0033:0x7f7b8b21f6c9
[  112.225755][ T7782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.225791][ T7782] RSP: 002b:00007f7b89c5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  112.225842][ T7782] RAX: ffffffffffffffda RBX: 00007f7b8b476090 RCX: 00007f7b8b21f6c9
[  112.225860][ T7782] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000009
[  112.225874][ T7782] RBP: 00007f7b89c5e090 R08: 0000000000000000 R09: 0000000000000000
[  112.225912][ T7782] R10: 000000040000f63c R11: 0000000000000246 R12: 0000000000000001
[  112.225929][ T7782] R13: 00007f7b8b476128 R14: 00007f7b8b476090 R15: 00007ffeb9513308
[  112.225973][ T7782]  </TASK>
[  112.469903][ T7776] loop4: detected capacity change from 0 to 1024
[  112.486987][ T7776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.500784][ T7792] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  112.509852][ T7792] SELinux: failed to load policy
[  112.525261][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.567070][ T7802] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  112.576408][ T7802] SELinux: failed to load policy
[  112.626459][ T7812] xt_CONNSECMARK: invalid mode: 66
[  112.647968][ T7816] loop3: detected capacity change from 0 to 128
[  112.656592][ T7816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  112.664459][ T7816] FAT-fs (loop3): Filesystem has been set read-only
[  112.671443][ T7816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  112.679339][ T7816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  112.703785][ T3394] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[  112.714551][ T3394] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  112.753589][ T7822] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  112.762720][ T7822] SELinux: failed to load policy
[  112.786886][ T7827] xt_CONNSECMARK: invalid mode: 66
[  112.831582][ T7825] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  112.864112][ T7830] loop4: detected capacity change from 0 to 1024
[  112.935586][ T7830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.989664][ T7840] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  112.998740][ T7840] SELinux: failed to load policy
[  113.052905][ T7816] bio_check_eod: 23116 callbacks suppressed
[  113.052925][ T7816] +\{]: attempt to access beyond end of device
[  113.052925][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.072455][ T7816] +\{]: attempt to access beyond end of device
[  113.072455][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.089884][ T7816] +\{]: attempt to access beyond end of device
[  113.089884][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.102946][ T7816] +\{]: attempt to access beyond end of device
[  113.102946][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.115995][ T7816] +\{]: attempt to access beyond end of device
[  113.115995][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.138694][ T7816] +\{]: attempt to access beyond end of device
[  113.138694][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.151562][ T7816] +\{]: attempt to access beyond end of device
[  113.151562][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.175193][ T7816] +\{]: attempt to access beyond end of device
[  113.175193][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.207421][ T7816] +\{]: attempt to access beyond end of device
[  113.207421][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.230632][ T7851] xt_CONNSECMARK: invalid mode: 66
[  113.241045][ T7816] +\{]: attempt to access beyond end of device
[  113.241045][ T7816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  113.271813][ T3394] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  113.279905][ T3394] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  113.303334][ T7855] loop1: detected capacity change from 0 to 2048
[  113.356887][ T7859] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  113.373125][ T7859] SELinux: failed to load policy
[  113.414517][ T7861] sd 0:0:1:0: device reset
[  113.494519][ T7855] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.530468][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.568008][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.574174][ T7871] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  113.586138][ T7871] SELinux: failed to load policy
[  113.629741][ T1469] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  113.657203][ T7880] loop3: detected capacity change from 0 to 2048
[  113.674071][ T7877] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1518' sets config #0
[  113.704799][ T7880] Alternate GPT is invalid, using primary GPT.
