last executing test programs:

1m6.242092744s ago: executing program 1 (id=1121):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18)
r3 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efbb00ba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d8067266150a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded25c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca7d7f6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000180)={0x1})

1m6.240199044s ago: executing program 1 (id=1123):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r3 = openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff)
close(r3)
execveat$binfmt(0xffffffffffffff9c, r2, &(0x7f0000000100)={[], 0xfffffffffffffffe}, 0x0, 0x0)

1m6.224202405s ago: executing program 1 (id=1124):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x80c40a, &(0x7f0000000180)={[{@noblock_validity}, {@dioread_lock}, {@init_itable_val={'init_itable', 0x3d, 0xb8f}}, {@nodiscard}, {@inlinecrypt}, {@usrjquota, 0x2e}, {@sb={'sb', 0x3d, 0x7}}, {@nodiscard}, {@jqfmt_vfsv0}, {@noload}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@noload}], [], 0x2c}, 0x81, 0x463, &(0x7f0000000480)="$eJzs3EtvG0UcAPD/bpK+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRqiIBoXJE/QTAEYlPwAkuCDiBuMIdIVWoF1oOaNHaa9c4dmrHTp3Gv5+02ZndtWf+3h17dsZOAH1rNP+TROyKiN8iYjgiBuoPGC2vbly/PHPz+uWZJLLszb+S/GHx9/XLM5VDk2K9s8iMpRHpJ0kcaFDuwsVLZ6fn5mYvFPmJxXPvTSxcvPTcmXPTp2dPz56fOnbs6JHJF1+Yer4rce7O67r/w/mD+46/ffX1mRNX3/nx67y+u4r9tXGUjXRc5miMVl+Tek92/Owby+5i3SxeNqa8rQ9GxFCp/Q/HQClXNhyvfdzTygHrKsuybOuKrdUewHIGbGJJ9LoGQG9UPujz+9/Kcge7Hz137eXyDVAe941iKe8ZjLQ4Zqjm/rbbRiPixPI/n+dLNByHAADorm/z/s+zjfp/aTxQc9w9xdzQSETcGxF7IuK+iNgbEfdHlI59MCIearP80br8yv7PL9vXFFiL8v7fS8Xc1v/7f5XeX4wMFLndpfiHklNn5mYPF6/JWAxtzfOTq5Tx3au/ftZsX23/L1/y8it9waIefw7WDdCdnF6c7iTmWtc+Ko0BLq2MP6nOBCQRsS8i9q/h+bdFxJmnvzrYbP/t41/F4BoqVCf7MuKp8vlfjrr4K5LV5ycntsXc7OGJylWx0k8/X3mjWfkdxd8F+fnf0fD6r8Y/ktTO1y60X8aV3z9tek+z1ut/S/JWKb2l2PbB9OLihcmILcnyyu1Ttx5byVeOz+MfO9Qg/ptZ/h737xfF4w5ERH4RPxwRj0TEo0XdH4uIxyPiUIPYsqXy+odXnnh37fGvrzz+k22d//YTA2e//6ZZ+a2d/6Ol1FixpZX3v1Yr2MlrBwAAAHeLtPQd+CQdr6bTdHy8/B3+vbEjnZtfWHzm1Pz750+Wvys/EkNpZaRruGY8dLIYG67kp+ryR0rjxlmWZdtL+fGZ+bn1mlMHWrOzSfvP/THQ69oB666teTS/8IJNpQvz6MBdSvuH/qX9Q//S/qF/NWr/SxE3elAV4A67zef/rf8SAGw6+v/Qv7R/6F/aP/SlTn7Xv1piz/H1eubNlhjYGNVoOxHphqhGS4mh4mqvbkk3SMVKia0R0erBS3GnKtbjNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu+S8AAP//28vuNQ==")
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000e00)={0x17c04, r0, 0x299f25fd, 0x4000003, 0x400000006, 0x101}) (fail_nth: 3)

