last executing test programs:

3.572958455s ago: executing program 1 (id=671):
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd'])
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x10, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x6, 0x3}, 0x0, 0x32, 0x43a1bd56, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x66c}, 0x104101, 0x4, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r4, &(0x7f00000004c0)=[{&(0x7f0000000580)=""/152, 0x98}], 0x1)
readv(r4, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/215, 0xd7}], 0x1)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0x10)
io_setup(0x8f0, &(0x7f0000002400)=<r9=>0x0)
io_getevents(r9, 0x0, 0x0, 0x0, 0x0)
r10 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r10, 0x0, 0x29, 0x0, 0x40000)
setsockopt$netlink_NETLINK_RX_RING(r7, 0x10e, 0x6, &(0x7f0000000140)={0x7, 0x1, 0xfffffffa, 0x3}, 0x10)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r11, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x478, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0x0, 0xff, 0xff], [0xffffffff, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x2, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x1000000, 0x1, 0x1, 'syz0\x00', 0xfe}}, @common=@mh={{0x28}, {"b11c", 0x1}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8)
sendto$x25(0xffffffffffffffff, &(0x7f00000000c0)="79c021f2326c10bfeb8f32b0b7f2158a114f4f2b19c53c39730455c2cdf15e50af8cb9e4190dec54b9e4ac1b4d57c6964cd88c44f34b752e83e1c4a6fe21bff519051407b914f3c14c027e9baab0", 0x4e, 0x8010, &(0x7f0000000040)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x12)

2.365317708s ago: executing program 1 (id=690):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005304000327bd707532a738255d648c72cd4413ce6081e633"], 0x1c}, 0x1, 0x0, 0x0, 0x24004090}, 0x45)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, 0xffffffffffffffff, 0x0)
r5 = socket(0x10, 0x3, 0x0)
connect$netlink(r5, &(0x7f0000000300)=@proc={0x10, 0x0, 0x25dfdffc}, 0xc)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r8 = dup3(r3, r7, 0x80000)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x38, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x0, 0x63}}}}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x7}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4010}, 0x24000011)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000805}, 0x0)
r11 = gettid()
process_vm_writev(r11, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x41100, 0x69, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd291}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r12}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
munmap(&(0x7f00002f5000/0xc00000)=nil, 0xc00000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

2.296627681s ago: executing program 1 (id=694):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="08000000040000000400000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, <r2=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r2, &(0x7f00000000c0)}, 0x20)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x2000, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000680003806400dec6080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001006c696d69740000002400028008000440000000010c00024000000000000000000c0001"], 0x118}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x0, 0x2, 0x2, 0x4}, 0x20)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\a\x00\x00\x00'], 0x48)
r6 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, @perf_bp={0x0, 0xd}, 0x900, 0x3, 0x0, 0x7, 0x0, 0x1007}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r7}, &(0x7f0000000180), &(0x7f00000001c0)=r6}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r8, 0x0, 0x8000000000}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x545, &(0x7f0000001300)="$eJzs3c9vHFcdAPDvrL2Okzi1CxygUktFi5IKshvXtLU4lCIhOFVClHsw9saysvZG9rqNrQo2fwESQoDECS5ckPgDkFAkLhwRUiQ4g1QEQpCCBIfSQbM7G5v1rL0xa2+8/nykybw3v77f5/iNZ3aeZgM4t56PiDci4sM0TV+KiNl8eSmfotWZsu3ef/jucjYlkaZv/S2JJF+WbZamado95uV8t+mI+NpXIr6Z7As4nc93dm8v1eu1zbxaba7fqW7t7F5fW19ara3WNhYW5l9dfG3xlcUbQ2nnlYh4/Ut/+v53fvrl13/52Xf+ePMv176VpTWTr++24xgmD1vZaXr5wnTPDpvHDPYkytpT/iCvXBxsn3snmRAAAH1l1/gfiYhPRcRLMRsTh1/OAgAAAGdQ+oWZ+CDpPL8rMNVnOQAAAHCGlNpjYJNSJR8LMBOlUqXSGcP7sbhUqje2mp+51djeWOmMlZ2LcunWWr12Ix8rPBflJKvPt8t79Zd76gsR8XREfG/2YrteWW7UV0b94QcAAACcE5d77v//Odu5/z9ccjrJAQAAAMMzN+oEAAAAgBPn/h8AAADGWnnUCQAAAAAn7qtvvplNaff7r1fe3tm+3Xj7+kpt63ZlfXu5stzYvFNZbTRW2+/sWz/qePVG487nYmP7brVZ22pWr+zs3lxvbG80b67F9Kk0CAAAADjg6U/e/30SEa3PX2xPmalRJwWcislHpe47PQt6/x+e6szfO6WkgFMxMcA2710oXu46Ac62yd4Fffo6MH6M/weO+kaPvoN3ftOZlYacDwAAMHxXP3Hc5/8tl/xwxunEcH71PP9PZ0eVCHDq2s//Bx3I42IBxkp5oBGAwDj7f5//Hy1NHyshAABg6GbaU1Kq5B/vzUSpVKlEXGl/LWA5ubVWr92IiKci4nez5QtZfb69Z3LkPQMAAAAAAAAAAAAAAAAAAAAAAAAA0JGmSaQAAADAWIso/Tn5Vedd/ldnX5zp/XxgKvl3+yuBpyLinR+99YO7S83m5ny2/O+Pljd/mC9/eRSfYAAAAAC9uvfp7fm/Rp0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOPm/YfvLnenATa/OKy4f/1iRMwVxZ+M6fZ8OsoRcekfSUzu2y+JiIkhxG/di4iPF8VPsrQehSyKP4wfQute0krbCuPHXP5TKIp/eQjx4Ty7n51/3ijq/6V4vj0v7n+TEf9TP67+5794dP6b6NP/rwwY45kHP6/2jX8v4pnJ4vNfN37SJ/4LA0Uvxze+vrvbb23644ir3b8/7TPe/gh7pWpz/U51a2f3+tr60mpttbaxsDD/6uJri68s3qjeWqvX8n8LY3z32V98eFj7LxX+/UvybPq3/8WC400U5P+fB3cffrRbaR2Mf+2Fgvi//km+xcH4pTzOp/Nytv5qt9zqlPd77me/fe6w9q/stb/8OP//1/odtNeBjvLsYL86AMCJ2NrZvb1Ur9c2x7aQ3aU/AWkcpzAVT0Qa41v4dlZ4MKwDpmmaZn2qYNX9iBjkOEkMuaWl4nz2Cn3PAKM+MwEAAMO2d9E/6kwAAAAAAAAAAAAAAAAAAADg/DqNt6z1xtx7BXIyjFdoAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMxX8DAAD//xfc3AU=")
r9 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200))

2.0664868s ago: executing program 0 (id=702):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6bf}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0x8, 0x9, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0)

1.953611176s ago: executing program 0 (id=703):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@oldalloc}, {@grpjquota}, {@nobarrier}, {@mblk_io_submit}, {@abort}, {@nodiscard}, {@noinit_itable}]}, 0x64, 0x51a, &(0x7f00000007c0)="$eJzs3UFvG1kdAPD/OHZI2nSTBQ6wEsvCLkorqJ1s2N2IQykSglMloNxLSJwoihNHsdM2UQWp+ABICAESJ7hwQeIDIKFKXDgipEpwBgECIWjhwAE6K9uTNE3sxG3dOI1/P2ky772Z8f89RzOeN/M0E8DAeiMirkbEozRNL0XEeFaey6bYaU2N9R4+uDPfmJJI0+v/TCLJynY/K8nm57PNRiLia1+O+GZyOG5ta3tlrlIpb2T5Un11vVTb2r68vDq3VF4qr83MTL87+97sO7NTPWnnhYi48sW//uC7P/vSlV995tafbvz94rca1RrLlu9vx1PKH7Ww1fRC87vYv8HGMwY7jfLNFmZG260xdKjk7guuEwAA7TXO8T8YEZ+MiEsxHkNHn84CAAAAL6H082PxvyQibW+4QzkAAADwEsk1x8AmuWI2FmAscrlisTWG98NxLlep1uqfXqxuri20xspORCG3uFwpT2VjhSeikDTy08304/zbB/IzEfFqRHx/fLSZL85XKwv9vvgBAAAAA+L8gf7/f8Zb/X8AAADgjJnodwUAAACAF07/HwAAAM4+/X8AAAA4075y7VpjSnfff71wc2tzpXrz8kK5tlJc3Zwvzlc31otL1epS85l9q8d9XqVaXf9srG3eLtXLtXqptrV9Y7W6uVa/sfzEK7ABAACAE/Tqx+/9IYmInc+NNqeG4e427XI14LTK76WSbN5mt/7jK635X06oUsCJGOp3BYC+yfe7AkDfFPpdAaDvkmOWdxy889ts/one1gcAAOi9yY92vv+fO3LLnaMXA6eenRgGl/v/MLia9/+7HcnrZAHOlIIzABh4z33//1hp+lQVAgAAem6sOSW5YnZ5byxyuWIx4kLztQCFZHG5Up6KiFci4vfjhQ808tPNLZNj+wwAAAAAAAAAAAAAAAAAAAAAAAAAQEuaJpECAAAAZ1pE7m/Jr1vP8p8cf2vs4PWB4eS/45G9IvTWj6//8PZcvb4x3Sj/1155/UdZ+dv9uIIBAAAAA+GpXuC/20/f7ccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQC89fHBnfnc6ybj/+EJETLSLn4+R5nwkChFx7t9J5Pdtl0TEUA/ijzb+fKRd/KQRYy9ku/ijPYi/c7dz/InmVzPSNv5wRJzvQXwYZPcax5+r7fa/XLzRnLff//IRT+SfVefjX+wd/4Y6HH8udBnjtfu/KHWMfzfitXz7489u/KRD/De7jP+Nr29vd1qW/iRisu3vT/JErFJ9db1U29q+vLw6t1ReKq/NzEy/O/ve7DuzU6XF5Uo5+9s2xvc+9stHR7X/XIf4E8e0/60u2///+7cffKiVLLSLf/HNNvF/89NsjcPxc9lv36eydGP55G56p5Xe7/Wf/+71o9q/0KH9x/3/L3bZ/ktf/c6fu1wVADgBta3tlblKpbxxZhONXvopqMahRC5ORTU6JoaHTkU1Xmji2z39wDRN08Y+9Ryfk8Rp+FqaiX4fmQAAgF57fNLf75oAAAAAAAAAAAAAAAAAAADA4DqJx4kdjLmzl0p68QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeeD8AAP//KcLXkw==")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000a80)='./file1\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@usrjquota}, {@orlov}, {@norecovery}, {@barrier}, {@data_journal}]}, 0x66, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000002680)='.\x00', 0xa0, &(0x7f00000008c0)=ANY=[], 0xc, 0x0, &(0x7f0000000000))
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
renameat2(0xffffffffffffff9c, 0x0, r2, 0x0, 0x0)
syz_clone3(&(0x7f0000000380)={0x20080, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}, 0x58)
chdir(&(0x7f0000000400)='./file0\x00')

1.865762459s ago: executing program 1 (id=704):
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)
r2 = gettid()
r3 = gettid()
tkill(0x0, 0x21)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
flistxattr(r6, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = dup(r7)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000000306050000000000000000000200000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x4)
tkill(r2, 0x1)
tkill(r3, 0x14)
r9 = memfd_secret(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r9, 0x0, 0x7f}, 0x18)
r10 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r11 = syz_open_dev$tty20(0xc, 0x4, 0x0)
pipe2$9p(&(0x7f0000000240)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r12, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB="2c11"])
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl1\x00', <r14=>0x0, 0x2f, 0xf, 0x1, 0x5, 0x48, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, 0x1, 0x10, 0xa}})
sendmsg$nl_route_sched(r10, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa9918618a64f65ae}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=@newtclass={0x30, 0x28, 0x200, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r14, {0x5, 0xdaa34a9c5706be15}, {0xfff1, 0x10}, {0x1, 0xa}}, [@tclass_kind_options=@c_skbprio={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0xc840}, 0x20004844)
write$P9_RVERSION(r13, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0xfffffd97)