[  113.711145][ T7880]  loop3: p1 p2 p3
[  113.715048][ T7880] loop3: partition table partially beyond EOD, truncated
[  113.741794][ T7885] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1518' sets config #1
[  113.804559][ T7885] lo speed is unknown, defaulting to 1000
[  113.810619][ T7885] lo speed is unknown, defaulting to 1000
[  113.928063][ T7895] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  113.937274][ T7895] SELinux: failed to load policy
[  113.981858][ T7899] sd 0:0:1:0: device reset
[  114.008508][ T3394] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  114.018839][ T3394] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  114.191661][ T7903] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  114.207408][ T3394] lo speed is unknown, defaulting to 1000
[  114.244181][ T7909] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  114.253267][ T7909] SELinux: failed to load policy
[  114.447416][ T7925] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  114.516986][ T7932] loop9: detected capacity change from 0 to 7
[  114.526835][ T7932] Buffer I/O error on dev loop9, logical block 0, async page read
[  114.542240][ T7932] Buffer I/O error on dev loop9, logical block 0, async page read
[  114.550184][ T7932]  loop9: unable to read partition table
[  114.573093][ T7932] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  114.573093][ T7932] 
) failed (rc=-5)
[  114.649905][ T3459] Bluetooth: hci0: Frame reassembly failed (-84)
[  114.821875][ T7939] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  114.841994][   T29] kauditd_printk_skb: 375 callbacks suppressed
[  114.842007][   T29] audit: type=1326 audit(1762400028.646:6738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.873825][   T29] audit: type=1326 audit(1762400028.676:6739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.897337][   T29] audit: type=1326 audit(1762400028.676:6740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.920885][   T29] audit: type=1326 audit(1762400028.676:6741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.944344][   T29] audit: type=1326 audit(1762400028.676:6742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.967784][   T29] audit: type=1326 audit(1762400028.676:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  114.991254][   T29] audit: type=1326 audit(1762400028.676:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  115.014668][   T29] audit: type=1326 audit(1762400028.686:6745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  115.038061][   T29] audit: type=1326 audit(1762400028.686:6746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  115.061530][   T29] audit: type=1326 audit(1762400028.686:6747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7938 comm="syz.1.1541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c2a8bf6c9 code=0x7ffc0000
[  115.168585][ T7948] sd 0:0:1:0: device reset
[  115.225401][ T7950] loop4: detected capacity change from 0 to 2048
[  115.264139][ T7950] Alternate GPT is invalid, using primary GPT.
[  115.265957][ T3459] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  115.270440][ T7950]  loop4: p1 p2 p3
[  115.283223][ T7950] loop4: partition table partially beyond EOD, truncated
[  115.290767][ T7963] loop1: detected capacity change from 0 to 2048
[  115.333867][ T7963] Alternate GPT is invalid, using primary GPT.
[  115.340154][ T7963]  loop1: p1 p2 p3
[  115.343930][ T7963] loop1: partition table partially beyond EOD, truncated
[  115.362379][ T7966] loop3: detected capacity change from 0 to 512
[  115.391656][ T7966] FAULT_INJECTION: forcing a failure.