1m6.081871701s ago: executing program 1 (id=1126):
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x1000090, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f0000000a00)="$eJzs3c9rM0UYwPEnabJvkpe3yUEUBelgL3pZ2uhZzKEFIWJpG7EVhG270ZA1KdlQjYhJT17FuyfBQ+nNgoeC9h/oxZteRPDWi+DBHsTI/kq2yaY/Qpro2+8HSiYz82xmMpvwbJrdXLz75UfVsq2XjabEU0piIiKXIjmJSyDm38bdsiZhHXnl8Z8/v7ixVUp5FWq1sPlqXik1v/DDx5+l/W6nj+Q89/7FH/nfz589f/7in80PK7aq2KpWbypD7dR/bRo7lqn2KnZVV2rNMg3bVJWabTa89u+k7W7Hqu/vt5RR23uS2W+Ytq2MWktVzZZq1lWz0VLGB0alpnRdV08y/YFjhNLR+rpRGC9W2530aHA/Go2CMSci6aGW0tFMBgQAAGZqMP+POyn9OPn/tswXiyvryuncz/+PXzprPn7nZN7P/0+1qPz/tV+8bV3J/53DiX7+X/eOD8o35/9fSz//v9FwRvSwjJ3/5+5hMBjPgjZUFZNU6J6T/2f816/r8L3jJbdA/g8AAAAAAAAAAAAAAAAAAAAAwP/BZVpEut3sZbeb7Yb++ufO+/fxVArWfXD9H4m455D09odoqSkPFxO2sbUtKffEPWeNrS8OSgcl79bvcCYilpje20SYcz8480g5cvKj1fbj2welObelUJaKEy/LkpVceBteefXN4sqy8vjxvdOUMuH4vGTlmXD89+6InPj81Xj/8TV5eTEUr0tWftqVuliy50T6E3LiP19W6q23iwPxabefiPw29UUBAAAAAGDCdNUTefyu66PavesCFcruZ0CmLElW/o4+vl+KPD5PZF9IzHr2AAAAAAA8DHbr06ohcbPhFiwrqpCWkU0TKCSu1CRFJLKzNlCTvG7Lc6EZ3nY8mqREOiMe/Q6Fb4Jn9S5RwRcpnIH3moIv14w3nmD+bk0sMf4yxTri7gCdcFNcbhGeGBz8gnvN5cjOiyO3c+hPpFcTfGykjXieZW14O/Fr9oTkUE03Nt4O8NxX3/41uRfI6yf+HvDJzZ0PLbPbltssykDBeYjhpuQU3noAAAAATFk/6Q9q3gg3h39BM/xjOfznHgAAAAAAAAAAAAAAAAAAAAAAAAAAAACACbqXS/oNFGY9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/4t8AAAD//1nb60c=")
r0 = gettid()
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0xc, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2}, 0x1c)
listen(r1, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYRES64=r0, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac000000907800001d12d285b6853bc4dc54c6910c1d66f8841a0000"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r2 = creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
close(r2)
sendmsg$AUDIT_TTY_GET(r2, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x10, 0x3f8, 0x10, 0x70bd29, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4040}, 0x800)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x4}}}]}, 0x3c}}, 0x4000010)
rt_sigsuspend(0x0, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x4)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000))
r5 = eventfd(0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, 0x0, 0x0, 0x1)
r9 = syz_init_net_socket$nfc_raw(0x27, 0x6, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r9, 0xc020f509, &(0x7f0000000640)={r7, 0x7, 0x80000001, 0xa})
fsync(r5)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket(0xa, 0x3, 0x3a)

1m6.051526652s ago: executing program 1 (id=1128):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070011000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

1m5.813905853s ago: executing program 1 (id=1132):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd00, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
rt_sigtimedwait(&(0x7f00000000c0)={[0xfffffffff7ff8518]}, 0xffffffffffffffff, 0x0, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x42)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
listen(r5, 0x80000003)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a007357ac8ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f00000001c0)={@mcast2={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, 0x0, 0x0, 0x0, 0x100, 0x0, 0x200})
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd30, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee11, 0x0, 0x0, 0x3], [0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4c845}, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000180)=0x39)
r9 = syz_open_dev$mouse(&(0x7f0000000000), 0x7ff, 0x20000)
ioctl$PPPIOCGL2TPSTATS(r9, 0x80487436, &(0x7f0000000340)="e99e5bb59ca6cbc84ba21e4757c98e3893c647e9283662a0d6b0f28c13051e33d10fe6d01d23fd2d7ecc9e7d28e709942e22910ce85c6b50484ceae225c9a0ca5f89ee26c5a5db1eb5adb7b928fc62861949079401d57c8117934a9d26ac523bd2479b8c69f452aadb6d6a97b4e0419de95bf98f45abad4eb90eea628cab8b8dc859d7f17bce5dc0d65bf460d47a7feda53bea2657a27e0500b760c4203b35de821eb1b99e891a52b9eb8da96760f5e34389529e1f01f8c6e55f17f4229a69c2dbc860eec007aedf4e184402a89fe66a3c33e59433c41db470e17265e9cc02f43914963786cc6aabb43e8dcd3c11b44010d0a77ac36a25222cfbe686")