1.508639514s ago: executing program 0 (id=707):
r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
preadv2(r0, &(0x7f0000002240)=[{&(0x7f0000000000)=""/91, 0x5b}, {&(0x7f0000000080)=""/246, 0xf6}, {&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/52, 0x34}, {&(0x7f00000011c0)=""/4096, 0x1000}, {&(0x7f00000021c0)=""/68, 0x44}], 0x6, 0x81, 0x7, 0x16)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000022c0), 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000002300)={0xffffffffffffffff, 0x0, 0x2, 0x0, 0x7ff})
ioctl$HIDIOCSUSAGES(r1, 0x501c4814, &(0x7f0000002340)={{0x3, 0x1, 0xc6c, 0x40, 0x81, 0x1}, 0xbf, [0xf90, 0x8001, 0x6, 0x2, 0x6, 0x80000000, 0x2, 0x1000, 0x40, 0xffff8001, 0x7, 0x5, 0x6, 0x4, 0x5, 0x9, 0x4, 0x7, 0x8, 0xa, 0xfffffffb, 0x0, 0x7, 0x6, 0x101, 0xffff65d1, 0x10000, 0x6ce, 0x4, 0x0, 0x47ab, 0x7, 0x2, 0x5, 0xcc5, 0xd, 0x40, 0x5, 0x5e0b1080, 0x6, 0xf0000000, 0x6, 0x6, 0x800, 0x2, 0x5, 0x4, 0xdf09, 0x4, 0x81, 0x5, 0x4, 0x5d0a, 0x200, 0x1, 0xffffffff, 0x5, 0x7, 0x6f, 0xc034, 0x8a, 0x794, 0x7, 0x0, 0xfffffc0a, 0x6, 0x1, 0xfffffff9, 0x20, 0xffffffff, 0xe, 0x5, 0x100, 0x7, 0xf0, 0x7, 0x4, 0x2, 0xff, 0x3, 0x2, 0x6, 0x3, 0x9, 0xc83e, 0x6cb40c61, 0x1, 0x1, 0xfffffff9, 0x7, 0xfffffffe, 0x5, 0x6, 0x0, 0x3, 0x6, 0x7, 0x42, 0x7, 0x2, 0x80000000, 0x2, 0xd, 0xfff, 0x9, 0x4, 0x1, 0xc18, 0x1, 0x1, 0x5, 0x800, 0x3, 0xffff4b60, 0x10000, 0x0, 0xffff, 0x8, 0x7ff, 0xa9d, 0xfff, 0xfffffffb, 0x2, 0x8, 0x6, 0x1, 0xa47, 0x0, 0xffffffae, 0x0, 0x40, 0x9107, 0x4, 0x8, 0x5, 0x1cf, 0x7, 0x1, 0x5, 0xfffffffe, 0x7fff, 0x5, 0x7ff, 0x9, 0x8001, 0x7, 0x1, 0x13e74e6e, 0x7, 0x5, 0x1, 0x400, 0x7, 0x2, 0x0, 0x5c, 0x2, 0xfff, 0x1, 0xffff1a7f, 0x5, 0x7, 0x9, 0x0, 0x0, 0x8, 0x800, 0xffffffff, 0x6, 0x3, 0xb1d3, 0x4, 0x1, 0x4, 0x9, 0x51eb, 0x8, 0x8, 0x7f2f8234, 0x2, 0xb334502, 0x3, 0x9, 0x25b, 0x4d, 0x1ea8, 0x7fff, 0x1e, 0x61, 0x0, 0x7, 0xd, 0x1, 0x1698, 0x11, 0x401, 0xffff8001, 0x7, 0x4, 0x1, 0x3af0, 0xffff, 0x100, 0x5, 0x8, 0xe71c, 0x3, 0x3, 0x3, 0xf8c6, 0x4, 0x8001, 0x7fff, 0x7, 0x3, 0x5, 0x1ff, 0xff, 0xfffeffff, 0x6, 0x0, 0x5, 0xe319, 0x100, 0x0, 0x3e8b97bb, 0x1, 0x3, 0x1, 0x2e, 0xfffffff9, 0xa5d, 0x3, 0x1, 0x5, 0x0, 0x5, 0x200, 0x5, 0xffffffff, 0x9, 0x0, 0xb, 0x6, 0x19b6, 0x8, 0x6, 0x9, 0x305000, 0x2000000, 0x8af, 0x4e5, 0x8, 0x0, 0x80, 0xc4, 0x80000, 0xfffffff7, 0x9, 0x1, 0x800, 0x7, 0x4, 0x3, 0x6, 0x2, 0x2, 0x0, 0x4d, 0x5, 0x2, 0x1, 0x9, 0x1c0, 0x4, 0x6, 0x6, 0x1, 0x9, 0x1, 0x1000, 0x10001, 0x7, 0x3ff, 0x4, 0x4d, 0x7, 0xe, 0xd86, 0x4, 0x9, 0x53, 0x3, 0x9, 0x9, 0x9, 0xbfa, 0xd10, 0xffff1ffd, 0x5, 0x0, 0xff, 0x2, 0x6, 0x4, 0x2, 0xb547, 0x7, 0x6, 0x100, 0x9, 0x401, 0x80, 0x3, 0x45d7, 0x1, 0x9, 0x8d, 0x4, 0xb09, 0xe, 0x9, 0x6, 0xb2, 0x9, 0x0, 0x0, 0x7, 0x7fffffff, 0x7, 0x8001, 0x0, 0x4, 0x1, 0x100, 0x7, 0x6d36, 0x70, 0x1, 0xf, 0x65e, 0x0, 0x6, 0x5, 0x2, 0x8, 0x9, 0x4, 0x4, 0x7, 0xfffffffd, 0x1, 0xd, 0x401, 0x800, 0x6, 0x9, 0x8, 0xeed, 0x180000, 0x6, 0xff, 0x81, 0x2dea, 0xf, 0x0, 0xd87, 0x5, 0x6, 0x2, 0x3, 0xff, 0x7, 0x101, 0x2, 0x101, 0x84b5, 0x30000000, 0xf6d7, 0x8, 0xfff, 0x5, 0x100000, 0x0, 0x8, 0x0, 0x6, 0x5d, 0x80000000, 0x7, 0xb, 0x7a, 0xe7, 0x3, 0x7, 0x3306, 0xfffffffa, 0x0, 0xb, 0x2a0, 0x573, 0x6, 0xc, 0x0, 0x3, 0x4f, 0xc, 0x8, 0x0, 0x9, 0xfffff001, 0x7, 0x5, 0x7, 0x3, 0x89, 0x528c0fc5, 0x80000000, 0x6, 0xff, 0xf, 0x5, 0x79ab, 0x9, 0xbd8, 0x3, 0xe, 0x7, 0x9, 0x4, 0x800, 0x3, 0x4, 0x4f6, 0x4, 0x1, 0x7, 0x4, 0x6278, 0x8, 0xffff, 0x3ff, 0x1, 0x2e45, 0x4, 0x8a5, 0x2, 0x8492, 0x5, 0x5, 0x2, 0x9, 0xffffffff, 0x5, 0x1ff, 0x473, 0x9, 0x1, 0xde5, 0x75f5, 0x3, 0xa, 0x9, 0x673, 0x6, 0x80, 0x4000, 0xb73, 0x3, 0x0, 0x1, 0x1, 0x3, 0x7fffffff, 0x2, 0xad4, 0x3, 0x7eb, 0x6, 0x7, 0x2, 0x8, 0x3, 0x6, 0x8c, 0x101, 0x8000, 0x4, 0x80, 0x6, 0x6, 0x0, 0x80000000, 0x68d, 0x101, 0x7, 0x8, 0x2, 0x1, 0x63, 0x3, 0x0, 0x6, 0x0, 0xb614, 0x1, 0x4, 0x7fff, 0xffffff80, 0x1, 0xc, 0x0, 0x7, 0xa, 0x3, 0x8, 0x3, 0x7, 0x3, 0x7fff, 0xa508, 0x2, 0xd00000, 0x8, 0x5, 0x69d3, 0xb, 0x3, 0x59, 0xa, 0x70, 0x9, 0x4, 0x3, 0xf, 0x9, 0xfff, 0x1000, 0x7, 0x8, 0x8, 0x9, 0x4, 0xfffffff7, 0x3, 0xa506, 0x5, 0x3, 0xffffffff, 0x708e, 0x1, 0x15, 0x80, 0x28, 0x6, 0x2, 0x81, 0x8001, 0x80000001, 0x400, 0x8, 0x3, 0x2, 0x3, 0x9, 0x3, 0x3, 0x6, 0x4, 0x2, 0x2, 0x10001, 0x8, 0x3, 0x2, 0x2, 0x10, 0xc, 0x1ff, 0xfffffffc, 0x10, 0x3, 0x0, 0x9, 0x3ff, 0x7ff, 0x1, 0xd, 0x0, 0x80000000, 0x2, 0x6, 0xb, 0x81, 0x3c09, 0x8, 0x6, 0x80000000, 0x6, 0x7, 0x5, 0x7, 0xfffffff5, 0x1cdf, 0x9, 0x7, 0x2, 0x6, 0x3, 0x1, 0x8, 0x1, 0xdbf0187, 0xfb, 0x22d5, 0x9, 0x6, 0x6d5, 0xbb, 0x7, 0x9, 0x3e87, 0x5, 0x39, 0xde3, 0x1, 0xd2, 0x8, 0x3, 0x921a, 0x1, 0x10000, 0x9, 0x80000001, 0x4, 0xcd, 0xffffffff, 0x7bc, 0x7ff, 0x1ff, 0x4, 0x60, 0xffffb830, 0x80000001, 0x7, 0xd, 0x2, 0x5, 0x9, 0x5, 0x81, 0x8, 0x1d, 0x7, 0x10, 0x5, 0x9, 0x1000, 0x2, 0x101, 0x4, 0x6, 0x40, 0x6, 0x7f, 0x7, 0x0, 0x8, 0x8, 0x6, 0xa685, 0x2, 0x3, 0x6, 0xc, 0x3, 0x1d198832, 0x2, 0xad, 0x1, 0xfffffff9, 0x800, 0x4, 0x8, 0x7, 0xe, 0x4, 0x2, 0x5, 0x2, 0x4, 0x4, 0x101, 0x3, 0x2, 0x5, 0x8, 0x2, 0xdf6, 0x10001, 0x7ff, 0x9, 0x2, 0x6, 0x9, 0xe3, 0x7fffffff, 0x4, 0x5, 0x5, 0x5, 0x0, 0x59ad, 0x2000, 0x2, 0x0, 0x789f, 0x9, 0x0, 0x9, 0x92, 0x89f7, 0x10, 0xfff, 0x1, 0x2, 0x6, 0x6, 0x10000, 0xbfe, 0x7fff, 0x4, 0x1ff, 0x8, 0x9906, 0x0, 0x404, 0x3, 0x4, 0x6, 0x2, 0x4, 0x1, 0xffffff33, 0xe0000000, 0x0, 0x2, 0x8000, 0x80000000, 0x0, 0x1a83, 0x6d3a, 0x98, 0xfffffffd, 0x9, 0x5, 0x7d, 0x1d2, 0x8, 0x8000, 0x40, 0xa49e, 0xc39, 0xfffffffe, 0x0, 0x806, 0x9, 0xc, 0x4, 0x3, 0x8, 0x5, 0x8000, 0xff1b, 0x9, 0x5, 0x5, 0x8, 0x3ff, 0x91, 0xfffeffff, 0x6, 0x2, 0x7, 0x94, 0x1dd, 0x8, 0x0, 0xffffffd3, 0x4, 0x4, 0xc55, 0xb7, 0x1ff, 0x8dc, 0x2, 0xffffffff, 0xacc, 0x0, 0x100, 0x0, 0x8, 0xfffffffb, 0x5, 0x6, 0x622, 0x4, 0x10000, 0x7f, 0x80, 0xfffffffa, 0x8000, 0x5, 0xb299, 0x0, 0x81, 0xffffffff, 0x5622, 0x3, 0xfffffffd, 0x1, 0xd, 0x5, 0x5, 0xaf7, 0x1, 0x7fff, 0x0, 0x7, 0x9, 0x9, 0x40, 0x0, 0x8, 0x6, 0x4, 0x80000001, 0x6, 0x8, 0x9, 0xd, 0xf, 0x7, 0x4, 0x7, 0x6, 0x5, 0x10001, 0x2, 0x401, 0xfff, 0x4, 0x4, 0x58d2, 0x9, 0x9, 0x10000, 0x1000, 0x5656, 0xfffffff4, 0xe5, 0x1eea, 0xa, 0x2, 0x8001, 0xffffffff, 0x1, 0x800000, 0xac2f, 0x0, 0x2, 0x8, 0x79, 0x1, 0xe92, 0x800, 0xffffffff, 0x9, 0x5, 0x7, 0x72, 0xb, 0xc, 0xb, 0x5, 0x9, 0x0, 0x1, 0x20000, 0xffffffda, 0x6f62, 0xfffffff9, 0x3, 0x2ac, 0x3, 0xa8, 0x2, 0x2, 0x9, 0xfffffffa, 0x0, 0x1, 0x6, 0x8bd3, 0x7635, 0x401, 0x7, 0x0, 0xe, 0xfffffffc, 0x3, 0x8, 0x2, 0x6664, 0x6, 0x5, 0x7, 0x7ff, 0x9, 0xfffffff9, 0x1, 0x3, 0x13416b04, 0xff, 0x0, 0x0, 0xfffffff8, 0xfffff6ac, 0x4, 0x0, 0x9, 0x80, 0x6, 0x4, 0x6, 0x2, 0x6f, 0x9, 0x8, 0xa, 0x40000000, 0x3, 0x7fffffff, 0x660, 0x6, 0x70ee, 0x7fe0000, 0x6, 0x0, 0x1, 0x9, 0xc7, 0x3, 0x8, 0x9, 0x7, 0xffffff80, 0x10001, 0xef, 0x40, 0x0, 0x6, 0xfffffffa, 0x6, 0x10001, 0x4, 0x2, 0x1, 0x3, 0x400, 0x2, 0x7, 0x4b7c, 0xff, 0x8, 0x3a, 0x3, 0x8000, 0x0, 0x81, 0x1, 0x4, 0x80000000, 0x5, 0x5, 0x82b, 0x6, 0x200, 0x1, 0x1, 0x922, 0x4, 0x9, 0x1, 0x3, 0x10, 0x1, 0x7f, 0x0, 0x8, 0x10, 0x5, 0x0, 0xf, 0x4, 0xfffffffc, 0xfffffc01, 0x4, 0x7fff, 0x3, 0x28e, 0x7e, 0x0, 0xfffffff8, 0x1ff, 0x1, 0x5, 0x8, 0x2, 0x8, 0x8, 0x200, 0x1089, 0xfff]})
sendmsg$key(r1, &(0x7f0000003400)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000003380)={0x2, 0x14, 0x3, 0x5, 0x5, 0x0, 0x70bd28, 0x25dfdbff, [@sadb_sa={0x2, 0x1, 0x4d2, 0xd, 0x6, 0x56, 0x1, 0x80000001}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e24}]}, 0x28}}, 0x4000000)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000003600)={&(0x7f0000003440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb7, 0xb7, 0x6, [@typedef={0x2, 0x0, 0x0, 0x8, 0x3}, @struct={0x6, 0x9, 0x0, 0x4, 0x0, 0x2, [{0x3, 0x3, 0xfffff309}, {0xa, 0x0, 0x8}, {0xc, 0x0, 0x1}, {0x5, 0x5, 0x7fff}, {0x7, 0x3, 0x10001}, {0x9}, {0x0, 0x3, 0x8}, {0x8, 0x5, 0x5850}, {0x5, 0x0, 0x8001}]}, @datasec={0xf, 0x2, 0x0, 0xf, 0x3, [{0x4, 0x4, 0x9}, {0x5, 0x5, 0x4}], "f6aa64"}, @func={0x8, 0x0, 0x0, 0xc, 0x4}]}, {0x0, [0x5f, 0x30, 0x0, 0x61]}}, &(0x7f0000003540)=""/155, 0xd6, 0x9b, 0x0, 0x5, 0x10000, @value=r1}, 0x28)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000003880)={'syztnl1\x00', &(0x7f0000003800)={'syztnl0\x00', <r3=>0x0, 0x2f, 0x6d, 0x60, 0x7f, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, 0x8000, 0x80, 0x6, 0x33d}})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000003940)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, '\x00', 0x0, r2, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000003a40)={0x1, 0x25, &(0x7f0000003640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@generic={0x40, 0xd, 0x6, 0x5, 0x10001}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0xf8, 0x9, 0x8, 0x0, 0x3}, @ldst={0x40eef131f7a1430, 0x0, 0x2, 0x4, 0x9, 0x2, 0xffffffffffffffff}, @generic={0x1, 0x6, 0x4, 0x100, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x19f}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0xc7}}}, &(0x7f0000003780)='syzkaller\x00', 0x45, 0x4, &(0x7f00000037c0)=""/4, 0x40f00, 0x0, '\x00', r3, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f00000038c0)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000003900)={0x4, 0xd, 0xb3, 0x2}, 0x10, 0xffffffffffffffff, r1, 0x2, &(0x7f00000039c0)=[r1, r1, r1, r4, r1], &(0x7f0000003a00)=[{0x5, 0x2, 0x6, 0x5}, {0x3, 0x3, 0x0, 0xa}], 0x10, 0x8001}, 0x94)
sendmsg$L2TP_CMD_NOOP(r1, &(0x7f0000003bc0)={&(0x7f0000003b00)={0x10, 0x0, 0x0, 0x84026088}, 0xc, &(0x7f0000003b80)={&(0x7f0000003b40)={0x30, 0x0, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private2={0xfc, 0x2, '\x00', 0x1}}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x45}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000003c00)={0x20002004})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r1, 0x89f6, &(0x7f0000003c80)={'sit0\x00', &(0x7f0000003c40)={@dev={0xac, 0x14, 0x14, 0x1}, 0x1, 0x0, 0x30, 0x0, [{@empty}, {@initdev}, {@multicast1}]}})
time(&(0x7f0000003cc0))
setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000003d00)={0x8, {{0x2, 0x4e23, @local}}}, 0x88)
connect$unix(r1, &(0x7f0000003dc0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
statx(r1, &(0x7f0000003e40)='./file0\x00', 0x6000, 0x2, &(0x7f0000003e80)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
quotactl_fd$Q_GETINFO(r4, 0xffffffff80000501, r6, &(0x7f0000003f80))
openat$uhid(0xffffffffffffff9c, &(0x7f0000003fc0), 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000004000)={{0xff, @rand_addr=0x64010102, 0x4e23, 0x4, 'dh\x00', 0x0, 0xd34d, 0x30}, {@local, 0x4e21, 0x0, 0xfff, 0x1, 0x1}}, 0x44)
sendto(r5, &(0x7f0000004080)="319fcd652adf42ba9f5fee1b35d302da92a7c4663f98d7edc589e332c088f3cdb636bd307416424615c617e6ec3725494a6f718200777e85fd72ec83d318908c622f5447c98f1d630e0dc290f97b95d254fc76357e9a3dc73e0481174cd02af808adf37ca0fa2e718135ca795db8f18ff5d40ab7ea36e877b0bc", 0x7a, 0x4000000, &(0x7f0000004100)=@un=@file={0x0, './file0\x00'}, 0x80)
unshare(0x40040000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000004180)={{0x9a}, 'port0\x00', 0xc1, 0x8, 0xf, 0x4, 0x7, 0x7fffffff, 0x6, 0x0, 0x6, 0x8})
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000042c0)={0xa, &(0x7f0000004240)=[{0x4, 0x8, 0x7f, 0x6}, {0xfff8, 0x5, 0x0, 0x80000000}, {0x44, 0x3, 0x3, 0x1000}, {0xfd70, 0x8, 0x7, 0x200}, {0x8, 0xeb, 0x3, 0x2}, {0x8001, 0x7f, 0x2, 0x10}, {0x51, 0x2, 0xb, 0xf2}, {0x0, 0x81, 0x1, 0xad50}, {0xfff, 0xfb, 0x5, 0xd}, {0x8ee, 0x9, 0x1, 0x1}]})
mknodat(r1, &(0x7f0000004300)='./file0\x00', 0x8000, 0xf7da)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000004340)={0x2, 0x4e21, @private=0xa010102}, 0x10)
prctl$PR_CAPBSET_READ(0x17, 0x3)

1.37860762s ago: executing program 1 (id=710):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, &(0x7f0000000080))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000001)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010426bd700bfbdbdf253e00000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x51b46af6b3ca2aa}, 0x4000000)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x54, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xa4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x53}]}, 0x54}}, 0x44800)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
read$rfkill(r8, 0x0, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r9)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r9, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}}, 0x14}, 0x2, 0x34005, 0x0, 0x4008815}, 0x0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r9, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x14}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x81}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x4080)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0100251e8000000801030020000000000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000891}, 0x20000004)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

1.353231801s ago: executing program 2 (id=712):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000240)=0x1)
msgctl$IPC_SET(0x0, 0x1, &(0x7f00000004c0)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, 0xb, 0x6f76, 0x7, 0x0, 0x1, 0x8, 0x7f, 0x3, 0xffffffffffffffff})
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x10001)
write(r0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="44000000020605000000009d59c73500000000000c000300686173683a6970000500040000008c000900020073797a310000000005000500ffff000005000100"], 0x44}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="c4db3275adf94c00aaefab3e618a628df5a876bd8da52bb46897"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000004000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r5}, 0x18)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r6, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x861}, 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)={0x40, r8, 0x1, 0x1, 0x25dfdbf8, {}, [@ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000600)={0x148, r8, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_WOL_MODES={0x134, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xdc, 0x5, "7f9211727b112843a285b8b4ff570e4c9cf22223fbb6be4d928b084d0cafa9b932cc0c003fc39a0cf3975164972debf8ddc243a5a0f7e2c0d7c65dd92c637df1f8da489805800bc2bf3c52568c7dda2c402fde5e354d6361d79c4afd4bf603bed558c725a91cd6e60b83f968cc20f0570581155170d1f83cfb981ac2ac0e71881b47f981e9e5657772277f0dd30274992826f94265b162cdee1ee949df8e8b1531585c2f143f6f4caea6ee5983ace30ba48b2da6cd8e80f1f9c7cf784f1b94a071968c8595a9901e7fe7ab61285029cf17c8d0f525d6654b"}, @ETHTOOL_A_BITSET_VALUE={0x54, 0x4, "502171cc93307e31a70f210e7aae6fc38eff7b52d8bbde44e2d9d63c7869c4d4b18fa5e203339457127e7d3913edf42e56a0993297c190674fa843914c74b660de07a2885fb2f772b079d616f3df58ab"}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x4000}, 0x40052)
r9 = socket$key(0xf, 0x3, 0x2)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='kfree\x00', r10}, 0x18)
sendmsg$key(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)
syz_create_resource$binfmt(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
io_setup(0x3, &(0x7f00000002c0))
eventfd(0x3ff)