[  115.391656][ T7966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.394970][ T7968] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1550' sets config #0
[  115.404754][ T7966] CPU: 0 UID: 0 PID: 7966 Comm: syz.3.1549 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  115.404908][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  115.404924][ T7966] Call Trace:
[  115.404931][ T7966]  <TASK>
[  115.404939][ T7966]  __dump_stack+0x1d/0x30
[  115.404968][ T7966]  dump_stack_lvl+0xe8/0x140
[  115.404993][ T7966]  dump_stack+0x15/0x1b
[  115.405015][ T7966]  should_fail_ex+0x265/0x280
[  115.405040][ T7966]  should_fail+0xb/0x20
[  115.405109][ T7966]  should_fail_usercopy+0x1a/0x20
[  115.405135][ T7966]  _copy_from_user+0x1c/0xb0
[  115.405167][ T7966]  get_nodes+0x104/0x290
[  115.405236][ T7966]  __se_sys_migrate_pages+0x4c/0x320
[  115.405264][ T7966]  __x64_sys_migrate_pages+0x55/0x70
[  115.405288][ T7966]  x64_sys_call+0x24d6/0x3000
[  115.405315][ T7966]  do_syscall_64+0xd2/0x200
[  115.405367][ T7966]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  115.405401][ T7966]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  115.405444][ T7966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.405489][ T7966] RIP: 0033:0x7f86dd46f6c9
[  115.405507][ T7966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.405529][ T7966] RSP: 002b:00007f86dbecf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[  115.405552][ T7966] RAX: ffffffffffffffda RBX: 00007f86dd6c5fa0 RCX: 00007f86dd46f6c9
[  115.405567][ T7966] RDX: 0000200000000200 RSI: 00000000000000fc RDI: 0000000000000000
[  115.405639][ T7966] RBP: 00007f86dbecf090 R08: 0000000000000000 R09: 0000000000000000
[  115.405654][ T7966] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  115.405669][ T7966] R13: 00007f86dd6c6038 R14: 00007f86dd6c5fa0 R15: 00007ffeaf22c658
[  115.405692][ T7966]  </TASK>
[  115.588646][ T7972] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1550' sets config #1
[  115.630790][ T7973] lo speed is unknown, defaulting to 1000
[  115.638198][ T7973] lo speed is unknown, defaulting to 1000
[  115.725886][ T7979] loop4: detected capacity change from 0 to 512
[  115.735749][ T7979] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c018, mo2=0002]
[  115.755470][ T7979] EXT4-fs (loop4): orphan cleanup on readonly fs
[  115.782478][ T7979] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  115.797346][ T7979] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  115.800566][ T7986] loop3: detected capacity change from 0 to 1024
[  115.811276][ T7986] EXT4-fs: Ignoring removed orlov option
[  115.815437][ T7979] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #13: comm syz.4.1553: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  115.819240][ T7986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.852559][ T7979] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1553: couldn't read orphan inode 13 (err -117)
[  115.860517][ T7986] SELinux: failed to load policy
[  115.864987][ T7979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  115.892382][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.916610][ T7994] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  115.931477][ T7994] SELinux: failed to load policy
[  115.962531][ T7998] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=44 sclass=netlink_audit_socket pid=7998 comm=syz.2.1561
[  115.975290][ T8001] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  115.996418][ T8001] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c018, mo2=0002]
[  116.009269][ T8001] EXT4-fs warning (device loop4): read_mmp_block:115: Error -117 while reading MMP block 8
[  116.034400][ T7979] cgroup: fork rejected by pids controller in /syz4
[  116.218174][ T8354] loop5: detected capacity change from 0 to 8583
[  116.237938][ T8354] loop5: detected capacity change from 8583 to 10095
[  116.465007][ T8736] loop5: detected capacity change from 10095 to 32767
[  116.526656][ T8787] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1568' sets config #0
[  116.607573][ T8994] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1568' sets config #1
[  116.656716][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.675909][ T8787] lo speed is unknown, defaulting to 1000
[  116.682277][ T8787] lo speed is unknown, defaulting to 1000
[  116.722980][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  116.723218][ T3514] Bluetooth: hci0: command 0x1003 tx timeout
[  116.800585][ T9001] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  116.830741][ T9003] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  116.832451][ T9005] FAULT_INJECTION: forcing a failure.