1m5.791077514s ago: executing program 32 (id=1132):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd00, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
rt_sigtimedwait(&(0x7f00000000c0)={[0xfffffffff7ff8518]}, 0xffffffffffffffff, 0x0, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x42)
bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
listen(r5, 0x80000003)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000012380)="580000001500add427323b470c47b45602067fffffff81004e220700000000000000a8002000eaa57b00090080020efffeffe809020000ff0004f03a007357ac8ddc1fdd00000000000004ffffffe7ee0000000044c60000", 0x58}], 0x1)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f00000001c0)={@mcast2={0xff, 0x5}, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, 0x0, 0x0, 0x0, 0x100, 0x0, 0x200})
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd30, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee11, 0x0, 0x0, 0x3], [0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4c845}, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000180)=0x39)
r9 = syz_open_dev$mouse(&(0x7f0000000000), 0x7ff, 0x20000)
ioctl$PPPIOCGL2TPSTATS(r9, 0x80487436, &(0x7f0000000340)="e99e5bb59ca6cbc84ba21e4757c98e3893c647e9283662a0d6b0f28c13051e33d10fe6d01d23fd2d7ecc9e7d28e709942e22910ce85c6b50484ceae225c9a0ca5f89ee26c5a5db1eb5adb7b928fc62861949079401d57c8117934a9d26ac523bd2479b8c69f452aadb6d6a97b4e0419de95bf98f45abad4eb90eea628cab8b8dc859d7f17bce5dc0d65bf460d47a7feda53bea2657a27e0500b760c4203b35de821eb1b99e891a52b9eb8da96760f5e34389529e1f01f8c6e55f17f4229a69c2dbc860eec007aedf4e184402a89fe66a3c33e59433c41db470e17265e9cc02f43914963786cc6aabb43e8dcd3c11b44010d0a77ac36a25222cfbe686")

21.557191641s ago: executing program 4 (id=2042):
socket$netlink(0x10, 0x3, 0x10)
ftruncate(0xffffffffffffffff, 0x200c17a)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='kfree\x00', r2, 0x0, 0xbc3}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000300), 0x4, r4}, 0x38)

21.535494902s ago: executing program 4 (id=2043):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@deltaction={0x17c, 0x31, 0x1, 0x70bd27, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}, @TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x14, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x14, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x1013, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}]}, @TCA_ACT_TAB={0x74, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x14, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8000}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6bd}}]}, @TCA_ACT_TAB={0x74, 0x1, [{0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xff}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}]}, 0x17c}}, 0x4084)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
fcntl$F_GET_RW_HINT(r3, 0x40b, 0xfffffffffffffffe)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0)
syz_io_uring_setup(0x4168, &(0x7f00000000c0)={0x0, 0x2af7, 0x0, 0x3, 0x38}, 0x0, 0x0)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
ioctl$TCSETSW2(r6, 0x5408, &(0x7f0000000300)={0xff, 0x3eb, 0xfffffffe, 0x7fffffef, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0x1002, 0xfffffffc})
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000000306010100000000000000000100000005338e0007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x38000016)

21.224514715s ago: executing program 4 (id=2053):
socket$netlink(0x10, 0x3, 0x10)
ftruncate(0xffffffffffffffff, 0x200c17a)
socket$netlink(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0xbc3}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000300), 0x4, r3}, 0x38)