1.130514581s ago: executing program 1 (id=718):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000c00)=@delqdisc={0xc74, 0x25, 0x2, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xd}, {0xd, 0x1}, {0xfff2, 0xa}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @qdisc_kind_options=@q_tbf={{0x8}, {0xc40, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x80000001, 0x0, 0x8000, 0xffffffff, 0x7, 0x1, 0x3, 0x2, 0x51, 0x8, 0x3ff, 0xfff, 0x80000000, 0x6, 0x81, 0x3, 0x81, 0x9, 0x3, 0x6, 0xfffffffd, 0xbc, 0x200, 0x5, 0x3ff, 0x81, 0x7, 0xf, 0x2, 0x101, 0x0, 0x3, 0x8, 0x0, 0x101, 0x8, 0x8, 0xb6a2, 0x4, 0x0, 0x0, 0xfffffffa, 0x9, 0x4, 0x6ac, 0xffff, 0xfffffff8, 0x6, 0x4, 0x2, 0x7ff, 0x4, 0x8001, 0x3bf, 0x3, 0x400, 0x9, 0x0, 0x4, 0x7, 0x401, 0x9, 0x5, 0x4, 0x10, 0x400, 0x6, 0xff, 0x0, 0x10000, 0x3ff, 0x1, 0xfffffff7, 0x0, 0x933, 0x0, 0x101, 0xfffffff0, 0x10, 0xf, 0x4, 0x8001, 0xe2, 0x6, 0x5, 0x9a, 0xb, 0x784, 0x200, 0x8, 0xf30, 0x3, 0xffffd132, 0x5, 0x9, 0x90, 0xc78, 0x7, 0xa, 0x4, 0x2, 0x8, 0x80000001, 0x7, 0x400, 0xf8be, 0x9, 0x7, 0x3, 0xd, 0x1, 0x0, 0x9, 0x4, 0xd1f0, 0x1ff, 0x8, 0x7, 0x9, 0x100, 0x6, 0x80000000, 0x8000, 0x6, 0x1000, 0x6, 0x9, 0x8, 0x80000000, 0x401, 0x94, 0x69, 0x4, 0x1, 0x5, 0x8, 0x5, 0x9, 0x7, 0x0, 0x1, 0x8000, 0xfff, 0x0, 0x0, 0x2, 0x0, 0x8, 0xf8a3, 0x0, 0xe, 0x9, 0x4, 0x1, 0xfffffffb, 0x5, 0x4, 0x3, 0x81, 0x84, 0x3, 0xe9c, 0x3, 0x2, 0x2, 0x1, 0x3, 0x885, 0x0, 0x7, 0x9, 0x8, 0x7, 0x9, 0x5, 0x200, 0x2, 0x1, 0x7, 0x0, 0x5, 0xd, 0xf7c, 0x2a, 0x4, 0x6, 0x8, 0xff, 0x35, 0x9, 0x86f, 0x1, 0x9, 0x1cd, 0x80000001, 0x63, 0x7, 0xffffffff, 0x8387, 0x2, 0x6, 0xfad, 0x0, 0x8, 0x1, 0xc, 0x39cd400, 0x2, 0x5, 0x1000, 0x8, 0x79, 0xa5, 0x2, 0x4, 0x9, 0x4, 0xffffffff, 0xd, 0x5, 0xf, 0x0, 0x8001, 0x5, 0x3, 0x4, 0x3, 0x7, 0x9, 0x10001, 0x6, 0x80000000, 0x80000001, 0x2, 0x8, 0x6f4, 0x7fff, 0x46492d90, 0x9d08, 0x8, 0x6, 0x29c0000, 0x6, 0x9, 0x7, 0xfffffff7, 0x4, 0x4027, 0x6, 0x6, 0xff, 0x4, 0xcd9c, 0xab, 0x80000001, 0x73c9]}, @TCA_TBF_RTAB={0x404, 0x2, [0xfffffffe, 0x1, 0x4, 0xfff, 0x9, 0x4, 0xfffffffe, 0x0, 0xfffffe8b, 0x7, 0x4, 0x9e1, 0x8fc, 0xffffffff, 0x7, 0x7, 0x8, 0x18000000, 0x9, 0x83, 0x7, 0xffff, 0x200, 0x7, 0xf, 0x4, 0x40, 0xfff, 0x592f, 0xfffffffa, 0xffffffd5, 0x1, 0x5, 0x6, 0xd, 0xffffd5ef, 0x7, 0xfff, 0xc, 0xd7, 0x6, 0x6, 0xfffffff7, 0x80000000, 0x3, 0x1, 0x1, 0x81, 0x5, 0x0, 0x3, 0xb, 0x1, 0x0, 0x6ed3, 0x80, 0x7f, 0x5, 0x2, 0x0, 0x6, 0xc2, 0xc, 0x49f4b74c, 0xfffffffb, 0x5d, 0x90, 0x80000001, 0x4, 0x3, 0x7, 0x80000000, 0x101, 0x7, 0x6, 0x3, 0x6, 0xa, 0x80000001, 0x95, 0x100, 0xfff, 0x1, 0x6, 0x9, 0x967, 0xcc3, 0x7, 0x5, 0x2, 0x1000, 0x4, 0x6, 0x4, 0x3, 0x4, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfffffffc, 0x800, 0xfffffffd, 0x7fff, 0x4, 0x3d, 0x4, 0x7, 0x6, 0x9, 0x8, 0x83, 0xfffffff7, 0xf, 0x76, 0x0, 0xffffffff, 0xeb, 0x1, 0x8, 0xff, 0x8, 0xd, 0x6a, 0x45d, 0x19, 0x0, 0xffff, 0xae369bc, 0x9e02, 0x3, 0x4, 0x3, 0xe78, 0x0, 0x5, 0x8001, 0xc8bf, 0xcb, 0x2, 0x8, 0xfffffffb, 0x7f, 0x5, 0x4, 0x3788, 0x7, 0x7fffffff, 0x80000001, 0x549, 0x81, 0x1, 0x0, 0x7979ac11, 0xd, 0x10001, 0x7, 0x1000000, 0x6, 0xeb3, 0x40000, 0x7, 0x1, 0x0, 0x5, 0x4, 0xc621, 0x6, 0x8953, 0x81, 0xfffffff9, 0x2, 0x1ff, 0x43, 0x5, 0x5, 0xcefe, 0x8, 0x2, 0x1, 0x8, 0x54773454, 0x85a, 0x0, 0x9, 0x1, 0x80000001, 0x3, 0x3, 0x5, 0x5, 0x1, 0xed38, 0x5, 0x77b, 0x3ff, 0xab, 0x1000, 0x80, 0x40, 0x9, 0x4, 0x5, 0xd270, 0x8, 0x7, 0x2, 0x7ff, 0x7, 0x3, 0x100, 0x3, 0x5, 0x7, 0x101d, 0x80000001, 0xffff, 0x401, 0xfffffff8, 0x80000000, 0x400000, 0x2a, 0xffffffff, 0x2374, 0x7, 0xffffffff, 0xfff, 0x8, 0x4, 0x0, 0x9c57, 0xffff91df, 0x2, 0x80000001, 0x9, 0xff, 0x7, 0xeb8, 0x7, 0x3, 0x81, 0x9, 0x0, 0x1ff, 0x7, 0x95f3000, 0x7, 0x8b9c, 0x200, 0x6, 0x3, 0x1, 0x7fff, 0x0, 0x1000]}, @TCA_TBF_PBURST={0x8, 0x7, 0xd83}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x7, 0x9, 0x5000000, 0x3, 0x8, 0x0, 0x9, 0x7, 0x8, 0xffffffff, 0x8, 0x4, 0x7, 0x1, 0x5, 0x8, 0x7fff, 0x1, 0x236fba8e, 0x3, 0x400, 0x3, 0x1ff, 0xfffffffd, 0x3, 0xfffffff7, 0xf6, 0x8, 0x9, 0x7, 0x0, 0x3, 0x10, 0x1, 0x2, 0x4, 0x6, 0x3ff, 0xa6d8, 0xd7, 0x8, 0x80000001, 0x5, 0x0, 0x0, 0x3, 0xc, 0x0, 0x3ff, 0x8, 0x3, 0xfffffffb, 0x10001, 0x2, 0x1000, 0x6, 0x5, 0x7, 0x32, 0x200, 0xb7, 0x10000, 0x8, 0x4, 0xff, 0x0, 0x5, 0x2, 0x6, 0x8, 0x80000000, 0x80, 0x2, 0x60, 0x10001, 0x5, 0x2, 0xbc, 0x3, 0xfffffff3, 0x10, 0x10001, 0x5, 0x3, 0x8, 0x1, 0xf, 0x3, 0x2, 0x101, 0x8, 0x7f, 0xae, 0x3, 0x8, 0x2400000, 0x4, 0x80, 0x6, 0x10000, 0x2, 0x5, 0x1, 0x2, 0xfffffffa, 0x7, 0x6, 0x1, 0x100, 0xfffffff7, 0x401, 0x4, 0x42d5, 0x7, 0x2, 0x7, 0xb, 0x4, 0x3, 0x1, 0x5, 0xfffffff7, 0x8, 0x38c34a53, 0xaf7, 0x13b18edf, 0x6201, 0x2, 0x2, 0x9, 0x1a00, 0x6, 0x0, 0x4c, 0x6, 0x6, 0x0, 0x6, 0x4, 0x5, 0x7, 0x3, 0x60c, 0x5, 0xe1b3, 0x2, 0xba, 0xfffffff8, 0x4, 0x7, 0x0, 0x400, 0x1b45, 0x0, 0x1, 0x9, 0x0, 0x5dc, 0x8, 0x4, 0x5, 0x5, 0xaa, 0x4, 0x7, 0x1ff, 0xb5, 0x4, 0x3, 0x78e, 0xaf58f28, 0x4, 0x0, 0x7, 0x7, 0x10b, 0x8001, 0x7, 0x100, 0x3, 0x1, 0xc, 0x6, 0xffffffff, 0x56, 0x7, 0x3f, 0x1, 0x200, 0x23, 0xb3, 0x9, 0xf, 0x7, 0x1, 0xc, 0x10000, 0x4f, 0x2, 0xe5, 0x10, 0xb8, 0x8, 0x7615, 0x8, 0x8c5, 0x8, 0x3, 0x5, 0x3ff, 0x4, 0x4, 0x1, 0xcb, 0x1, 0x78, 0x1, 0x9, 0x9, 0x9, 0x3ff, 0x7, 0x8, 0x0, 0x3, 0x8000, 0xa, 0x8, 0x400, 0x5, 0x0, 0x80000001, 0x3, 0xa, 0x83ee, 0xb, 0x4, 0x81, 0x6ce, 0x6, 0x4, 0xffff098a, 0x6, 0x4, 0x5, 0xfffffffe, 0x58d, 0x0, 0x6, 0xbae9, 0x8, 0x2, 0xfffff801, 0x6c, 0x6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0xb3, 0x1, 0x800, 0x3, 0xc, 0xa}, {0xff, 0x0, 0x784, 0x9, 0xff7e, 0xcdc}, 0x2, 0x6, 0xd6c}}]}}]}, 0xc74}, 0x1, 0x0, 0x0, 0x4040003}, 0x4044)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0xfffffffffffffe87, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
pidfd_send_signal(0xffffffffffffffff, 0x2, 0x0, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x97)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), r6)
sendmsg$NLBL_UNLABEL_C_STATICADD(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x70, r8, 0x1, 0x0, 0x0, {0x4}, [@NLBL_UNLABEL_A_IPV4ADDR={0x5, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV4MASK={0x5, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'hsr0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:var_lock_t:s0\x00'}]}, 0x70}}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r10 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r1, @ANYRES32=r11, @ANYBLOB="080012000a0002000180c20000010000"], 0x28}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
lsetxattr$security_selinux(&(0x7f0000000400)='./file0\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYRES16=r2], 0x1c}, 0x1, 0x0, 0x0, 0x400c}, 0x20000000)

1.104491702s ago: executing program 3 (id=719):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x4661, 0x800, 0x5, 0x20e}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000680)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0)

1.085939153s ago: executing program 2 (id=720):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x3800488, &(0x7f0000002200), 0x65, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000003340)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000300)='./bus\x00', 0x6200, 0x5d)
preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x2, 0x0, 0x0, 0x0)

1.011417896s ago: executing program 2 (id=721):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, &(0x7f0000000080))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000001)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010426bd700bfbdbdf253e00000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x51b46af6b3ca2aa}, 0x4000000)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x54, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xa4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x53}]}, 0x54}}, 0x44800)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
read$rfkill(r8, 0x0, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r9)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r9, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}}, 0x14}, 0x2, 0x34005, 0x0, 0x4008815}, 0x0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r9, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x14}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x81}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x4080)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0100251e8000000801030020000000000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000891}, 0x20000004)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

1.001200207s ago: executing program 3 (id=722):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
preadv2(r1, &(0x7f0000000280)=[{0x0}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB="0000000000000000b6cf2b92a4042da900000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000300)={0xf, 0x2, 0xbd, 0x7ff, 0x7, 0x8e1e})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
connect$llc(0xffffffffffffffff, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random='\x00\x00\x00\x00\x00\a'}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r5 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f00000006c0)={'gretap0\x00', 0x0, 0x7800, 0x80, 0x10001, 0x400, {{0x2f, 0x4, 0x0, 0x3f, 0xbc, 0x67, 0x0, 0x1, 0x4, 0x0, @loopback, @multicast1, {[@ra={0x94, 0x4, 0x1}, @end, @lsrr={0x83, 0x1b, 0x57, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @dev={0xac, 0x14, 0x14, 0x13}, @remote, @rand_addr=0x64010101, @local]}, @cipso={0x86, 0xe, 0x0, [{0x2, 0x8, "938aeb8078c0"}]}, @lsrr={0x83, 0x27, 0x18, [@rand_addr=0x64010101, @rand_addr=0x64010101, @multicast1, @empty, @local, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast1]}, @noop, @timestamp_prespec={0x44, 0x3c, 0x26, 0x3, 0x7, [{@loopback, 0x9}, {@multicast1}, {@broadcast, 0xd0f2}, {@private=0xa010100, 0x30}, {@loopback, 0x4d1}, {@loopback, 0x3}, {@loopback, 0x6}]}, @generic={0x82, 0xa, "8dad22c358af7edc"}, @generic={0x83, 0xc, "665fffc8f2f3cb6ef614"}]}}}}})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, &(0x7f0000000380))
setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000008c0)={{{@in=@empty, @in=@local, 0x4e20, 0x39, 0x4e24, 0x9, 0x2, 0x140, 0x40, 0x4}, {0xfffffffffffffff9, 0x0, 0x8, 0x1, 0xffffffffffffffff, 0x2b96, 0xdfc8, 0x8}, {0x2, 0x0, 0x5, 0x7f}, 0x80000000, 0x6e6bb6, 0x0, 0x0, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x4d5, 0x93}, 0x2, @in6=@mcast2, 0x0, 0x4, 0x1, 0x4, 0x7, 0x1, 0x401}}, 0xe8)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f00000001c0)={0x1, 0x7, 0x7936, 0xfff6, 0x68, 0xfffa})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
ioctl$sock_inet_SIOCGIFADDR(r7, 0x8915, &(0x7f0000000080)={'hsr0\x00', {0x2, 0x0, @dev}})

890.367842ms ago: executing program 4 (id=724):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0xa, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000020000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0xb}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

818.073024ms ago: executing program 4 (id=725):
socket(0x10, 0x3, 0x0)
syz_io_uring_setup(0x835, &(0x7f0000001200)={0x0, 0xa846, 0x200, 0x1, 0x94}, &(0x7f0000000200)=<r0=>0x0, &(0x7f0000000140))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x402aedf, 0x400, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x300)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r8 = socket$kcm(0x2, 0x3, 0x106)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="010000003b000000060000000800004000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000000000000400000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, 0x0, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r8, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
syz_extract_tcp_res$synack(&(0x7f00000001c0), 0x1, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r11 = syz_io_uring_setup(0x2fbb, &(0x7f00000003c0)={0x0, 0x84a8, 0x10000, 0x2, 0x2b0}, &(0x7f0000000080), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r11, 0xb, &(0x7f0000000300)=[@ioring_restriction_sqe_op={0x1, 0x7}, @ioring_restriction_sqe_flags_required={0x3, 0x4}, @ioring_restriction_sqe_flags_required={0x3, 0x7}], 0x3)
dup2(r1, r3)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000300)=ANY=[], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000140)={0x0, 0x2}, 0x8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

703.36741ms ago: executing program 4 (id=726):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

684.96006ms ago: executing program 2 (id=727):
syz_mount_image$ext4(&(0x7f0000000140)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0xfd, 0x4a0, &(0x7f0000000b80)="$eJzs3M9vVEUcAPDv292W37Yi/gBRqmgkEltaUDl4AKOJB01M9IDH2haCFGpoNUKIVg94NCTejUcT/wJPejHqyYSr3g0JMVxAvax5u+9tt9vdZVu2Xet+PsnSee/NdubLzOzOvOluAH1rJP0nidgZEb9FxFD1cHmGkeqPO7euTP1168pUEuXyW38mlXy3b12ZyrPmz9uRHywuP19v/tLlc5OzszMXs+OxhfPvj81fuvzc2fOTZ2bOzFyYOH782NHxF1+YeL5N7Qc7jjOt0+19H8/t3/vaO9femDp17d2fv03y+JfF8WHHv/MuRpqcK+aJp7tVyn/Errp0UspThd5Uho6lHTJtroHK+B+KYtQaL4bi1c96WjlgXZXL5fKWlleHsxyZpAz8ryTRac6BjnMCm0H2Rp9ELE6la+D69Xw/uHmyugBK476TPapXSrXV60DD+rab0tXWqcW/v0ofsXQfovMbGwAAq/T9yerPfO63NP8rlOrzncj2hoYj4v6I2B0RD0TEnoh4MCIeioiHI+KRuuc02/dp1LhJsnL+WbixpsA6dPNwxEvZ3tby+V9t72K4mB3tqsQ/kJw+OztzJCLui4hDMbAlPR5vU8YPr1z/IkuumNeN1M3/0kdafj4XzOpxo9Rwg256cmHyXuPO3fw0Yl+pWfxJbScgbce9EbHvwNrKOPvsN/tbXbt7/G2U1lafeuWvI56ptv9iNMSfS9rvT45tjdmZI2N5r1jpl1+vvtmq/HuKvwvS9t/etP/X4h9O6vdr51dfxtXfP2+5puyw/y8bN2n/H0zerqTzCx9NLixcHI8YTF7Pzp/Izi8vr5JvYil/Gv+hg83H/+5Y+p94NCLSTvxYRDweEQeyuj8REU9GxME28f/08lPvrT3+9ZXGP72q9m+ZyPe2V1wqnvvxu8qVvLGG28SfRJP2P1ZJHcrOdPL617amF++lNwMAAMDmU4iInZEURmvpQmF0tPr38ntie2F2bn7h8Om5Dy5MVz8jMBwDhfxO11DtfmgsjmfL+vz+6ETD8dHsvvGXxW2V49GpudnpXgcPfW5Hi/Gf+qPY69oB664L+2jAJrXW8V8ulz/pclWADeb9H/qX8Q/9q8n439Zw3Po7AoBNrdn7v4U99IdW8//rG1wPYONZ/0P/Mv6hfxn/0JeyT8KXOvmA/7ol0teflnmKEdGrirVIlMtbV37LwUYkBnsfey0RhVU+K6nvY1tX8R0NKxLR69hXmfgn+7LNDSgrHUrd+YW9fmUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADojn8DAAD//+ID2M8=")
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0)

640.440782ms ago: executing program 4 (id=728):
socket$unix(0x1, 0x1, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_open_dev$usbfs(0x0, 0xb, 0x3196c0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, &(0x7f0000000240))
semget$private(0x0, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_bp={&(0x7f0000000340), 0x8}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = gettid()
fchdir(0xffffffffffffffff)
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000007c0)={@loopback, 0x4b})

639.756022ms ago: executing program 4 (id=729):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0x100, @remote}}}, 0x108)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, &(0x7f0000000080))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000001)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_POWER_SAVE(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010426bd700bfbdbdf253e00000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x51b46af6b3ca2aa}, 0x4000000)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x54, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xa4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x53}]}, 0x54}}, 0x44800)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r2)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
read$rfkill(r8, 0x0, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r9)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r9, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}}, 0x14}, 0x2, 0x34005, 0x0, 0x4008815}, 0x0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r9, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x44, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x3}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x14}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x2}, @IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x81}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x4080)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0100251e8000000801030020000000000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000891}, 0x20000004)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

569.643475ms ago: executing program 0 (id=730):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)

565.375796ms ago: executing program 0 (id=731):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17f}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)=[0x45c], 0x0, 0x0, 0x100000, 0x1}}, 0x40)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r3, 0x0, 0xeffffffffffffffd}, 0x18)
quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000301, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x724c, &(0x7f0000000040)={0x0, 0x9b02, 0x1000, 0x1, 0xf5, 0x0, r0}, &(0x7f0000000180), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000100000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}})

443.989501ms ago: executing program 3 (id=732):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x200, 0xa}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)