[  116.832451][ T9005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.852752][ T9005] CPU: 0 UID: 0 PID: 9005 Comm: syz.2.1570 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  116.852775][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  116.852787][ T9005] Call Trace:
[  116.852792][ T9005]  <TASK>
[  116.852798][ T9005]  __dump_stack+0x1d/0x30
[  116.852899][ T9005]  dump_stack_lvl+0xe8/0x140
[  116.852919][ T9005]  dump_stack+0x15/0x1b
[  116.853090][ T9005]  should_fail_ex+0x265/0x280
[  116.853113][ T9005]  should_fail+0xb/0x20
[  116.853131][ T9005]  should_fail_usercopy+0x1a/0x20
[  116.853154][ T9005]  _copy_to_user+0x20/0xa0
[  116.853176][ T9005]  simple_read_from_buffer+0xb5/0x130
[  116.853241][ T9005]  proc_fail_nth_read+0x10e/0x150
[  116.853274][ T9005]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.853300][ T9005]  vfs_read+0x1a8/0x770
[  116.853326][ T9005]  ? __rcu_read_unlock+0x4f/0x70
[  116.853351][ T9005]  ? __fget_files+0x184/0x1c0
[  116.853418][ T9005]  ksys_read+0xda/0x1a0
[  116.853479][ T9005]  __x64_sys_read+0x40/0x50
[  116.853570][ T9005]  x64_sys_call+0x27c0/0x3000
[  116.853589][ T9005]  do_syscall_64+0xd2/0x200
[  116.853620][ T9005]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  116.853644][ T9005]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  116.853750][ T9005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.853768][ T9005] RIP: 0033:0x7f0a8f3ee0dc
[  116.853780][ T9005] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  116.853799][ T9005] RSP: 002b:00007f0a8de57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.853818][ T9005] RAX: ffffffffffffffda RBX: 00007f0a8f645fa0 RCX: 00007f0a8f3ee0dc
[  116.853889][ T9005] RDX: 000000000000000f RSI: 00007f0a8de570a0 RDI: 0000000000000004
[  116.853899][ T9005] RBP: 00007f0a8de57090 R08: 0000000000000000 R09: 0000000000000000
[  116.853909][ T9005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.853919][ T9005] R13: 00007f0a8f646038 R14: 00007f0a8f645fa0 R15: 00007fffde82d548
[  116.853937][ T9005]  </TASK>
[  117.177328][ T9015] loop1: detected capacity change from 0 to 1024
[  117.195889][ T9015] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.220718][ T9015] netlink: 'syz.1.1576': attribute type 13 has an invalid length.
[  117.283406][ T9025] __nla_validate_parse: 1 callbacks suppressed
[  117.283419][ T9025] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1574'.
[  117.448923][ T9029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'.
[  117.457911][ T9029] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1581'.
[  117.467003][ T9029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'.
[  117.475915][ T9029] netlink: 348 bytes leftover after parsing attributes in process `syz.2.1581'.
[  117.589204][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.639616][ T9029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'.
[  117.649170][ T9034] netlink: 8 bytes leftover after parsing attributes in process `wޣ��'.
[  117.657737][ T9034] netlink: 4 bytes leftover after parsing attributes in process `wޣ��'.
[  117.690754][ T9037] sd 0:0:1:0: device reset
[  117.795746][ T9047] loop9: detected capacity change from 0 to 7
[  117.813824][ T9047] Buffer I/O error on dev loop9, logical block 0, async page read
[  117.828670][ T9054] loop3: detected capacity change from 0 to 128
[  117.832016][ T9047] Buffer I/O error on dev loop9, logical block 0, async page read
[  117.842781][ T9047]  loop9: unable to read partition table
[  117.855662][ T9054] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  117.863719][ T9054] FAT-fs (loop3): Filesystem has been set read-only
[  117.870363][ T9054] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  117.878283][ T9054] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  117.886303][ T9047] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  117.886303][ T9047] 
) failed (rc=-5)
[  117.913412][ T9052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1589'.
[  117.946313][ T9052] bridge0: entered promiscuous mode
[  117.955020][ T9052] macsec1: entered allmulticast mode
[  117.960326][ T9052] bridge0: entered allmulticast mode
[  117.969483][ T9052] bridge0: port 3(macsec1) entered blocking state
[  117.976228][ T9052] bridge0: port 3(macsec1) entered disabled state
[  117.984321][ T9052] bridge0: left allmulticast mode
[  117.989456][ T9052] bridge0: left promiscuous mode
[  118.062921][ T9054] bio_check_eod: 9999 callbacks suppressed
[  118.062998][ T9054] +\{]: attempt to access beyond end of device
[  118.062998][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.132537][ T9061] loop4: detected capacity change from 0 to 1024
[  118.145499][ T9054] +\{]: attempt to access beyond end of device
[  118.145499][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.171513][ T9061] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.202981][ T9054] +\{]: attempt to access beyond end of device
[  118.202981][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.215779][ T9063] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  118.223359][ T9054] +\{]: attempt to access beyond end of device
[  118.223359][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.236485][ T9054] +\{]: attempt to access beyond end of device
[  118.236485][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.249418][ T9054] +\{]: attempt to access beyond end of device
[  118.249418][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.262272][ T9054] +\{]: attempt to access beyond end of device
[  118.262272][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.275180][ T9054] +\{]: attempt to access beyond end of device
[  118.275180][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.275665][ T9061] netlink: 'syz.4.1594': attribute type 13 has an invalid length.
[  118.288016][ T9054] +\{]: attempt to access beyond end of device
[  118.288016][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.308669][ T9054] +\{]: attempt to access beyond end of device
[  118.308669][ T9054] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[  118.397147][ T9061] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.404521][ T9061] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.466613][ T9061] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  118.468260][ T9075] sd 0:0:1:0: device reset
[  118.486168][ T9061] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  118.685365][ T1034] lo speed is unknown, defaulting to 1000
[  118.691149][ T1034] syz2: Port: 1 Link DOWN
[  118.696329][ T9072] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  118.758629][ T9086] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1599'.
[  118.813311][ T3459] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  118.844172][ T9094] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  118.844275][ T9094] sel_write_load: 2 callbacks suppressed
[  118.844284][ T9094] SELinux: failed to load policy
[  118.887058][ T3459] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  118.955301][ T3459] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.025833][ T3459] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.093755][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.110403][ T3459] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  119.147398][ T9109] loop4: detected capacity change from 0 to 2048
[  119.174530][ T9109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.186806][ T9110] loop3: detected capacity change from 0 to 2048
[  119.188564][ T9109] ext4 filesystem being mounted at /273/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  119.246604][ T9119] netlink: 'syz.2.1609': attribute type 13 has an invalid length.
[  119.255907][ T9110] Alternate GPT is invalid, using primary GPT.
[  119.262196][ T9110]  loop3: p1 p2 p3
[  119.266008][ T9110] loop3: partition table partially beyond EOD, truncated
[  119.306031][ T9119] macsec1: entered allmulticast mode
[  119.311433][ T9119] bridge0: entered allmulticast mode
[  119.317387][ T9119] bridge0: port 3(macsec1) entered blocking state
[  119.323905][ T9119] bridge0: port 3(macsec1) entered disabled state
[  119.331724][ T9119] bridge0: left allmulticast mode
[  119.424772][   T52] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:3: bg 0: block 345: padding at end of block bitmap is not set