317.987466ms ago: executing program 4 (id=733):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
chmod(&(0x7f0000000100)='./file0\x00', 0x42)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x98)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r2}, &(0x7f00000004c0), &(0x7f0000000500)='%pS    \x00'}, 0x20)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x2, '\x00', 0x0, r4, 0x3, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x2, &(0x7f0000000440)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @alu={0x4, 0x1, 0x0, 0x8, 0x2, 0xffffffffffffff5f, 0xfffffffffffffffc}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x99d, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x3}, 0x50)
openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x5, 0x400, 0x9, 0x1, r5}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x60}, [@IFLA_MASTER={0x8, 0x3, r10}, @IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x3d}}]}}}]}, 0x50}, 0x1, 0xd, 0x0, 0x480c5}, 0x0)
write(r4, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc13", 0x17)
sendfile(r4, r0, 0x0, 0x3ffff)
sendfile(r4, r0, 0x0, 0x7ffff000)

305.949167ms ago: executing program 2 (id=734):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0xa, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0xb}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

230.12774ms ago: executing program 2 (id=735):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="070000000400000000020000db"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xc, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105500, &(0x7f0000000040)=@usbdevfs_driver={0x7, 0x7, &(0x7f0000000140)})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

220.020341ms ago: executing program 3 (id=736):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="070000000400000000020000db"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0xc, 0x101301)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105500, &(0x7f0000000040)=@usbdevfs_driver={0x7, 0x7, &(0x7f0000000140)})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x18)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)

149.063783ms ago: executing program 0 (id=737):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000002c0)=ANY=[@ANYBLOB="0800000000000000810c0000000000000000000000020000"])
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@newtaction={0x90, 0x30, 0x3f, 0x70bd26, 0x0, {}, [{0x7c, 0x1, [@m_mpls={0x78, 0xd, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_TC={0x5, 0x6, 0x5}]}, {0x44, 0x6, "8dd37e1f5767b873f131900df7911edbd8c4f8d74e1e35faf278c7876d79edd7941949ce33bf71c00261cf0f1fc83ea06f7b6775ee74cc9fcc1a68af66b3e87a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x90}}, 0x80)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0xd6ee, 0x800, 0x2, 0x20e}, &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000680)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(r5, 0x5fdd, 0x217, 0xa5, 0x0, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = socket$l2tp6(0xa, 0x2, 0x73)
fsetxattr$security_selinux(r9, &(0x7f00000004c0), &(0x7f00000005c0)='system_u:object_r:udev_tbl_t:s0\x00', 0x20, 0x1)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000400)='highspeed', 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000e00)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x2200850, &(0x7f0000000e40)={[{@journal_dev={'journal_dev', 0x3d, 0x7}}, {@debug}, {@nodioread_nolock}, {@min_batch_time={'min_batch_time', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@stripe={'stripe', 0x3d, 0x9}}, {@jqfmt_vfsv1}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x1800000}}]}, 0x5, 0x59f, &(0x7f0000001500)="$eJzs3V1rFFcfAPD/bBKN+jxVQaT2oghe1GLdmKT1BQray9JKhfbeLskaJBtXshsxqVC9qDe9KVIopULpB+h9L6VfoJ9CaAUpElqKFFJmM5uXzb4kujGr+/vBJOfMmcw5Z8+c2XNmJkwAfeto+iMXcSQivkki9q9JG4ws8ejydotPbk2kSxJLS5/+mUSSratvn2S/92WR1yPi168iTuSW1w+t2XdlfmG6UCoVZ7P4SHXm+khlfuHk1ZnCVHGqeG1sfPzse8Nj586c7lpd37709/efPPhw+Otji9/9/OjgvSQurBRpbT2ew+21kaOFf7PQUFxo2HC0C5n1kmSnC8AzGcj6edoRjsT+GMh6PfDq+zIiloA+lej/0Kfq44D63L5L8+CXxuMPlidAG+s/uHxtJIZrc6O9i8m6mVE63z3QhfzTPH754/69dIn21yH2dIgDbMntOxFxanBw4/kvyc5/z+5U7eJxe4159Nv3D+ykB+n4551m45/cyvgnmox/9jXpu8+ic//PPVoX7fKNhnT8937T8e/KqevAQBb7f23MN5RcuVoqnoqI1yLieAztTuPt7uecXXy41Cpt7fgvXdL862PBrByPBnfXLtOvmCxUC89X61WP70S80XT8m6y0f9Kk/dPP41LbPa821OHi/TdbbdVQ/3S3DfXfXks/RbzVtP1Xy5+0vD85PnbuzOmR2vEwUj8qNvrr7uHfWuXfuf23V9r+e9vX/0Cy9n5tZet5/Dj8tNgqbZPH/zrp8b8r+awW3pWtu1moVmdHI3YlH29cP7b6t/V4ffu0/sePtT//NTv+08nX55us/91Dd1tu2gvtP7ml9t964OFHX/zQKv/Ntf+7tdDxbE3D+e9pw6WMms0WsEsfIwAAAAAAAPSEXET8L5JcfiWcy+Xzy893HIq9uVK5Uj1xpTx3bTJNqz3/kKvf6d5fuwW7/DzEaPY8bP35iLGG+HhEHIyIbwf21OL5iXJpcqcrDwAAAAAAAAAAAAAAAAAAAD1iX4v//0/9PrDTpQO2Xe3FButesvC05QtLgFdLx1f+d+NNT0BP6tj/gVeW/g/9S/+H/qX/Q//S/6F/6f/Qv5r3f0//QD/w/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAABddenixXRZWnxyayKNT96Yn5su3zg5WaxM52fmJvIT5dnr+alyeapUzE+UZzrtr1QuXx8di7mbI9VipTpSmV+4PFOeu1a9fHWmMFW8XBx6IbUCAAAAAAAAAAAAAAAAAACAl0tlfmG6UCoVZ19wYDB2INN2geHsA2mSdD56ooTbFzjfuu6dA4Mbk/6JiF6ol8BzBHbwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADf4LAAD//4s5OFI=")
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = dup(r1)
close(r5)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r11, 0x400454a4, &(0x7f0000000080))
sendmsg$nl_route(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000030400000000fdffffff00000400", @ANYRES32=0x0, @ANYBLOB="5bbc010004a702002400128009000100626f6e640000000014000280080007000e0000000800c4785e9b2c6cc269ce19c30300e42e0000"], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)

79.796237ms ago: executing program 3 (id=738):
socket(0x10, 0x3, 0x0)
syz_io_uring_setup(0x835, &(0x7f0000001200)={0x0, 0xa846, 0x200, 0x1, 0x94}, &(0x7f0000000200)=<r0=>0x0, &(0x7f0000000140))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x402aedf, 0x400, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x300)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r8 = socket$kcm(0x2, 0x3, 0x106)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="010000003b000000060000000800004000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000000000000400000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, 0x0, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r8, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
syz_extract_tcp_res$synack(&(0x7f00000001c0), 0x1, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r11 = syz_io_uring_setup(0x2fbb, &(0x7f00000003c0)={0x0, 0x84a8, 0x10000, 0x2, 0x2b0}, &(0x7f0000000080), &(0x7f0000000240))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r11, 0xb, &(0x7f0000000300)=[@ioring_restriction_sqe_op={0x1, 0x7}, @ioring_restriction_sqe_flags_required={0x3, 0x4}, @ioring_restriction_sqe_flags_required={0x3, 0x7}], 0x3)
dup2(r1, r3)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000300)=ANY=[], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000140)={0x0, 0x2}, 0x8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

0s ago: executing program 3 (id=739):
socket$unix(0x1, 0x1, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = syz_open_dev$usbfs(0x0, 0xb, 0x3196c0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, &(0x7f0000000240))
semget$private(0x0, 0x5, 0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_bp={&(0x7f0000000340), 0x8}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = gettid()
fchdir(0xffffffffffffffff)
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000007c0)={@loopback, 0x4b})

kernel console output (not intermixed with test programs):

vsim3 netdevsim0: renamed from eth0
[   27.794135][ T3313] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   27.803427][ T3313] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   27.812403][ T3313] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   27.847936][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.858623][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.871222][ T3316] 8021q: adding VLAN 0 to HW filter on device team0
[   27.889274][ T3311] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   27.901299][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.909078][  T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.919045][ T3311] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   27.933191][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   27.944706][ T3311] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   27.954520][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.961861][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.970761][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.978166][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.986711][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.994009][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.014462][ T3311] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   28.047277][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   28.071175][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   28.087783][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   28.106655][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   28.148794][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.161499][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.189499][ T3313] 8021q: adding VLAN 0 to HW filter on device team0
[   28.211103][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.218741][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.228710][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.238277][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.257705][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.277664][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.284915][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.313045][ T3311] 8021q: adding VLAN 0 to HW filter on device team0
[   28.323402][ T3315] 8021q: adding VLAN 0 to HW filter on device team0
[   28.337512][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.344827][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.356040][ T3316] veth0_vlan: entered promiscuous mode
[   28.366416][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.374136][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.386479][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.393889][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.413756][  T270] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.421632][  T270] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.448878][ T3316] veth1_vlan: entered promiscuous mode
[   28.510214][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.523676][ T3316] veth0_macvtap: entered promiscuous mode
[   28.545363][ T3316] veth1_macvtap: entered promiscuous mode
[   28.562674][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.576496][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.607128][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.620209][ T3312] veth0_vlan: entered promiscuous mode
[   28.637428][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.656920][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.664697][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.674767][ T3312] veth1_vlan: entered promiscuous mode
[   28.683308][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.698355][ T3313] veth0_vlan: entered promiscuous mode
[   28.708622][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.733255][ T3313] veth1_vlan: entered promiscuous mode
[   28.749723][ T3312] veth0_macvtap: entered promiscuous mode
[   28.764095][ T3312] veth1_macvtap: entered promiscuous mode
[   28.785339][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   28.792904][ T3315] veth0_vlan: entered promiscuous mode
[   28.811891][ T3313] veth0_macvtap: entered promiscuous mode
[   28.826852][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.842915][ T3479] loop2: detected capacity change from 0 to 512
[   28.852917][ T3315] veth1_vlan: entered promiscuous mode
[   28.864314][ T3311] veth0_vlan: entered promiscuous mode
[   28.872353][ T3313] veth1_macvtap: entered promiscuous mode
[   28.877332][ T3479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.879787][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.892043][ T3479] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.904837][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.923080][   T52] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.932702][   T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.943761][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.957886][ T3311] veth1_vlan: entered promiscuous mode
[   28.967868][   T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.993150][ T3311] veth0_macvtap: entered promiscuous mode
[   29.000896][   T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.015265][ T3315] veth0_macvtap: entered promiscuous mode
[   29.030330][ T3311] veth1_macvtap: entered promiscuous mode
[   29.040473][   T52] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.051858][ T3315] veth1_macvtap: entered promiscuous mode
[   29.075272][   T52] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.098011][   T52] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.114581][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.125674][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.136904][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.151227][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.173854][   T52] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.187971][ T3490] loop3: detected capacity change from 0 to 512
[   29.205962][ T3490] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   29.219507][ T3490] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   29.239124][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.258419][ T3490] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4: bg 0: block 255: padding at end of block bitmap is not set
[   29.277505][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.285126][ T3490] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   29.323789][  T295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.344552][ T3490] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.4: invalid indirect mapped block 1 (level 1)
[   29.364338][  T295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.389124][  T295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.398622][ T3490] EXT4-fs (loop3): 1 truncate cleaned up
[   29.407597][ T3497] loop0: detected capacity change from 0 to 2048
[   29.412874][  T295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.427729][   T29] kauditd_printk_skb: 43 callbacks suppressed
[   29.427743][   T29] audit: type=1400 audit(1764545205.387:115): avc:  denied  { write } for  pid=3498 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   29.428788][ T3490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   29.436621][   T29] audit: type=1400 audit(1764545205.387:116): avc:  denied  { read } for  pid=3498 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   29.478481][ T3501] loop4: detected capacity change from 0 to 2048
[   29.492039][  T295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.504719][  T295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.527533][ T3305] Alternate GPT is invalid, using primary GPT.
[   29.534335][ T3305]  loop0: p1 p2 p3
[   29.538752][ T3305] loop0: partition table partially beyond EOD, truncated
[   29.564025][   T29] audit: type=1400 audit(1764545205.517:117): avc:  denied  { write } for  pid=3489 comm="syz.3.4" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   29.572484][ T3504] loop1: detected capacity change from 0 to 512
[   29.589593][ T3490] hub 9-0:1.0: USB hub found
[   29.600004][ T3490] hub 9-0:1.0: 8 ports detected
[   29.618323][ T3501] Alternate GPT is invalid, using primary GPT.
[   29.624973][ T3501]  loop4: p1 p2 p3
[   29.628764][ T3501] loop4: partition table partially beyond EOD, truncated
[   29.630493][   T29] audit: type=1400 audit(1764545205.587:118): avc:  denied  { create } for  pid=3489 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   29.658134][ T3497] Alternate GPT is invalid, using primary GPT.
[   29.664605][ T3497]  loop0: p1 p2 p3
[   29.668394][ T3497] loop0: partition table partially beyond EOD, truncated
[   29.707458][   T29] audit: type=1400 audit(1764545205.657:119): avc:  denied  { setopt } for  pid=3489 comm="syz.3.4" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   29.728525][   T29] audit: type=1400 audit(1764545205.657:120): avc:  denied  { read append open } for  pid=3489 comm="syz.3.4" path="/0/file0/cpuset.effective_mems" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   29.754313][   T29] audit: type=1400 audit(1764545205.667:121): avc:  denied  { ioctl } for  pid=3489 comm="syz.3.4" path="/0/file0/cpuset.effective_mems" dev="loop3" ino=18 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   29.796598][ T3504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.796902][ T3504] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   29.848377][   T29] audit: type=1400 audit(1764545205.757:122): avc:  denied  { mount } for  pid=3503 comm="syz.1.7" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   29.848404][   T29] audit: type=1400 audit(1764545205.777:123): avc:  denied  { map } for  pid=3515 comm="syz.0.8" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4827 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   29.848437][   T29] audit: type=1400 audit(1764545205.777:124): avc:  denied  { read write } for  pid=3515 comm="syz.0.8" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4827 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   29.877986][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.942876][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   29.968071][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   29.990987][ T3513] udevd[3513]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[   30.007063][ T3523] netlink: 'syz.4.9': attribute type 27 has an invalid length.
[   30.048348][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.098304][ T3523] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.105782][ T3523] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.161056][ T3531] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12'.
[   30.246835][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   30.268228][ T3523] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   30.309273][    C0] hrtimer: interrupt took 24632 ns
[   30.363629][ T3524] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.431942][ T3524] 8021q: adding VLAN 0 to HW filter on device team0
[   30.443287][ T3524] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   30.460700][   T52] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   30.487591][   T52] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   30.510230][   T52] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   30.559410][   T52] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   30.591593][ T3520] syz.4.9 (3520) used greatest stack depth: 10160 bytes left
[   30.610370][ T3545] netlink: 'syz.0.17': attribute type 27 has an invalid length.
[   30.629633][ T3547] loop2: detected capacity change from 0 to 2048
[   30.650798][ T3545] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.658428][ T3545] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.705353][ T3305] Alternate GPT is invalid, using primary GPT.
[   30.711847][ T3305]  loop2: p1 p2 p3
[   30.715699][ T3305] loop2: partition table partially beyond EOD, truncated
[   30.758845][ T3547] Alternate GPT is invalid, using primary GPT.
[   30.765464][ T3547]  loop2: p1 p2 p3
[   30.769318][ T3547] loop2: partition table partially beyond EOD, truncated
[   30.793138][ T3545] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   30.802950][ T3545] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   30.818668][ T3003] Alternate GPT is invalid, using primary GPT.
[   30.825042][ T3003]  loop2: p1 p2 p3
[   30.828845][ T3003] loop2: partition table partially beyond EOD, truncated
[   30.925179][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   30.937434][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   30.949024][ T3525] udevd[3525]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   30.966117][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   30.977530][ T3551] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.984393][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.985614][ T3525] udevd[3525]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   30.996073][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   31.006163][ T3551] 8021q: adding VLAN 0 to HW filter on device team0
[   31.018354][ T3564] Driver unsupported XDP return value 0 on prog  (id 10) dev N/A, expect packet loss!
[   31.042018][ T3551] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   31.060107][   T86] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.072107][   T86] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.083337][ T3563] netlink: 'syz.2.21': attribute type 27 has an invalid length.
[   31.110262][   T86] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.124938][   T86] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.187663][ T3563] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.194925][ T3563] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.264678][ T3563] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   31.288810][ T3563] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   31.361213][ T3573] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.379842][ T3573] 8021q: adding VLAN 0 to HW filter on device team0
[   31.403085][ T3573] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   31.427879][ T3580] syzkaller1: entered promiscuous mode
[   31.433396][ T3580] syzkaller1: entered allmulticast mode
[   31.454715][   T86] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.466777][   T86] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.541068][   T86] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.562809][   T86] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   31.690310][   T86] Bluetooth: hci0: Frame reassembly failed (-84)
[   31.774571][ T3616] netlink: 'syz.2.34': attribute type 27 has an invalid length.
[   31.830947][ T3616] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.839038][ T3616] 8021q: adding VLAN 0 to HW filter on device team0
[   31.848415][ T3616] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   31.853204][ T3623] loop3: detected capacity change from 0 to 512
[   31.886509][ T3623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.900257][ T3623] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.922070][ T3627] loop2: detected capacity change from 0 to 2048
[   31.946501][ T3627] Alternate GPT is invalid, using primary GPT.
[   31.953064][ T3627]  loop2: p1 p2 p3
[   31.956934][ T3627] loop2: partition table partially beyond EOD, truncated
[   31.975193][ T3003] Alternate GPT is invalid, using primary GPT.
[   31.981797][ T3003]  loop2: p1 p2 p3
[   31.985587][ T3003] loop2: partition table partially beyond EOD, truncated
[   32.017966][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   32.036922][ T3630] loop2: detected capacity change from 0 to 512
[   32.065956][ T3630] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.093185][ T3630] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.391503][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.436955][ T3636] Zero length message leads to an empty skb
[   32.548735][ T3648] syz.1.41 uses obsolete (PF_INET,SOCK_PACKET)
[   32.573301][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.713284][ T3659] netlink: 'syz.2.43': attribute type 27 has an invalid length.
[   32.726485][ T3662] loop3: detected capacity change from 0 to 512
[   32.760565][ T3662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.764212][ T3659] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.773815][ T3662] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.794725][ T3659] 8021q: adding VLAN 0 to HW filter on device team0
[   32.805485][ T3659] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   32.825108][ T3657] loop1: detected capacity change from 0 to 512
[   32.871483][ T3657] =======================================================
[   32.871483][ T3657] WARNING: The mand mount option has been deprecated and
[   32.871483][ T3657]          and is ignored by this kernel. Remove the mand
[   32.871483][ T3657]          option from the mount to silence this warning.
[   32.871483][ T3657] =======================================================
[   32.938105][ T3657] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.1.41: corrupted xattr block 95: invalid header
[   33.017421][ T3657] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   33.042678][ T3657] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.41: bg 0: block 7: invalid block bitmap
[   33.055091][ T3657] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   33.064523][ T3657] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2967: inode #11: comm syz.1.41: corrupted xattr block 95: invalid header
[   33.078612][ T3657] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   33.087816][ T3657] EXT4-fs (loop1): 1 orphan inode deleted
[   33.094030][ T3657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.107285][ T3657] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.216929][ T3676] netlink: 'syz.2.47': attribute type 27 has an invalid length.
[   33.280331][ T3676] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.288590][ T3676] 8021q: adding VLAN 0 to HW filter on device team0
[   33.298973][ T3676] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   33.467302][ T3690] netlink: 28 bytes leftover after parsing attributes in process `syz.2.51'.
[   33.506595][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.536534][ T3692] process 'syz.3.52' launched './file0' with NULL argv: empty string added
[   33.715811][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[   33.722148][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   33.843874][ T3716] hub 2-0:1.0: USB hub found
[   33.848870][ T3716] hub 2-0:1.0: 8 ports detected
[   33.880452][ T3720] netlink: 28 bytes leftover after parsing attributes in process `syz.1.60'.
[   34.027845][ T3735] netlink: 28 bytes leftover after parsing attributes in process `syz.3.62'.
[   34.071229][ T3737] hub 2-0:1.0: USB hub found
[   34.084296][ T3737] hub 2-0:1.0: 8 ports detected
[   34.220979][ T3746] loop3: detected capacity change from 0 to 512
[   34.229003][ T3748] loop1: detected capacity change from 0 to 2048
[   34.236018][ T3744] loop2: detected capacity change from 0 to 2048
[   34.256975][ T3525] Alternate GPT is invalid, using primary GPT.
[   34.263464][ T3525]  loop2: p1 p2 p3
[   34.264473][ T3746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.267480][ T3525] loop2: partition table partially beyond EOD, truncated
[   34.284311][ T3305] Alternate GPT is invalid, using primary GPT.
[   34.295870][ T3305]  loop1: p1 p2 p3
[   34.295921][ T3746] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.299715][ T3305] loop1: partition table partially beyond EOD, truncated
[   34.302793][ T3744] Alternate GPT is invalid, using primary GPT.
[   34.324369][ T3744]  loop2: p1 p2 p3
[   34.328134][ T3744] loop2: partition table partially beyond EOD, truncated
[   34.339502][ T3748] Alternate GPT is invalid, using primary GPT.
[   34.346103][ T3748]  loop1: p1 p2 p3
[   34.349891][ T3748] loop1: partition table partially beyond EOD, truncated
[   34.439218][   T29] kauditd_printk_skb: 236 callbacks suppressed
[   34.439233][   T29] audit: type=1400 audit(1764545210.397:361): avc:  denied  { name_bind } for  pid=3751 comm="syz.4.69" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   34.466845][   T29] audit: type=1400 audit(1764545210.397:362): avc:  denied  { node_bind } for  pid=3751 comm="syz.4.69" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   34.526936][ T3756] netlink: 8 bytes leftover after parsing attributes in process `syz.4.71'.
[   34.572519][   T29] audit: type=1326 audit(1764545210.447:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.596981][   T29] audit: type=1326 audit(1764545210.447:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.620587][   T29] audit: type=1326 audit(1764545210.447:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.644401][   T29] audit: type=1326 audit(1764545210.447:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.668888][   T29] audit: type=1326 audit(1764545210.447:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.692589][   T29] audit: type=1326 audit(1764545210.457:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.700798][ T3762] loop0: detected capacity change from 0 to 256
[   34.715950][   T29] audit: type=1326 audit(1764545210.457:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.746000][   T29] audit: type=1326 audit(1764545210.457:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.4.69" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   34.781209][ T3761] loop1: detected capacity change from 0 to 2048
[   34.836505][ T3305] Alternate GPT is invalid, using primary GPT.
[   34.842980][ T3305]  loop1: p1 p2 p3
[   34.846787][ T3305] loop1: partition table partially beyond EOD, truncated
[   34.860007][ T3764] netlink: 8 bytes leftover after parsing attributes in process `syz.2.84'.
[   34.885597][ T3761] Alternate GPT is invalid, using primary GPT.
[   34.892085][ T3761]  loop1: p1 p2 p3
[   34.895859][ T3761] loop1: partition table partially beyond EOD, truncated
[   34.923470][ T3766] hub 2-0:1.0: USB hub found
[   34.957736][ T3766] hub 2-0:1.0: 8 ports detected
[   34.990115][ T3525] udevd[3525]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   34.995326][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   35.005232][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   35.154825][ T3774] netlink: 'syz.2.88': attribute type 27 has an invalid length.
[   35.261517][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.264316][ T3782] 8021q: adding VLAN 0 to HW filter on device bond0
[   35.295266][ T3782] 8021q: adding VLAN 0 to HW filter on device team0
[   35.321666][ T3782] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   35.380401][ T3799] loop2: detected capacity change from 0 to 512
[   35.398689][ T3799] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.411705][ T3799] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.617006][ T3817] syzkaller1: entered promiscuous mode
[   35.622559][ T3817] syzkaller1: entered allmulticast mode
[   35.623629][ T3815] netlink: 8 bytes leftover after parsing attributes in process `syz.3.90'.
[   35.791888][ T3833] loop4: detected capacity change from 0 to 2048
[   35.912705][ T3833] Alternate GPT is invalid, using primary GPT.
[   35.915561][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.919204][ T3833]  loop4: p1 p2 p3
[   35.931982][ T3833] loop4: partition table partially beyond EOD, truncated
[   36.057032][ T3842] netlink: 'syz.2.99': attribute type 27 has an invalid length.
[   36.134054][ T3842] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.142541][ T3842] 8021q: adding VLAN 0 to HW filter on device team0
[   36.155071][ T3842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   36.236165][ T3862] loop4: detected capacity change from 0 to 2048
[   36.270866][ T3862] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.289014][ T3862] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.335628][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.347495][ T3873] loop3: detected capacity change from 0 to 128
[   36.381138][ T3873] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   36.432408][ T3882] loop2: detected capacity change from 0 to 2048
[   36.441921][ T3873] ext4 filesystem being mounted at /24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   36.500650][ T3305] Alternate GPT is invalid, using primary GPT.
[   36.507268][ T3305]  loop2: p1 p2 p3
[   36.512717][ T3305] loop2: partition table partially beyond EOD, truncated
[   36.557041][ T3888] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   36.572004][ T3882] Alternate GPT is invalid, using primary GPT.
[   36.578551][ T3882]  loop2: p1 p2 p3
[   36.582376][ T3882] loop2: partition table partially beyond EOD, truncated
[   36.711904][ T3313] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   36.727817][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   36.739464][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   36.742972][ T3525] udevd[3525]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   36.767895][ T3907] loop2: detected capacity change from 0 to 2048
[   36.808195][ T3907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.827442][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   36.838401][ T3509] udevd[3509]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   36.842135][ T3525] udevd[3525]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   36.863787][ T3907] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.880587][ T3922] 9pnet_fd: Insufficient options for proto=fd
[   36.916510][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.980633][ T3932] 9pnet_fd: Insufficient options for proto=fd
[   37.032670][ T3936] loop4: detected capacity change from 0 to 2048
[   37.050233][ T3937] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[   37.076320][ T3305] Alternate GPT is invalid, using primary GPT.
[   37.082623][ T3305]  loop4: p1 p2 p3
[   37.086491][ T3305] loop4: partition table partially beyond EOD, truncated
[   37.099375][ T3936] Alternate GPT is invalid, using primary GPT.
[   37.106131][ T3936]  loop4: p1 p2 p3
[   37.109849][ T3936] loop4: partition table partially beyond EOD, truncated