[  119.444187][   T52] EXT4-fs (loop4): Remounting filesystem read-only
[  119.450844][   T37] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  119.451447][   T23] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  119.483655][   T23] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  119.517842][ T9125] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  119.527020][ T9125] SELinux: failed to load policy
[  119.556422][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.833006][   T10] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0
[  119.848022][ T9149] loop4: detected capacity change from 0 to 2048
[  119.855393][   T10] hid-generic 0000:0000:0000.0020: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  119.893830][ T9149] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.907558][ T9156] xt_CONNSECMARK: invalid mode: 66
[  119.915597][   T29] kauditd_printk_skb: 332 callbacks suppressed
[  119.915611][   T29] audit: type=1400 audit(1762400033.726:7080): avc:  denied  { create } for  pid=9154 comm="syz.1.1625" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  119.942708][   T29] audit: type=1400 audit(1762400033.726:7081): avc:  denied  { read } for  pid=9154 comm="syz.1.1625" name="file0" dev="tmpfs" ino=1801 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  119.965095][   T29] audit: type=1400 audit(1762400033.726:7082): avc:  denied  { open } for  pid=9154 comm="syz.1.1625" path="/325/file0" dev="tmpfs" ino=1801 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  119.990000][   T29] audit: type=1400 audit(1762400033.726:7083): avc:  denied  { unlink } for  pid=3321 comm="syz-executor" name="file0" dev="tmpfs" ino=1855 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  119.993118][   T29] audit: type=1400 audit(1762400033.796:7084): avc:  denied  { write } for  pid=9157 comm="syz.2.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.993196][   T29] audit: type=1400 audit(1762400033.796:7085): avc:  denied  { name_connect } for  pid=9157 comm="syz.2.1627" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  120.021346][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.095404][   T29] audit: type=1400 audit(1762400033.896:7086): avc:  denied  { unlink } for  pid=3313 comm="syz-executor" name="file0" dev="tmpfs" ino=1801 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  120.120009][   T29] audit: type=1400 audit(1762400033.916:7087): avc:  denied  { create } for  pid=9165 comm="syz.3.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  120.140076][   T29] audit: type=1400 audit(1762400033.916:7088): avc:  denied  { write } for  pid=9165 comm="syz.3.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  120.160122][   T29] audit: type=1400 audit(1762400033.916:7089): avc:  denied  { read } for  pid=9165 comm="syz.3.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  120.183100][ T9169] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  120.184542][ T9174] No such timeout policy "syz1"
[  120.260877][ T9185] wireguard0: entered promiscuous mode
[  120.266458][ T9185] wireguard0: entered allmulticast mode
[  120.327578][ T3459] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  120.337074][ T9188] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  120.345993][ T9193] loop3: detected capacity change from 0 to 2048
[  120.362588][ T9196] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  120.365037][ T9193] Alternate GPT is invalid, using primary GPT.
[  120.376295][ T9193]  loop3: p1 p2 p3
[  120.380075][ T9193] loop3: partition table partially beyond EOD, truncated
[  120.516400][ T9213] sd 0:0:1:0: device reset
[  120.554682][ T9218] tmpfs: Bad value for 'mpol'
[  120.560243][ T9218] netlink: 'syz.4.1641': attribute type 29 has an invalid length.
[  120.571090][ T9218] netlink: 'syz.4.1641': attribute type 29 has an invalid length.
[  120.630179][ T9225] loop9: detected capacity change from 0 to 7
[  120.636868][ T9225] Buffer I/O error on dev loop9, logical block 0, async page read
[  120.646220][   T23] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  120.663300][   T23] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  120.673604][ T9223] loop3: detected capacity change from 0 to 2048
[  120.680134][ T9208] loop1: detected capacity change from 0 to 512