[   37.112220][ T3941] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[   37.169473][ T3003] Alternate GPT is invalid, using primary GPT.
[   37.175795][ T3003]  loop4: p1 p2 p3
[   37.179519][ T3003] loop4: partition table partially beyond EOD, truncated
[   37.213369][ T3947] capability: warning: `syz.4.132' uses deprecated v2 capabilities in a way that may be insecure
[   37.220562][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   37.750280][ T3961] loop0: detected capacity change from 0 to 512
[   37.766821][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.134: corrupted inode contents
[   37.779553][ T3961] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #3: comm syz.0.134: mark_inode_dirty error
[   37.792453][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #3: comm syz.0.134: corrupted inode contents
[   37.805338][ T3961] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.134: mark_inode_dirty error
[   37.817258][ T3961] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.134: Failed to acquire dquot type 0
[   37.829593][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.134: corrupted inode contents
[   37.841695][ T3961] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #16: comm syz.0.134: mark_inode_dirty error
[   37.854001][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.134: corrupted inode contents
[   37.866516][ T3961] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.134: mark_inode_dirty error
[   37.884840][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.134: corrupted inode contents
[   37.898420][ T3961] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem
[   37.908372][ T3961] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.134: corrupted inode contents
[   37.920714][ T3961] EXT4-fs error (device loop0): ext4_truncate:4637: inode #16: comm syz.0.134: mark_inode_dirty error
[   37.932040][ T3967] loop1: detected capacity change from 0 to 2048
[   37.932540][ T3961] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem
[   37.948370][ T3961] EXT4-fs (loop0): 1 truncate cleaned up
[   37.954711][ T3961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.967842][ T3961] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   37.969009][ T3967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.988080][ T3961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   37.991290][ T3967] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.000683][ T3961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   38.025965][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.297918][ T3995] loop3: detected capacity change from 0 to 2048
[   38.327892][ T4000] loop4: detected capacity change from 0 to 128
[   38.337844][ T4000] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   38.367939][ T3995] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.408387][ T3995] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.418853][ T4000] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   38.480476][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.495200][ T3312] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   38.521128][ T4007] loop1: detected capacity change from 0 to 2048
[   38.539149][ T4010] can0: slcan on ptm1.
[   38.556375][ T3509] Alternate GPT is invalid, using primary GPT.
[   38.562709][ T3509]  loop1: p1 p2 p3
[   38.566470][ T3509] loop1: partition table partially beyond EOD, truncated
[   38.572114][ T3961] syz.0.134 (3961) used greatest stack depth: 9760 bytes left
[   38.582456][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.584116][ T4007] Alternate GPT is invalid, using primary GPT.
[   38.598041][ T4007]  loop1: p1 p2 p3
[   38.602156][ T4007] loop1: partition table partially beyond EOD, truncated
[   38.613934][ T4010] can0 (unregistered): slcan off ptm1.
[   38.622157][ T4010] Falling back ldisc for ptm1.
[   38.709177][ T4017] netlink: 'syz.1.157': attribute type 10 has an invalid length.
[   38.752363][ T4017] team0: Port device dummy0 added
[   38.770736][ T4023] netlink: 'syz.1.157': attribute type 10 has an invalid length.
[   38.802683][ T4023] team0: Failed to send port change of device dummy0 via netlink (err -105)
[   38.834665][ T4023] team0: Failed to send options change via netlink (err -105)
[   38.845209][ T4023] team0: Failed to send port change of device dummy0 via netlink (err -105)
[   38.879014][ T4023] team0: Port device dummy0 removed
[   38.979122][ T4045] loop3: detected capacity change from 0 to 2048
[   38.996868][ T4045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.015471][ T4045] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.027404][ T4047] netlink: 'syz.1.164': attribute type 27 has an invalid length.
[   39.060323][ T4047] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.067584][ T4047] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.076103][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.171163][ T4047] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.200715][ T4047] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   39.344176][ T4076] netlink: 'syz.3.173': attribute type 1 has an invalid length.
[   39.362010][ T4056] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.376194][ T4056] 8021q: adding VLAN 0 to HW filter on device team0
[   39.386116][ T4056] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   39.411960][  T295] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.430160][ T4076] 8021q: adding VLAN 0 to HW filter on device bond1
[   39.448410][ T4083] loop0: detected capacity change from 0 to 512
[   39.460121][ T4081] 8021q: adding VLAN 0 to HW filter on device batadv1
[   39.472283][ T4081] bond1: (slave batadv1): making interface the new active one
[   39.481298][ T4081] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   39.490154][  T295] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.504645][ T4083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.517454][   T86] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.545376][   T86] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.552109][ T4083] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.674996][ T4081] netlink: 'syz.3.173': attribute type 13 has an invalid length.
[   39.689549][   T29] kauditd_printk_skb: 571 callbacks suppressed
[   39.689565][   T29] audit: type=1326 audit(1764545215.647:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.720424][   T29] audit: type=1326 audit(1764545215.647:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.743725][   T29] audit: type=1326 audit(1764545215.647:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.767140][   T29] audit: type=1326 audit(1764545215.647:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.790589][   T29] audit: type=1326 audit(1764545215.647:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.814340][   T29] audit: type=1326 audit(1764545215.647:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.837870][   T29] audit: type=1326 audit(1764545215.647:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.861405][   T29] audit: type=1326 audit(1764545215.647:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.884946][   T29] audit: type=1326 audit(1764545215.647:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.909112][   T29] audit: type=1326 audit(1764545215.647:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4098 comm="syz.1.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   39.984964][ T4115] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.004099][ T4081] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.012397][ T4081] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.015432][ T4113] syz.2.185 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   40.072866][ T4081] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   40.086959][ T4081] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   40.205039][  T295] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   40.214043][  T295] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   40.227070][ T4122] netlink: 'syz.1.189': attribute type 27 has an invalid length.
[   40.331528][ T4125] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.345740][ T4125] 8021q: adding VLAN 0 to HW filter on device team0
[   40.366850][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.379211][ T4125] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   40.395579][  T295] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   40.408625][  T295] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   40.442028][ T4136] 9pnet_fd: Insufficient options for proto=fd
[   40.465365][ T4134] FAULT_INJECTION: forcing a failure.
[   40.465365][ T4134] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.478617][ T4134] CPU: 0 UID: 0 PID: 4134 Comm: syz.3.194 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   40.478644][ T4134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   40.478655][ T4134] Call Trace:
[   40.478660][ T4134]  <TASK>
[   40.478667][ T4134]  __dump_stack+0x1d/0x30
[   40.478690][ T4134]  dump_stack_lvl+0xe8/0x140
[   40.478719][ T4134]  dump_stack+0x15/0x1b
[   40.478734][ T4134]  should_fail_ex+0x265/0x280
[   40.478826][ T4134]  should_fail+0xb/0x20
[   40.478838][ T4134]  should_fail_usercopy+0x1a/0x20
[   40.478856][ T4134]  _copy_from_user+0x1c/0xb0
[   40.478904][ T4134]  ___sys_sendmsg+0xc1/0x1d0
[   40.478930][ T4134]  __x64_sys_sendmsg+0xd4/0x160
[   40.478948][ T4134]  x64_sys_call+0x191e/0x3000
[   40.478988][ T4134]  do_syscall_64+0xd2/0x200
[   40.479008][ T4134]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   40.479030][ T4134]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   40.479108][ T4134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.479195][ T4134] RIP: 0033:0x7fccc20ff749
[   40.479208][ T4134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.479222][ T4134] RSP: 002b:00007fccc0b67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   40.479238][ T4134] RAX: ffffffffffffffda RBX: 00007fccc2355fa0 RCX: 00007fccc20ff749
[   40.479249][ T4134] RDX: 0000000020040844 RSI: 0000200000000340 RDI: 0000000000000006
[   40.479345][ T4134] RBP: 00007fccc0b67090 R08: 0000000000000000 R09: 0000000000000000
[   40.479435][ T4134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.479446][ T4134] R13: 00007fccc2356038 R14: 00007fccc2355fa0 R15: 00007ffc14b11478
[   40.479460][ T4134]  </TASK>
[   40.689922][ T4146] hub 9-0:1.0: USB hub found
[   40.694719][ T4146] hub 9-0:1.0: 8 ports detected
[   40.728595][ T4146] loop3: detected capacity change from 0 to 512
[   40.737583][ T4150] netlink: 'syz.4.198': attribute type 1 has an invalid length.
[   40.750106][ T4146] EXT4-fs: Ignoring removed i_version option
[   40.756480][ T4146] EXT4-fs: Ignoring removed bh option
[   40.769889][ T4157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   40.770759][ T4146] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.789687][ T4157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   40.792353][ T4146] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   40.800863][ T4150] 8021q: adding VLAN 0 to HW filter on device bond1
[   40.826065][ T4158] 8021q: adding VLAN 0 to HW filter on device batadv1
[   40.834935][ T4158] bond1: (slave batadv1): making interface the new active one
[   40.843611][ T4158] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   40.853279][ T4146] IPv6: NLM_F_CREATE should be specified when creating new route
[   40.854073][ T4159] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[   40.875498][ T4150] netlink: 'syz.4.198': attribute type 13 has an invalid length.
[   40.875866][ T4151] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   40.908358][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.044659][ T4169] caif0: entered promiscuous mode
[   41.067556][ T3525] printk: udevd: 13 output lines suppressed due to ratelimiting
[   41.141799][ T4178] loop3: detected capacity change from 0 to 2048
[   41.167222][ T4178] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.179791][ T4178] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.201610][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.337662][ T4197] loop2: detected capacity change from 0 to 512
[   41.345159][ T4197] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   41.359752][ T4197] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.212: bg 0: block 255: padding at end of block bitmap is not set
[   41.374422][ T4197] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   41.384195][ T4197] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.212: invalid indirect mapped block 1 (level 1)
[   41.398943][ T4197] EXT4-fs (loop2): 1 truncate cleaned up
[   41.405748][ T4197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.436347][ T4197] hub 9-0:1.0: USB hub found
[   41.441427][ T4197] hub 9-0:1.0: 8 ports detected
[   41.637793][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.675771][ T4221] loop3: detected capacity change from 0 to 2048
[   42.003791][ T4233] netlink: 'syz.0.224': attribute type 27 has an invalid length.
[   42.065867][ T4233] 8021q: adding VLAN 0 to HW filter on device bond0
[   42.076072][ T4233] 8021q: adding VLAN 0 to HW filter on device team0
[   42.087262][ T4233] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   42.118753][ T4221] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.135034][ T4221] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.152157][ T4243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.225'.
[   42.163221][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.164804][ T4243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.225'.
[   42.293905][ T4253] loop2: detected capacity change from 0 to 512
[   42.300741][ T4253] EXT4-fs: Ignoring removed i_version option
[   42.306866][ T4253] EXT4-fs: Ignoring removed bh option
[   42.327105][ T4253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.340203][ T4253] ext4 filesystem being mounted at /56/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.446940][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.576636][ T4275] syzkaller1: entered promiscuous mode
[   42.582511][ T4275] syzkaller1: entered allmulticast mode
[   42.921196][ T4313] hub 9-0:1.0: USB hub found
[   42.926058][ T4313] hub 9-0:1.0: 8 ports detected
[   43.155355][ T4331] syzkaller1: entered promiscuous mode
[   43.160913][ T4331] syzkaller1: entered allmulticast mode
[   43.258620][ T4342] IPv6: NLM_F_CREATE should be specified when creating new route
[   43.338852][ T4353] netlink: 'syz.2.256': attribute type 27 has an invalid length.
[   43.383798][ T4353] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.391883][ T4353] 8021q: adding VLAN 0 to HW filter on device team0
[   43.400993][ T4353] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   43.450056][ T4360] netlink: 'syz.3.257': attribute type 27 has an invalid length.
[   43.459332][ T4360] caif0: left promiscuous mode
[   43.472637][ T4364] netlink: 24 bytes leftover after parsing attributes in process `syz.2.258'.
[   43.484338][ T4360] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.492506][ T4360] 8021q: adding VLAN 0 to HW filter on device team0
[   43.502347][ T4360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   43.532742][ T4364] netlink: 'syz.2.258': attribute type 13 has an invalid length.
[   43.606230][ T4376] loop3: detected capacity change from 0 to 512
[   43.635240][ T4376] EXT4-fs: dax option not supported
[   43.776496][ T4390] loop3: detected capacity change from 0 to 2048
[   43.832043][ T4395] hub 9-0:1.0: USB hub found
[   43.836934][ T4395] hub 9-0:1.0: 8 ports detected
[   43.840212][ T4390] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.854279][ T4390] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.876238][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.899107][ T4401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.908865][ T4401] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.912791][ T4404] tipc: Started in network mode
[   43.922426][ T4404] tipc: Node identity 5e7dda31ffb9, cluster identity 4711
[   43.929729][ T4404] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   43.936729][ T4405] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[   43.945744][ T4404] syzkaller0: entered promiscuous mode
[   43.951995][ T4404] syzkaller0: entered allmulticast mode
[   43.960272][ T4403] tipc: Resetting bearer <eth:syzkaller0>
[   43.966642][ T4402] tipc: Resetting bearer <eth:syzkaller0>
[   43.973603][ T4402] tipc: Disabling bearer <eth:syzkaller0>
[   44.114458][ T4407] netlink: 28 bytes leftover after parsing attributes in process `syz.0.274'.
[   44.572653][ T4426] loop3: detected capacity change from 0 to 512
[   44.605347][ T4426] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   44.645816][ T4426] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.280: bg 0: block 255: padding at end of block bitmap is not set
[   44.660652][ T4426] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   44.669787][ T4426] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.280: invalid indirect mapped block 1 (level 1)
[   44.684052][ T4426] EXT4-fs (loop3): 1 truncate cleaned up
[   44.690485][ T4426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.705386][ T4430] loop0: detected capacity change from 0 to 512
[   44.715093][ T4426] hub 9-0:1.0: USB hub found
[   44.715836][ T4430] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   44.719828][ T4426] hub 9-0:1.0: 8 ports detected
[   44.735810][ T4430] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.281: bg 0: block 255: padding at end of block bitmap is not set
[   44.750705][ T4432] loop1: detected capacity change from 0 to 2048
[   44.757264][ T4430] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   44.767934][ T4430] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.281: invalid indirect mapped block 1 (level 1)
[   44.781476][ T4430] EXT4-fs (loop0): 1 truncate cleaned up
[   44.783177][ T4432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.787786][ T4430] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.799702][ T4432] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.840540][ T4430] hub 9-0:1.0: USB hub found
[   44.840675][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.845636][ T4430] hub 9-0:1.0: 8 ports detected
[   44.863880][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.916978][   T29] kauditd_printk_skb: 459 callbacks suppressed
[   44.916993][   T29] audit: type=1400 audit(1764545220.877:1409): avc:  denied  { ioctl } for  pid=4446 comm="syz.1.286" path="socket:[7481]" dev="sockfs" ino=7481 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   44.975607][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.016477][   T29] audit: type=1326 audit(1764545220.977:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4456 comm="syz.0.289" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f303db7f749 code=0x0
[   45.187446][ T4469] loop4: detected capacity change from 0 to 2048
[   45.207439][ T4469] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.220614][ T4469] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.246273][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.249643][ T4476] loop1: detected capacity change from 0 to 512
[   45.277155][ T4476] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.289923][ T4476] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.302356][ T4482] loop4: detected capacity change from 0 to 512
[   45.321918][ T4482] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.297: bg 0: block 248: padding at end of block bitmap is not set
[   45.336687][ T4482] EXT4-fs (loop4): Remounting filesystem read-only
[   45.343294][ T4482] Quota error (device loop4): write_blk: dquota write failed
[   45.350831][ T4482] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[   45.361131][ T4482] EXT4-fs (loop4): 1 truncate cleaned up
[   45.367441][ T4482] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.380282][ T4482] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.392139][   T29] audit: type=1400 audit(1764545221.347:1411): avc:  denied  { nlmsg_write } for  pid=4481 comm="syz.4.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   45.393412][ T4482] syz.4.297 (4482) used greatest stack depth: 9120 bytes left
[   45.438969][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.697312][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.745431][ T4501] netlink: 'syz.1.303': attribute type 27 has an invalid length.
[   45.781392][ T4501] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.789170][ T4501] 8021q: adding VLAN 0 to HW filter on device team0
[   45.795824][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[   45.801915][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   45.808252][ T4501] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   45.861411][ T4507] loop0: detected capacity change from 0 to 2048
[   45.886504][ T4507] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.916984][ T4507] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.953573][   T29] audit: type=1400 audit(1764545221.887:1412): avc:  denied  { checkpoint_restore } for  pid=4516 comm="syz.1.309" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   45.988437][ T4524] x_tables: duplicate underflow at hook 1
[   46.010407][ T4524] x_tables: duplicate underflow at hook 1
[   46.053154][ T4510] netlink: 20 bytes leftover after parsing attributes in process `syz.4.304'.
[   46.083219][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.345762][ T4550] netlink: 28 bytes leftover after parsing attributes in process `syz.3.321'.
[   46.352617][ T4551] loop0: detected capacity change from 0 to 2048
[   46.356943][ T4550] netlink: 8 bytes leftover after parsing attributes in process `syz.3.321'.
[   46.370569][   T29] audit: type=1326 audit(1764545222.317:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4552 comm="syz.1.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   46.394077][   T29] audit: type=1326 audit(1764545222.317:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4552 comm="syz.1.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   46.417561][   T29] audit: type=1326 audit(1764545222.317:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4552 comm="syz.1.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   46.442118][   T29] audit: type=1326 audit(1764545222.317:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4552 comm="syz.1.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   46.478698][ T4551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.491231][ T4551] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.504540][ T4558] netlink: 28 bytes leftover after parsing attributes in process `syz.4.324'.
[   46.536464][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.562444][ T4561] loop1: detected capacity change from 0 to 512
[   46.585350][ T4561] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   46.635942][ T4561] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.328: bg 0: block 255: padding at end of block bitmap is not set
[   46.673604][ T4577] loop4: detected capacity change from 0 to 512
[   46.681952][ T4566] netlink: 'syz.3.330': attribute type 27 has an invalid length.
[   46.704593][ T4577] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   46.717856][ T4561] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   46.745469][ T4561] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.328: invalid indirect mapped block 1 (level 1)
[   46.760633][ T4561] EXT4-fs (loop1): 1 truncate cleaned up
[   46.767218][ T4561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.769727][ T4566] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.789958][ T4577] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.790894][ T4566] 8021q: adding VLAN 0 to HW filter on device team0
[   46.807236][ T4586] xt_hashlimit: max too large, truncated to 1048576
[   46.816231][ T4577] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.817253][ T4561] hub 9-0:1.0: USB hub found
[   46.829484][ T4586] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   46.842617][ T4566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   46.843317][ T4561] hub 9-0:1.0: 8 ports detected
[   46.906965][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.938969][ T4591] loop2: detected capacity change from 0 to 2048
[   46.959859][ T4597] program syz.1.337 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   46.969942][ T4577] ext4: Unknown parameter '8þ~ÿÑ“çöˆÿ§ó»¿þ'÷ˆ?é0þ7cŸ?Ý®­¦Íø³Ûã·'
[   46.988062][ T4595] pimreg: entered allmulticast mode
[   46.995768][ T4591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.014102][ T4591] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.024912][ T4595] IPVS: set_ctl: invalid protocol: 43 172.20.20.25:20004
[   47.043868][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.044234][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.063822][ T4603] loop1: detected capacity change from 0 to 512
[   47.071551][ T4603] EXT4-fs error (device loop1): ext4_get_journal_inode:5808: comm syz.1.340: inode #196608: comm syz.1.340: iget: illegal inode #
[   47.086522][ T4603] EXT4-fs (loop1): Remounting filesystem read-only
[   47.093323][ T4603] EXT4-fs (loop1): no journal found
[   47.098569][ T4603] EXT4-fs (loop1): can't get journal size
[   47.107125][ T4603] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   47.121273][ T4603] EXT4-fs (loop1): failed to initialize system zone (-22)
[   47.129882][ T4614] loop4: detected capacity change from 0 to 256
[   47.130139][ T4603] EXT4-fs (loop1): mount failed
[   47.143625][ T4610] loop2: detected capacity change from 0 to 512
[   47.170232][ T4610] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.191554][ T4610] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.233631][ T4623] loop1: detected capacity change from 0 to 512
[   47.244705][ T4623] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   47.254933][ T4623] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.348: bg 0: block 255: padding at end of block bitmap is not set
[   47.282382][ T4623] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   47.291326][ T4623] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.348: invalid indirect mapped block 1 (level 1)
[   47.308548][ T4623] EXT4-fs (loop1): 1 truncate cleaned up
[   47.317175][ T4623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.335551][ T4623] hub 9-0:1.0: USB hub found
[   47.340419][ T4623] hub 9-0:1.0: 8 ports detected
[   47.368972][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.410085][ T4639] loop1: detected capacity change from 0 to 2048
[   47.432357][ T4639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.444900][ T4639] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.475462][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.755210][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.825185][ T4677] loop4: detected capacity change from 0 to 512
[   47.831919][ T4677] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   47.856367][ T4677] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.364: bg 0: block 255: padding at end of block bitmap is not set
[   47.872947][ T4677] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   47.882158][ T4677] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.364: invalid indirect mapped block 1 (level 1)
[   47.895762][ T4677] EXT4-fs (loop4): 1 truncate cleaned up
[   47.901791][ T4677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.935728][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.967998][ T4683] hub 9-0:1.0: USB hub found
[   47.982956][ T4683] hub 9-0:1.0: 8 ports detected
[   47.999049][ T4689] syzkaller1: entered promiscuous mode
[   48.004555][ T4689] syzkaller1: entered allmulticast mode
[   48.011697][ T4689] netlink: 16 bytes leftover after parsing attributes in process `syz.1.367'.
[   48.039233][ T4689] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[   48.046240][ T4694] hub 9-0:1.0: USB hub found
[   48.060222][ T4694] hub 9-0:1.0: 8 ports detected
[   48.141625][ T4705] loop1: detected capacity change from 0 to 512
[   48.182229][ T4711] loop2: detected capacity change from 0 to 512
[   48.200715][ T4705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.213638][ T4705] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.231701][ T4711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.268357][ T4711] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.401782][ T4719] netlink: 28 bytes leftover after parsing attributes in process `syz.3.377'.
[   48.444180][ T4719] netlink: 8 bytes leftover after parsing attributes in process `syz.3.377'.
[   48.704494][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.747346][ T4740] loop3: detected capacity change from 0 to 512
[   48.767766][ T4740] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   48.835749][ T4740] EXT4-fs (loop3): 1 truncate cleaned up
[   48.841894][ T4740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.931458][ T4753] loop3: detected capacity change from 0 to 512
[   48.938452][ T4754] loop4: detected capacity change from 0 to 128
[   48.972292][ T4753] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.995362][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   49.046615][ T4765] netlink: 19 bytes leftover after parsing attributes in process `syz.1.388'.
[   49.200350][ T4754] syz.4.386: attempt to access beyond end of device
[   49.200350][ T4754] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   49.213948][ T4754] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   49.225242][ T4766] syz.4.386: attempt to access beyond end of device
[   49.225242][ T4766] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   49.238707][ T4766] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   49.261932][ T4766] syz.4.386: attempt to access beyond end of device
[   49.261932][ T4766] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   49.276386][ T4766] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   49.289724][ T4772] loop2: detected capacity change from 0 to 512
[   49.315309][ T4772] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.495239][ T4786] hub 9-0:1.0: USB hub found
[   49.500212][ T4786] hub 9-0:1.0: 8 ports detected
[   49.546084][ T4788] loop3: detected capacity change from 0 to 2048
[   49.557125][ T4788] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.615629][ T4793] xt_hashlimit: max too large, truncated to 1048576
[   49.623441][ T4793] xt_CT: You must specify a L4 protocol and not use inversions on it
[   49.656612][ T4800] FAULT_INJECTION: forcing a failure.
[   49.656612][ T4800] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.670354][ T4800] CPU: 1 UID: 0 PID: 4800 Comm: syz.3.398 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.670380][ T4800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   49.670391][ T4800] Call Trace:
[   49.670397][ T4800]  <TASK>
[   49.670405][ T4800]  __dump_stack+0x1d/0x30
[   49.670424][ T4800]  dump_stack_lvl+0xe8/0x140
[   49.670517][ T4800]  dump_stack+0x15/0x1b
[   49.670530][ T4800]  should_fail_ex+0x265/0x280
[   49.670545][ T4800]  should_fail+0xb/0x20
[   49.670557][ T4800]  should_fail_usercopy+0x1a/0x20
[   49.670573][ T4800]  _copy_from_user+0x1c/0xb0
[   49.670657][ T4800]  do_ipt_set_ctl+0x3a0/0x820
[   49.670673][ T4800]  ? lock_sock_nested+0x112/0x140
[   49.670751][ T4800]  nf_setsockopt+0x199/0x1b0
[   49.670769][ T4800]  ip_setsockopt+0x102/0x110
[   49.670791][ T4800]  udp_setsockopt+0x99/0xb0
[   49.670813][ T4800]  sock_common_setsockopt+0x69/0x80
[   49.670909][ T4800]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   49.670928][ T4800]  __sys_setsockopt+0x184/0x200
[   49.670951][ T4800]  __x64_sys_setsockopt+0x64/0x80
[   49.670993][ T4800]  x64_sys_call+0x20ec/0x3000
[   49.671009][ T4800]  do_syscall_64+0xd2/0x200
[   49.671026][ T4800]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   49.671104][ T4800]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   49.671127][ T4800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.671143][ T4800] RIP: 0033:0x7fccc20ff749
[   49.671155][ T4800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.671232][ T4800] RSP: 002b:00007fccc0b67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   49.671247][ T4800] RAX: ffffffffffffffda RBX: 00007fccc2355fa0 RCX: 00007fccc20ff749
[   49.671310][ T4800] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006
[   49.671320][ T4800] RBP: 00007fccc0b67090 R08: 0000000000000328 R09: 0000000000000000
[   49.671329][ T4800] R10: 0000200000000a40 R11: 0000000000000246 R12: 0000000000000001
[   49.671340][ T4800] R13: 00007fccc2356038 R14: 00007fccc2355fa0 R15: 00007ffc14b11478
[   49.671413][ T4800]  </TASK>
[   49.925078][   T29] kauditd_printk_skb: 152 callbacks suppressed
[   49.925095][   T29] audit: type=1326 audit(1764545225.867:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   49.955500][   T29] audit: type=1326 audit(1764545225.867:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   49.979089][   T29] audit: type=1326 audit(1764545225.867:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.005252][   T29] audit: type=1326 audit(1764545225.867:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.030108][   T29] audit: type=1326 audit(1764545225.867:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.054680][   T29] audit: type=1326 audit(1764545225.877:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.078333][   T29] audit: type=1326 audit(1764545225.877:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.102187][   T29] audit: type=1326 audit(1764545225.877:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.119861][ T4811] sctp: [Deprecated]: syz.3.402 (pid 4811) Use of struct sctp_assoc_value in delayed_ack socket option.
[   50.119861][ T4811] Use struct sctp_sack_info instead
[   50.127428][   T29] audit: type=1326 audit(1764545225.877:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.146760][ T4811] xt_hashlimit: max too large, truncated to 1048576
[   50.167483][   T29] audit: type=1326 audit(1764545225.877:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4802 comm="syz.3.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccc20ff749 code=0x7ffc0000
[   50.175549][ T4811] xt_CT: You must specify a L4 protocol and not use inversions on it
[   50.249470][ T4817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.401'.
[   50.264462][ T4817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.401'.
[   50.284624][ T4814] netlink: 'XáMJtp': attribute type 3 has an invalid length.
[   50.298307][ T4814] netlink: 14 bytes leftover after parsing attributes in process `XáMJtp'.
[   50.307530][ T4814] hsr_slave_0: left promiscuous mode
[   50.315923][ T4814] hsr_slave_1: left promiscuous mode
[   50.321641][ T4819] loop3: detected capacity change from 0 to 2048
[   50.352819][ T4819] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.426376][ T4827] FAULT_INJECTION: forcing a failure.
[   50.426376][ T4827] name failslab, interval 1, probability 0, space 0, times 1
[   50.439498][ T4827] CPU: 1 UID: 0 PID: 4827 Comm: syz.2.408 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   50.439523][ T4827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   50.439533][ T4827] Call Trace:
[   50.439540][ T4827]  <TASK>
[   50.439549][ T4827]  __dump_stack+0x1d/0x30
[   50.439575][ T4827]  dump_stack_lvl+0xe8/0x140
[   50.439599][ T4827]  dump_stack+0x15/0x1b
[   50.439613][ T4827]  should_fail_ex+0x265/0x280
[   50.439630][ T4827]  should_failslab+0x8c/0xb0
[   50.439655][ T4827]  kmem_cache_alloc_noprof+0x50/0x480
[   50.439716][ T4827]  ? getname_flags+0x80/0x3b0
[   50.439741][ T4827]  ? fput+0x8f/0xc0
[   50.439758][ T4827]  getname_flags+0x80/0x3b0
[   50.439833][ T4827]  __x64_sys_execve+0x42/0x70
[   50.439855][ T4827]  x64_sys_call+0x271a/0x3000
[   50.439876][ T4827]  do_syscall_64+0xd2/0x200
[   50.439896][ T4827]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   50.440001][ T4827]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   50.440028][ T4827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.440045][ T4827] RIP: 0033:0x7f558fb4f749
[   50.440059][ T4827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.440087][ T4827] RSP: 002b:00007f558e5af038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[   50.440107][ T4827] RAX: ffffffffffffffda RBX: 00007f558fda5fa0 RCX: 00007f558fb4f749
[   50.440120][ T4827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[   50.440132][ T4827] RBP: 00007f558e5af090 R08: 0000000000000000 R09: 0000000000000000
[   50.440143][ T4827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.440154][ T4827] R13: 00007f558fda6038 R14: 00007f558fda5fa0 R15: 00007ffc31124688
[   50.440171][ T4827]  </TASK>
[   50.625292][   T10] Process accounting resumed
[   50.652069][ T4838] netlink: 'syz.2.411': attribute type 27 has an invalid length.
[   50.682998][ T4843] loop0: detected capacity change from 0 to 512
[   50.711114][ T4843] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.715851][ T4838] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.756355][ T4838] 8021q: adding VLAN 0 to HW filter on device team0
[   50.780097][ T4838] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   50.901327][ T4851] hub 9-0:1.0: USB hub found
[   50.906133][ T4851] hub 9-0:1.0: 8 ports detected
[   50.967794][ T4856] loop2: detected capacity change from 0 to 164
[   50.977448][ T4856] syz.2.417: attempt to access beyond end of device
[   50.977448][ T4856] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   50.991653][ T4856] syz.2.417: attempt to access beyond end of device
[   50.991653][ T4856] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[   51.010511][ T4857] iso9660: Corrupted directory entry in block 4 of inode 1792
[   51.220409][ T4899] netlink: 28 bytes leftover after parsing attributes in process `syz.2.419'.
[   51.233381][ T4899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.419'.
[   51.255678][ T4931] loop1: detected capacity change from 0 to 2048
[   51.284244][ T4931] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.382016][ T4937] blktrace: Concurrent blktraces are not allowed on sg0
[   51.397776][ T4941] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   51.406109][ T4941] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   51.448327][ T4946] loop1: detected capacity change from 0 to 1024
[   51.460489][ T4946] EXT4-fs: Ignoring removed nomblk_io_submit option
[   51.511637][ T4935] loop4: detected capacity change from 0 to 2048
[   51.520255][ T4958] hub 9-0:1.0: USB hub found
[   51.525137][ T4958] hub 9-0:1.0: 8 ports detected
[   51.551823][ T4963] loop0: detected capacity change from 0 to 1024
[   51.572618][ T4963] EXT4-fs: Mount option(s) incompatible with ext3
[   51.608049][ T4935] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.638872][ T4961] FAULT_INJECTION: forcing a failure.
[   51.638872][ T4961] name failslab, interval 1, probability 0, space 0, times 0
[   51.651727][ T4961] CPU: 1 UID: 0 PID: 4961 Comm: syz.1.424 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   51.651793][ T4961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   51.651803][ T4961] Call Trace:
[   51.651810][ T4961]  <TASK>
[   51.651848][ T4961]  __dump_stack+0x1d/0x30
[   51.651868][ T4961]  dump_stack_lvl+0xe8/0x140
[   51.651886][ T4961]  dump_stack+0x15/0x1b
[   51.651902][ T4961]  should_fail_ex+0x265/0x280
[   51.651919][ T4961]  should_failslab+0x8c/0xb0
[   51.651978][ T4961]  kmem_cache_alloc_noprof+0x50/0x480
[   51.652044][ T4961]  ? mb_cache_entry_create+0xf0/0x540
[   51.652064][ T4961]  mb_cache_entry_create+0xf0/0x540
[   51.652084][ T4961]  ext4_xattr_get+0x298/0x470
[   51.652113][ T4961]  ext4_xattr_security_get+0x32/0x40
[   51.652200][ T4961]  ? __pfx_ext4_xattr_security_get+0x10/0x10
[   51.652224][ T4961]  __vfs_getxattr+0x2ad/0x2c0
[   51.652248][ T4961]  cap_inode_need_killpriv+0x2e/0x50
[   51.652318][ T4961]  security_inode_need_killpriv+0x36/0x70
[   51.652343][ T4961]  file_remove_privs_flags+0x11f/0x320
[   51.652389][ T4961]  ? selinux_file_open+0x2df/0x330
[   51.652541][ T4961]  ? __rcu_read_unlock+0x4f/0x70
[   51.652566][ T4961]  file_modified_flags+0x32/0x350
[   51.652597][ T4961]  file_modified+0x17/0x20
[   51.652644][ T4961]  ext4_buffered_write_iter+0x1d0/0x3c0
[   51.652677][ T4961]  ext4_file_write_iter+0x387/0xf60
[   51.652757][ T4961]  do_iter_readv_writev+0x4a1/0x540
[   51.652787][ T4961]  vfs_writev+0x2df/0x8b0
[   51.652900][ T4961]  __se_sys_pwritev2+0xfc/0x1c0
[   51.652926][ T4961]  __x64_sys_pwritev2+0x67/0x80
[   51.652951][ T4961]  x64_sys_call+0x2c59/0x3000
[   51.652971][ T4961]  do_syscall_64+0xd2/0x200
[   51.652998][ T4961]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   51.653020][ T4961]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   51.653047][ T4961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.653097][ T4961] RIP: 0033:0x7f39ebd7f749
[   51.653114][ T4961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.653129][ T4961] RSP: 002b:00007f39ea7c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   51.653146][ T4961] RAX: ffffffffffffffda RBX: 00007f39ebfd6090 RCX: 00007f39ebd7f749
[   51.653156][ T4961] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000008
[   51.653166][ T4961] RBP: 00007f39ea7c6090 R08: 0000000000000000 R09: 0000000000000003
[   51.653179][ T4961] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001
[   51.653216][ T4961] R13: 00007f39ebfd6128 R14: 00007f39ebfd6090 R15: 00007ffee04bc1b8
[   51.653235][ T4961]  </TASK>
[   52.005024][ T4972] vlan3: entered allmulticast mode
[   52.028584][ T4972] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) !
[   52.048366][ T4977] loop4: detected capacity change from 0 to 512
[   52.106008][ T4977] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.316165][ T4946] syz.1.424 (4946) used greatest stack depth: 7304 bytes left
[   52.424312][ T4992] netlink: 28 bytes leftover after parsing attributes in process `syz.1.435'.
[   52.555913][ T4997] syzkaller0: entered allmulticast mode
[   52.561834][ T4997] syzkaller0: entered promiscuous mode
[   52.568925][ T4997] syzkaller0 (unregistering): left allmulticast mode
[   52.576118][ T4997] syzkaller0 (unregistering): left promiscuous mode
[   52.680491][ T5004] loop0: detected capacity change from 0 to 2048
[   52.708563][ T5012] syzkaller1: entered promiscuous mode
[   52.714270][ T5012] syzkaller1: entered allmulticast mode
[   52.725774][ T5004]  loop0: p1 < > p4
[   52.730483][ T5004] loop0: p4 size 8388608 extends beyond EOD, truncated
[   52.869017][ T5032] loop4: detected capacity change from 0 to 512
[   52.889326][ T5034] SELinux:  Context system_u:object_r:modules_dep_t:s0 is not valid (left unmapped).
[   52.904541][ T5034] loop0: detected capacity change from 0 to 128
[   52.911438][ T5034] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[   52.946301][ T5032] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.958260][ T5039] netlink: 'wÞ£ÿ': attribute type 2 has an invalid length.
[   53.004708][ T5039] loop0: detected capacity change from 0 to 2048
[   53.036907][ T5045] hub 9-0:1.0: USB hub found
[   53.041953][ T5045] hub 9-0:1.0: 8 ports detected
[   53.056282][ T5043] netlink: 'syz.1.452': attribute type 27 has an invalid length.
[   53.100816][ T5039]  loop0: p1 < > p4
[   53.113406][ T5039] loop0: p4 size 8388608 extends beyond EOD, truncated
[   53.123556][ T5043] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.132516][ T5043] 8021q: adding VLAN 0 to HW filter on device team0
[   53.167082][ T5043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   53.173231][ T5052] __nla_validate_parse: 5 callbacks suppressed
[   53.173269][ T5052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.456'.
[   53.227159][ T5054] loop0: detected capacity change from 0 to 1024
[   53.295722][ T5058] syzkaller1: entered promiscuous mode
[   53.301298][ T5058] syzkaller1: entered allmulticast mode
[   53.314310][ T5054] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   53.329735][ T5054] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.457: Invalid block bitmap block 0 in block_group 0
[   53.350297][ T5054] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.457: Failed to acquire dquot type 0
[   53.379081][ T5054] EXT4-fs error (device loop0): ext4_free_blocks:6706: comm syz.0.457: Freeing blocks not in datazone - block = 0, count = 4096
[   53.392901][ T5054] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.457: Invalid inode bitmap blk 0 in block_group 0
[   53.405569][ T4910] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:15: Failed to release dquot type 0
[   53.413542][ T5054] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[   53.429468][ T5054] EXT4-fs (loop0): 1 orphan inode deleted
[   53.508967][ T3408] kernel read not supported for file /255/net/ip_tables_names (pid: 3408 comm: kworker/1:4)
[   53.513306][ T5079] netlink: 'syz.3.461': attribute type 27 has an invalid length.
[   53.569410][ T5085] netlink: 28 bytes leftover after parsing attributes in process `syz.0.462'.
[   53.570824][ T5079] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.586879][ T5079] 8021q: adding VLAN 0 to HW filter on device team0
[   53.596951][ T5079] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   53.615564][ T5085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.462'.
[   53.635761][ T5087] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   53.649115][ T5087] loop4: detected capacity change from 0 to 1024
[   53.656620][ T5087] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   53.667609][ T5087] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   53.688955][ T5087] JBD2: no valid journal superblock found
[   53.694746][ T5087] EXT4-fs (loop4): Could not load journal inode
[   53.710930][ T5087] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   53.767251][ T5099] loop2: detected capacity change from 0 to 512
[   53.774155][ T5099] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   53.783960][ T5099] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.469: bg 0: block 255: padding at end of block bitmap is not set
[   53.807960][ T5099] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   53.821284][ T5099] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.469: invalid indirect mapped block 1 (level 1)
[   53.834856][ T5103] netlink: 28 bytes leftover after parsing attributes in process `syz.0.471'.
[   53.868333][ T5099] EXT4-fs (loop2): 1 truncate cleaned up
[   54.102164][ T5128] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[   54.110458][ T5128] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[   54.332696][ T5147] loop0: detected capacity change from 0 to 1024
[   54.340908][ T5147] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   54.352319][ T5147] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   54.363891][ T5147] JBD2: no valid journal superblock found
[   54.370189][ T5147] EXT4-fs (loop0): Could not load journal inode
[   54.383214][ T5147] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   54.487486][ T5163] hub 9-0:1.0: USB hub found
[   54.492313][ T5163] hub 9-0:1.0: 8 ports detected
[   54.519195][ T5166] netlink: 'syz.2.491': attribute type 27 has an invalid length.
[   54.557100][ T5166] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.565105][ T5166] 8021q: adding VLAN 0 to HW filter on device team0
[   54.574001][ T5166] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   54.589958][ T5170] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[   54.598509][ T5170] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[   54.668437][ T5180] loop2: detected capacity change from 0 to 128
[   54.800585][ T5190] hub 9-0:1.0: USB hub found
[   54.831397][ T5190] hub 9-0:1.0: 8 ports detected
[   54.913372][ T5200] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   54.921661][ T5200] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   54.927220][ T5192] syz.2.498: attempt to access beyond end of device
[   54.927220][ T5192] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[   54.943753][ T5192] Buffer I/O error on dev loop2, logical block 128, lost async page write
[   54.952837][ T5180] syz.2.498: attempt to access beyond end of device
[   54.952837][ T5180] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128
[   54.966339][ T5180] Buffer I/O error on dev loop2, logical block 128, lost async page write
[   54.997334][ T5201] loop0: detected capacity change from 0 to 256
[   55.025589][ T5203] netlink: 'syz.4.507': attribute type 27 has an invalid length.
[   55.046421][ T5201] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   55.049754][ T5203] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.065080][ T5203] 8021q: adding VLAN 0 to HW filter on device team0
[   55.084839][ T5203] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   55.114145][ T5201] netlink: 6 bytes leftover after parsing attributes in process `syz.0.505'.
[   55.156076][   T52] Bluetooth: hci0: Frame reassembly failed (-84)
[   55.204184][   T29] kauditd_printk_skb: 356 callbacks suppressed
[   55.204199][   T29] audit: type=1326 audit(1764545231.157:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.271114][   T29] audit: type=1326 audit(1764545231.197:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.294572][   T29] audit: type=1326 audit(1764545231.197:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.317951][   T29] audit: type=1326 audit(1764545231.197:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.341352][   T29] audit: type=1326 audit(1764545231.197:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.366349][   T29] audit: type=1326 audit(1764545231.197:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.390738][   T29] audit: type=1326 audit(1764545231.197:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.414356][   T29] audit: type=1326 audit(1764545231.197:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.437899][   T29] audit: type=1326 audit(1764545231.197:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.461530][   T29] audit: type=1326 audit(1764545231.197:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.4.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96e031f749 code=0x7ffc0000
[   55.491502][ T5217] netlink: 68 bytes leftover after parsing attributes in process `syz.4.513'.
[   55.553340][ T5222] hub 9-0:1.0: USB hub found
[   55.559311][ T5222] hub 9-0:1.0: 8 ports detected
[   55.768585][ T5234] loop0: detected capacity change from 0 to 512
[   55.775531][ T5234] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   55.785100][ T5234] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.519: bg 0: block 255: padding at end of block bitmap is not set
[   55.801121][ T5234] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   55.810364][ T5234] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.519: invalid indirect mapped block 1 (level 1)
[   55.823872][ T5234] EXT4-fs (loop0): 1 truncate cleaned up
[   55.850097][ T5237] syzkaller1: entered promiscuous mode
[   55.855715][ T5237] syzkaller1: entered allmulticast mode
[   56.097104][ T5249] lo speed is unknown, defaulting to 1000
[   56.102988][ T5249] lo speed is unknown, defaulting to 1000
[   56.109230][ T5249] lo speed is unknown, defaulting to 1000
[   56.115391][ T5249] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   56.123012][ T5249] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   56.133117][ T5249] lo speed is unknown, defaulting to 1000
[   56.139274][ T5249] lo speed is unknown, defaulting to 1000
[   56.145290][ T5249] lo speed is unknown, defaulting to 1000
[   56.151427][ T5249] lo speed is unknown, defaulting to 1000
[   56.157387][ T5249] lo speed is unknown, defaulting to 1000
[   56.369884][ T5267] program syz.0.531 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   56.488008][ T5274] loop0: detected capacity change from 0 to 512
[   56.501527][ T5274] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   56.559626][ T5274] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   56.588256][ T5274] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.542: bg 0: block 248: padding at end of block bitmap is not set
[   56.617872][ T5274] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.542: Failed to acquire dquot type 1
[   56.633844][ T5290] geneve2: entered promiscuous mode
[   56.639645][ T5290] geneve2: entered allmulticast mode