[  120.682918][ T9225] Buffer I/O error on dev loop9, logical block 0, async page read
[  120.694273][ T9225]  loop9: unable to read partition table
[  120.700038][ T9225] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  120.700038][ T9225] 
) failed (rc=-5)
[  120.729662][ T9223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.746680][ T9208] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1643: bad orphan inode 11862016
[  120.758339][ T9208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  120.791456][ T9208] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  120.809017][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.838301][ T9238] SELinux:  policydb version 1905296526 does not match my version range 15-35
[  120.858261][ T9238] SELinux: failed to load policy
[  120.907241][ T9247] sd 0:0:1:0: device reset
[  120.932563][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  120.950100][ T9253] loop3: detected capacity change from 0 to 512
[  120.956928][ T9253] ext4: Unknown parameter 'fsuuid'
[  120.972275][ T9242] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  120.972302][ T1469] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  120.972419][ T9242] ==================================================================
[  120.972450][ T9242] BUG: KCSAN: data-race in data_push_tail / vsnprintf
[  120.972479][ T9242] 
[  120.972485][ T9242] write to 0xffffffff88e72b2b of 54 bytes by task 1469 on cpu 0:
[  120.972500][ T9242]  vsnprintf+0x2ce/0x890
[  120.972526][ T9242]  vscnprintf+0x41/0x90
[  120.972553][ T9242]  printk_sprint+0x30/0x2d0
[  120.972576][ T9242]  vprintk_store+0x599/0x860
[  120.972609][ T9242]  vprintk_emit+0x10d/0x580
[  120.972631][ T9242]  vprintk_default+0x26/0x30
[  120.972654][ T9242]  vprintk+0x1d/0x30
[  120.972690][ T9242]  _printk+0x79/0xa0
[  120.972720][ T9242]  nci_add_new_protocol+0x323/0x370
[  120.972745][ T9242]  nci_ntf_packet+0xf5e/0x1740
[  120.972765][ T9242]  nci_rx_work+0x1e5/0x2c0
[  120.972783][ T9242]  process_scheduled_works+0x4ce/0x9d0
[  120.972813][ T9242]  worker_thread+0x582/0x770
[  120.972829][ T9242]  kthread+0x489/0x510
[  120.972850][ T9242]  ret_from_fork+0x122/0x1b0
[  120.972875][ T9242]  ret_from_fork_asm+0x1a/0x30
[  120.972902][ T9242] 
[  120.972910][ T9242] read to 0xffffffff88e72b30 of 8 bytes by task 9242 on cpu 1:
[  120.972929][ T9242]  data_push_tail+0xfd/0x420
[  120.972952][ T9242]  data_alloc+0xfb/0x2e0
[  120.972971][ T9242]  prb_reserve+0x807/0xaf0
[  120.972988][ T9242]  vprintk_store+0x56d/0x860
[  120.973011][ T9242]  vprintk_emit+0x10d/0x580
[  120.973034][ T9242]  vprintk_default+0x26/0x30
[  120.973056][ T9242]  vprintk+0x1d/0x30
[  120.973084][ T9242]  _printk+0x79/0xa0
[  120.973112][ T9242]  nci_dev_up+0x3ee/0x8f0
[  120.973132][ T9242]  nfc_dev_up+0x103/0x1b0
[  120.973156][ T9242]  nfc_genl_dev_up+0x53/0x90
[  120.973172][ T9242]  genl_family_rcv_msg_doit+0x143/0x1b0
[  120.973198][ T9242]  genl_rcv_msg+0x422/0x460
[  120.973221][ T9242]  netlink_rcv_skb+0x123/0x220
[  120.973252][ T9242]  genl_rcv+0x28/0x40
[  120.973271][ T9242]  netlink_unicast+0x5c0/0x690
[  120.973295][ T9242]  netlink_sendmsg+0x58b/0x6b0
[  120.973310][ T9242]  __sock_sendmsg+0x145/0x180
[  120.973331][ T9242]  ____sys_sendmsg+0x31e/0x4e0
[  120.973359][ T9242]  ___sys_sendmsg+0x17b/0x1d0
[  120.973373][ T9242]  __x64_sys_sendmsg+0xd4/0x160
[  120.973390][ T9242]  x64_sys_call+0x191e/0x3000
[  120.973411][ T9242]  do_syscall_64+0xd2/0x200
[  120.973429][ T9242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.973448][ T9242] 
[  120.973452][ T9242] value changed: 0x00000000ffffe892 -> 0x6f66207465677261
[  120.973462][ T9242] 
[  120.973466][ T9242] Reported by Kernel Concurrency Sanitizer on:
[  120.973476][ T9242] CPU: 1 UID: 0 PID: 9242 Comm: syz.0.1655 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  120.973501][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  120.973515][ T9242] ==================================================================
[  120.982562][ T9253] loop3: detected capacity change from 0 to 2048
[  121.274364][ T9253] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.300318][ T9253] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  121.317823][ T9253] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.