[   56.650340][ T5274] EXT4-fs (loop0): 1 truncate cleaned up
[   56.736676][ T5303] loop0: detected capacity change from 0 to 256
[   56.747152][ T5305] netlink: 'syz.3.543': attribute type 4 has an invalid length.
[   56.757283][ T5305] netlink: 'syz.3.543': attribute type 4 has an invalid length.
[   56.765182][ T5303] delete_channel: no stack
[   56.800658][ T5312] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   56.844055][ T5315] syzkaller1: entered promiscuous mode
[   56.849837][ T5315] syzkaller1: entered allmulticast mode
[   56.872653][ T5315] lo speed is unknown, defaulting to 1000
[   57.222684][ T5322] netlink: 48 bytes leftover after parsing attributes in process `syz.4.548'.
[   57.235011][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   57.524133][ T5337] loop4: detected capacity change from 0 to 512
[   57.531169][ T5337] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   57.542577][ T5337] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 9: comm syz.4.553: lblock 0 mapped to illegal pblock 9 (length 1)
[   57.557709][ T5337] EXT4-fs (loop4): mount failed
[   57.584077][ T5337] loop4: detected capacity change from 0 to 512
[   57.590644][ T5337] msdos: Unknown parameter '7'
[   57.620654][ T5344] smc: net device bond0 applied user defined pnetid SYZ0
[   57.628571][ T5344] smc: net device bond0 erased user defined pnetid SYZ0
[   57.677096][ T5350] netlink: 'syz.2.558': attribute type 27 has an invalid length.
[   57.734435][ T5350] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.742961][ T5350] 8021q: adding VLAN 0 to HW filter on device team0
[   57.755677][ T5350] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   57.857278][ T5369] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'.
[   57.863938][ T5370] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'.
[   57.877655][ T5371] FAULT_INJECTION: forcing a failure.
[   57.877655][ T5371] name failslab, interval 1, probability 0, space 0, times 0
[   57.890793][ T5371] CPU: 1 UID: 0 PID: 5371 Comm: syz.2.566 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   57.890819][ T5371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   57.890829][ T5371] Call Trace:
[   57.890835][ T5371]  <TASK>
[   57.890842][ T5371]  __dump_stack+0x1d/0x30
[   57.890902][ T5371]  dump_stack_lvl+0xe8/0x140
[   57.890921][ T5371]  dump_stack+0x15/0x1b
[   57.891013][ T5371]  should_fail_ex+0x265/0x280
[   57.891031][ T5371]  should_failslab+0x8c/0xb0
[   57.891058][ T5371]  __kmalloc_noprof+0xa5/0x570
[   57.891085][ T5371]  ? inotify_handle_inode_event+0x125/0x3d0
[   57.891189][ T5371]  inotify_handle_inode_event+0x125/0x3d0
[   57.891216][ T5371]  inotify_ignored_and_remove_idr+0x29/0x60
[   57.891243][ T5371]  inotify_freeing_mark+0x1d/0x30
[   57.891265][ T5371]  ? __pfx_inotify_freeing_mark+0x10/0x10
[   57.891362][ T5371]  fsnotify_clear_marks_by_group+0x3b6/0x4b0
[   57.891390][ T5371]  ? __pfx_inotify_release+0x10/0x10
[   57.891462][ T5371]  fsnotify_destroy_group+0x53/0x180
[   57.891485][ T5371]  ? __fput+0x555/0x650
[   57.891551][ T5371]  ? kmem_cache_free+0x286/0x3d0
[   57.891575][ T5371]  ? percpu_counter_add_batch+0xb6/0x130
[   57.891606][ T5371]  inotify_release+0x1f/0x30
[   57.891641][ T5371]  __fput+0x29b/0x650
[   57.891707][ T5371]  ____fput+0x1c/0x30
[   57.891721][ T5371]  task_work_run+0x131/0x1a0
[   57.891751][ T5371]  exit_to_user_mode_loop+0xed/0x110
[   57.891776][ T5371]  do_syscall_64+0x1d6/0x200
[   57.891922][ T5371]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   57.891948][ T5371]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   57.891976][ T5371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.892001][ T5371] RIP: 0033:0x7f558fb4f749
[   57.892015][ T5371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.892028][ T5371] RSP: 002b:00007f558e5af038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   57.892046][ T5371] RAX: 0000000000000000 RBX: 00007f558fda5fa0 RCX: 00007f558fb4f749
[   57.892056][ T5371] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000
[   57.892080][ T5371] RBP: 00007f558e5af090 R08: 0000000000000000 R09: 0000000000000000
[   57.892119][ T5371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.892128][ T5371] R13: 00007f558fda6038 R14: 00007f558fda5fa0 R15: 00007ffc31124688
[   57.892143][ T5371]  </TASK>
[   57.915977][ T5373] loop1: detected capacity change from 0 to 2048
[   57.979019][ T5377] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   58.028747][ T5373] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.033674][ T5380] netlink: 'wÞ£ÿ': attribute type 15 has an invalid length.
[   58.173430][ T5380] netlink: 723 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[   58.207582][ T4910] Bluetooth: hci0: Frame reassembly failed (-84)
[   58.254545][ T5402] loop0: detected capacity change from 0 to 512
[   58.305603][ T5402] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.386703][ T5411] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   58.402293][ T5411] loop1: detected capacity change from 0 to 1024
[   58.437947][ T5411] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   58.449251][ T5411] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   58.474969][ T5411] JBD2: no valid journal superblock found
[   58.480964][ T5411] EXT4-fs (loop1): Could not load journal inode
[   58.566335][ T5419] hub 9-0:1.0: USB hub found
[   58.576496][ T5419] hub 9-0:1.0: 8 ports detected
[   58.690535][ T5431] loop1: detected capacity change from 0 to 512
[   58.697442][ T5431] EXT4-fs: Ignoring removed nobh option
[   58.727151][ T5431] netlink: 176 bytes leftover after parsing attributes in process `syz.1.586'.
[   58.737387][ T5433] netlink: 28 bytes leftover after parsing attributes in process `syz.4.587'.
[   59.017506][ T5451] 9pnet_fd: Insufficient options for proto=fd
[   59.035780][ T5449] netlink: 'syz.4.590': attribute type 27 has an invalid length.
[   59.073818][ T5449] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.082710][ T5449] 8021q: adding VLAN 0 to HW filter on device team0
[   59.093045][ T5449] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   59.143597][ T5457] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[   59.160231][ T5461] loop4: detected capacity change from 0 to 512
[   59.160735][ T5462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.594'.
[   59.177226][ T5461] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.185219][ T5462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.594'.
[   59.368124][ T5470] geneve2: entered promiscuous mode
[   59.373438][ T5470] geneve2: entered allmulticast mode
[   59.401789][ T5472] netlink: 48 bytes leftover after parsing attributes in process `syz.1.598'.
[   59.437045][ T5474] netlink: 28 bytes leftover after parsing attributes in process `syz.2.599'.
[   59.726773][ T5491] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   59.740264][ T5491] loop2: detected capacity change from 0 to 1024
[   59.747434][ T5491] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   59.758401][ T5491] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   59.768812][ T5491] JBD2: no valid journal superblock found
[   59.774648][ T5491] EXT4-fs (loop2): Could not load journal inode
[   59.859819][ T5498] netlink: 'syz.4.604': attribute type 27 has an invalid length.
[   59.942755][ T5499] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.951183][ T5499] 8021q: adding VLAN 0 to HW filter on device team0
[   59.963988][ T5499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   60.026869][ T5505] hub 9-0:1.0: USB hub found
[   60.031583][ T5505] hub 9-0:1.0: 8 ports detected
[   60.055952][ T5509] siw: device registration error -23
[   60.212381][ T5518] netlink: 28 bytes leftover after parsing attributes in process `syz.4.611'.
[   60.249478][   T29] kauditd_printk_skb: 539 callbacks suppressed
[   60.249567][   T29] audit: type=1326 audit(1764545236.207:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.279668][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   60.291048][   T29] audit: type=1326 audit(1764545236.247:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.328138][   T29] audit: type=1326 audit(1764545236.287:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.352008][   T29] audit: type=1326 audit(1764545236.287:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.377137][   T29] audit: type=1326 audit(1764545236.337:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.400665][   T29] audit: type=1326 audit(1764545236.337:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.450618][   T29] audit: type=1326 audit(1764545236.397:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.474258][   T29] audit: type=1326 audit(1764545236.397:2486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.498002][   T29] audit: type=1326 audit(1764545236.397:2487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39ebd7f749 code=0x7ffc0000
[   60.521344][   T29] audit: type=1326 audit(1764545236.397:2488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5519 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f39ebd81667 code=0x7ffc0000
[   60.552894][ T5524] syzkaller1: entered promiscuous mode
[   60.558586][ T5524] syzkaller1: entered allmulticast mode
[   60.574725][ T5524] lo speed is unknown, defaulting to 1000
[   60.922850][ T5542] hub 9-0:1.0: USB hub found
[   60.927771][ T5542] hub 9-0:1.0: 8 ports detected
[   61.104241][ T5548] x_tables: duplicate underflow at hook 2
[   61.111498][ T5548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.617'.
[   61.120710][ T5548] macvlan0: entered promiscuous mode
[   61.126174][ T5548] netlink: 'syz.3.617': attribute type 1 has an invalid length.
[   61.133987][ T5548] netlink: 'syz.3.617': attribute type 2 has an invalid length.
[   61.141843][ T5548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.617'.
[   61.232818][ T5551] hub 9-0:1.0: USB hub found
[   61.243774][   T36] IPVS: starting estimator thread 0...
[   61.257548][ T5551] hub 9-0:1.0: 8 ports detected
[   61.335016][ T5550] IPVS: using max 2736 ests per chain, 136800 per kthread
[   61.518241][ T5546] loop2: detected capacity change from 0 to 2048
[   61.585467][ T5546]  loop2: p1 < > p4
[   61.619225][ T5557] netlink: 92 bytes leftover after parsing attributes in process `syz.0.623'.
[   61.638555][ T5546] loop2: p4 size 8388608 extends beyond EOD, truncated
[   61.685449][ T5561] loop1: detected capacity change from 0 to 512
[   61.693950][ T5561] EXT4-fs (loop1): orphan cleanup on readonly fs
[   61.701950][ T5561] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.625: bg 0: block 248: padding at end of block bitmap is not set
[   61.716684][ T5561] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.625: Failed to acquire dquot type 1
[   61.728434][ T5561] EXT4-fs (loop1): 1 truncate cleaned up
[   61.908780][ T5582] loop3: detected capacity change from 0 to 2048
[   61.917855][ T5584] loop0: detected capacity change from 0 to 128
[   61.937249][ T5582] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.996433][ T5588] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   62.010957][ T5588] loop3: detected capacity change from 0 to 1024
[   62.018559][ T5588] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   62.031586][ T5588] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   62.042591][ T5588] JBD2: no valid journal superblock found
[   62.048428][ T5588] EXT4-fs (loop3): Could not load journal inode
[   62.237494][ T5584] syz.0.635: attempt to access beyond end of device
[   62.237494][ T5584] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128
[   62.251151][ T5584] Buffer I/O error on dev loop0, logical block 128, lost async page write
[   62.300199][ T5602] netlink: 'syz.1.642': attribute type 27 has an invalid length.
[   62.351766][ T5602] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.361634][ T5602] 8021q: adding VLAN 0 to HW filter on device team0
[   62.372417][ T5602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   62.389507][ T5603] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[   62.399008][ T5603] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[   62.438282][ T5608] hub 9-0:1.0: USB hub found
[   62.443075][ T5608] hub 9-0:1.0: 8 ports detected
[   62.473353][ T5611] loop0: detected capacity change from 0 to 2048
[   62.492966][ T5611] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.518417][ T5618] loop3: detected capacity change from 0 to 512
[   62.544256][ T5618] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.774582][ T5638] loop1: detected capacity change from 0 to 128
[   62.776398][ T5630] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[   62.789655][ T5630] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[   63.016026][ T5654] loop0: detected capacity change from 0 to 128
[   63.070475][ T5654] ext4 filesystem being mounted at /123/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   63.110423][ T5664] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   63.118956][ T5664] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   63.182322][ T5670] loop3: detected capacity change from 0 to 2048
[   63.206457][ T5670] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.349484][ T5682] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   63.362766][ T5682] loop4: detected capacity change from 0 to 1024
[   63.371046][ T5682] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   63.382030][ T5682] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   63.397147][ T5682] JBD2: no valid journal superblock found
[   63.403342][ T5682] EXT4-fs (loop4): Could not load journal inode
[   63.455254][ T5688] loop4: detected capacity change from 0 to 2048
[   63.538753][ T5696] 9pnet_fd: Insufficient options for proto=fd
[   63.564013][ T3312] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   63.579900][ T3312] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   63.605862][ T5698] loop4: detected capacity change from 0 to 128
[   63.679963][ T5700] xt_recent: hitcount (16777216) is larger than allowed maximum (65535)
[   63.804918][ T3507] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   63.951513][ T5698] syz.4.672: attempt to access beyond end of device
[   63.951513][ T5698] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   63.965130][ T5698] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   64.221212][ T5717] loop3: detected capacity change from 0 to 512
[   64.237623][ T5717] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.306140][ T5723] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   64.322810][ T5723] loop4: detected capacity change from 0 to 1024
[   64.330862][ T5723] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   64.342583][ T5723] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   64.354572][ T5723] JBD2: no valid journal superblock found
[   64.360476][ T5723] EXT4-fs (loop4): Could not load journal inode
[   64.409608][ T5728] x_tables: duplicate underflow at hook 1
[   64.461873][ T5728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5728 comm=syz.4.680
[   64.484363][ T5728] __nla_validate_parse: 3 callbacks suppressed
[   64.484377][ T5728] netlink: 4 bytes leftover after parsing attributes in process `syz.4.680'.
[   64.502221][ T5733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.682'.
[   64.531270][ T5735] loop4: detected capacity change from 0 to 512
[   64.540406][ T5735] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   64.553489][ T5735] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.683: bg 0: block 255: padding at end of block bitmap is not set
[   64.583503][ T5735] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   64.592900][ T5735] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.683: invalid indirect mapped block 1 (level 1)
[   64.608422][ T5735] EXT4-fs (loop4): 1 truncate cleaned up
[   64.643780][ T5742] syzkaller1: entered promiscuous mode
[   64.649374][ T5742] syzkaller1: entered allmulticast mode
[   64.703595][ T5749] bridge1: entered promiscuous mode
[   64.855723][ T5765] syzkaller0: entered promiscuous mode
[   64.861267][ T5765] syzkaller0: entered allmulticast mode
[   64.961949][ T5784] loop3: detected capacity change from 0 to 512
[   64.970096][ T5761] loop1: detected capacity change from 0 to 512
[   64.982717][ T5761] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   64.986935][ T5784] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.010804][ T5761] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   65.040376][ T5761] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.694: bg 0: block 248: padding at end of block bitmap is not set
[   65.063355][ T5761] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.694: Failed to acquire dquot type 1
[   65.088489][ T5761] EXT4-fs (loop1): 1 truncate cleaned up
[   65.166774][ T5797] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   65.175235][ T5797] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   65.177560][ T5798] loop0: detected capacity change from 0 to 512
[   65.234430][ T5798] EXT4-fs: Ignoring removed oldalloc option
[   65.240493][ T5798] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.257510][   T29] kauditd_printk_skb: 538 callbacks suppressed
[   65.257523][   T29] audit: type=1326 audit(1764545241.217:3023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.287748][ T5798] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   65.300036][   T29] audit: type=1326 audit(1764545241.257:3024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.324232][ T5798] EXT4-fs (loop0): orphan cleanup on readonly fs
[   65.333295][ T5798] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5
[   65.342773][ T5798] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[   65.352315][ T5798] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.703: Failed to acquire dquot type 1
[   65.362618][   T29] audit: type=1326 audit(1764545241.277:3025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.380157][ T5798] EXT4-fs (loop0): 1 truncate cleaned up
[   65.394057][   T29] audit: type=1326 audit(1764545241.317:3026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.417862][   T29] audit: type=1326 audit(1764545241.317:3027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.441237][   T29] audit: type=1326 audit(1764545241.347:3028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.471265][ T5798] EXT4-fs: Ignoring removed orlov option
[   65.482467][ T5798] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[   65.492276][ T5798] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   65.501674][   T29] audit: type=1326 audit(1764545241.417:3029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.525618][   T29] audit: type=1326 audit(1764545241.437:3030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5775 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f558fb4f749 code=0x7ffc0000
[   65.553071][ T5798] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[   65.571221][ T5798] EXT4-fs error (device loop0): __ext4_remount:6748: comm syz.0.703: Abort forced by user
[   65.571430][ T5798] EXT4-fs (loop0): Remounting filesystem read-only
[   65.571512][ T5798] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   65.571553][ T5798] ext4 filesystem being remounted at /127/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   65.618313][ T5809] loop4: detected capacity change from 0 to 2048
[   65.638922][ T5812] lo speed is unknown, defaulting to 1000
[   65.648782][ T5811] 9pnet_fd: Insufficient options for proto=fd
[   65.672419][ T3312] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   65.721150][ T3312] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   65.760123][ T5812] RDS: rds_bind could not find a transport for ::ffff:10.1.1.2, load rds_tcp or rds_rdma?
[   65.781159][ T5819] loop4: detected capacity change from 0 to 128
[   65.793324][ T5817] netlink: 'syz.1.710': attribute type 27 has an invalid length.
[   65.821336][ T5819] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.889331][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.909555][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   65.933154][ T5827] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   65.977497][ T4910] Bluetooth: hci0: Frame reassembly failed (-84)
[   66.054019][ T5852] loop2: detected capacity change from 0 to 2048
[   66.088460][ T3316] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[   66.105384][ T5861] loop3: detected capacity change from 0 to 512
[   66.112627][ T3316] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   66.124164][ T5861] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.177378][ T5865] netlink: 'syz.2.721': attribute type 27 has an invalid length.
[   66.255367][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.263136][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[   66.287088][ T5865] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.437325][ T5877] loop2: detected capacity change from 0 to 512
[   66.444686][ T5877] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   66.490822][ T5877] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.727: bg 0: block 255: padding at end of block bitmap is not set
[   66.498183][ T5881] netlink: 'syz.4.729': attribute type 27 has an invalid length.
[   66.535921][ T5881] bridge1: left promiscuous mode
[   66.593285][ T5877] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   66.618824][ T5877] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.727: invalid indirect mapped block 1 (level 1)
[   66.634430][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.643094][ T5881] 8021q: adding VLAN 0 to HW filter on device team0
[   66.663414][ T3313] EXT4-fs unmount: 67 callbacks suppressed
[   66.663429][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.685437][ T5877] EXT4-fs (loop2): 1 truncate cleaned up
[   66.700022][ T5881] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.726864][ T5877] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.745230][ T5888] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[   66.754084][ T5888] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[   66.785262][ T5893] loop4: detected capacity change from 0 to 128
[   66.804157][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.887634][ T5900] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   66.902272][ T5900] loop3: detected capacity change from 0 to 1024
[   66.910271][ T5900] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   66.921420][ T5900] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   66.933832][ T5898] vhci_hcd: default hub control req: 0700 v0000 i0007 l0
[   66.951629][ T5900] JBD2: no valid journal superblock found
[   66.957582][ T5900] EXT4-fs (loop3): Could not load journal inode
[   66.992709][ T5898] loop2: detected capacity change from 0 to 1024
[   67.023411][ T5903] SELinux:  Context system_u:object_r:udev_tbl_t:s0 is not valid (left unmapped).
[   67.033730][ T5898] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   67.045056][ T5898] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   67.100948][ T5893] ==================================================================
[   67.110461][ T5893] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode
[   67.119357][ T5893] 
[   67.121935][ T5893] write to 0xffff888119c76228 of 4 bytes by task 5897 on cpu 0:
[   67.130532][ T5893]  writeback_single_inode+0x150/0x3f0
[   67.136213][ T5893]  sync_inode_metadata+0x5b/0x90
[   67.141371][ T5893]  __generic_file_fsync+0xf8/0x140
[   67.146688][ T5893]  fat_file_fsync+0x49/0x100
[   67.152046][ T5893]  vfs_fsync_range+0x10d/0x130
[   67.153880][ T5898] JBD2: no valid journal superblock found
[   67.157022][ T5893]  generic_file_write_iter+0x1b8/0x2f0
[   67.157060][ T5893]  iter_file_splice_write+0x666/0xa60
[   67.157080][ T5893]  direct_splice_actor+0x156/0x2a0
[   67.157098][ T5893]  splice_direct_to_actor+0x312/0x680
[   67.157117][ T5893]  do_splice_direct+0xda/0x150
[   67.157135][ T5893]  do_sendfile+0x380/0x650
[   67.163044][ T5898] EXT4-fs (loop2): Could not load journal inode
[   67.168595][ T5893]  __x64_sys_sendfile64+0x105/0x150
[   67.168631][ T5893]  x64_sys_call+0x2bb4/0x3000
[   67.189940][ T5897] syz.4.733: attempt to access beyond end of device
[   67.189940][ T5897] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   67.191906][ T5893]  do_syscall_64+0xd2/0x200
[   67.191940][ T5893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.196577][ T5897] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   67.203116][ T5893] 
[   67.203127][ T5893] read to 0xffff888119c76228 of 4 bytes by task 5893 on cpu 1:
[   67.258244][ T5893]  __mark_inode_dirty+0x55/0x750
[   67.263465][ T5893]  fat_update_time+0x1ec/0x200
[   67.269369][ T5893]  touch_atime+0x148/0x340
[   67.273979][ T5893]  filemap_splice_read+0x6ba/0x740
[   67.279346][ T5893]  splice_direct_to_actor+0x26f/0x680
[   67.287841][ T5893]  do_splice_direct+0xda/0x150
[   67.292622][ T5893]  do_sendfile+0x380/0x650
[   67.297486][ T5893]  __x64_sys_sendfile64+0x105/0x150
[   67.302700][ T5893]  x64_sys_call+0x2bb4/0x3000
[   67.307375][ T5893]  do_syscall_64+0xd2/0x200
[   67.311879][ T5893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.317954][ T5893] 
[   67.320275][ T5893] value changed: 0x00000070 -> 0x00000002
[   67.326334][ T5893] 
[   67.328699][ T5893] Reported by Kernel Concurrency Sanitizer on:
[   67.335377][ T5893] CPU: 1 UID: 0 PID: 5893 Comm: syz.4.733 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   67.344995][ T5893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   67.355130][ T5893] ==================================================================
[   67.368611][ T5906] loop0: detected capacity change from 0 to 1024
[   67.375917][ T5906] EXT4-fs: Ignoring removed orlov option
[   67.382325][ T5906] EXT4-fs (loop0): unsupported descriptor size 1344
[   67.411261][ T5893] syz.4.733: attempt to access beyond end of device
[   67.411261][ T5893] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128
[   67.424923][ T5893] Buffer I/O error on dev loop4, logical block 128, lost async page write
[   68.034975][ T3507] Bluetooth: hci0: command 0x1003 tx timeout
[   68.035066][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110