21.173263538s ago: executing program 4 (id=2058):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r3, 0x0, 0xffff}, 0x18)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x20c02)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x7c8e57edab868d16, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x249, &(0x7f0000000800)="$eJzs3T9oJFUcB/DvzO56JrfIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyURIgJdomVjYXWKqlsgtgZLSVNsFEEq6gpYiNosDBYaLGyO4nEZDWaXXfizecDk5nJvDe/N+x8324zuwEa60KSS0laSWaSdJIUhxvcXS0X9ndXpzavJb3eEz8Vg3bVfuWg3/kkK0keSrJRFnmpnSytP7Pzy9Zj97252Ln3/fWnpyZ6kft2d7Yf33vvyhsfXX5w6YuvfrhS5FK6f7qu8SuG/K9dJLf8F8XOiKJd9wj4J66+9uHX/dzfmuSeQf47KVO9eG8t3LDRyQPv/lXft3/88vZJjhUYv16v038PXOkBjVMm6aYoZ5NU22U5O1t9hv+mNV2+PL/w6syL84tzL9Q9UwHj0k22H/3k3Mfnj+T/+1aVf+B/YPp03fr5f/Lq2rf97b3WmMcEnE13VKt+/meeW74/8g+NI//QXPIPzSX/0FzyD80l/9Bc8g/Xsc7fH5Z/aC75h+aSf2iuw/kHAJqld67uJ5CButQ9/wAAAAAAAAAAAAAAAAAAAMetTm1eO1gmVfOzd5LdR5K0h9VvDX6POLlx8Hf656Lf7A9F1W0kz9414glG9EHNT1/f9F299T+/s976y3PJyutJLrbbx++/Yv/+O72bTzjeeX7EAv9ScWT/4acmW/+o39bqrX95K/m0P/9cHDb/lLltsB4+/3RP/orlE73y64gnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGJ+DwAA//8NTG1W")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000300)={0x0, 0x2904c, 0x4, 0x10003, '\x00', [{0x0, 0x0, 0xffc, 0x1000000}, {0xffffffff, 0x80000000, 0x3, 0x0, 0x0, 0x200}], ['\x00', '\x00', '\x00', '\x00']})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r6, 0x6b, 0x1, &(0x7f0000000380)=[{0x3, 0x1, {0x1, 0x0, 0x1}, {0x2}, 0xfe, 0xff}], 0x20)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
r9 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2})
r10 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x800, 0x0)
io_uring_register$IORING_REGISTER_FILES(r9, 0x2, &(0x7f0000000240)=[r10], 0x1)

20.997808785s ago: executing program 4 (id=2062):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000300), 0x4}, 0x38)

20.298703265s ago: executing program 4 (id=2080):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r1, &(0x7f0000000340)='keyring\x00', &(0x7f0000000440)={'syz', 0x1}, 0xfffffffffffffff9)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x29, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x10)
openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file1\x00', 0x844, &(0x7f0000000bc0)=ANY=[], 0x5, 0x267, &(0x7f0000000740)="$eJzs3b9rVFkUAOAzmcmvbSYsCwvLLjuwLGw1JIHtsyy7bNigYhgkIsGJmUjIhICBgBZJrAQrG0vLdBFBCzv9HwQbG7ERS9NZSJ4kL0xmzEQTMfMk833NPbx7znv33vDeyxRz5/LPiwuzS8tzW1uvY2AgF4Wxq9tJkouh6Il8pNYDADhN3iVJvE1SWY8FAOgM738A6D6Hvf//60nb3rQ5l8XYAICT8eWf/+9OPXlZrY39eYTUpL8Rvpg+/hgBgK9rcuri/9tPfx8cj0d3IhZvrVRWKmmb9v81F/NRj1oMRzHeRyQNafzv+MQ/w6UdgxGVxbW9+rWVSr61fiSKMRRx4czB+pFSqrW+N75rrh+NYvzQ/vqjbev74o/fmurLUYxnV2Ip6jG78y9JU/3qSKn099mJj+r7d/NiI5/p3wcAAAAAAAAAAAAAAAAAAAAAgNOpXGoYard/T7l8WH9af/T9gfb357m9W1+InwpxM9vZAwAAAAAAAAAAAAAAAAAAwLdh+fqNhWq9XrvWCGbOz3/feuRzQa5NV37v/Mc5T9cEOwtzgpf4NSJOehYPN2vPN6YvTWa/mB0M2q/qg8wHNvOJnJ6I2A1+vDdWfbz66s3BnFhvupcL6X1bradtX/PDotThhxMAAAAAAAAAAAAAAAAAAHSZ/a8BH5aRdHZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCB/d//P3bQ1ziyOZierNH1y0Bzctp5v+W6ufUMJgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNf6EAAA//9rIKjm")
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000b8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
io_pgetevents(0x0, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x0})
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000b00)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@private1}, 0x0, @in6}}, &(0x7f0000000500)=0xe8)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f00000004c0)=@nullb, r5, &(0x7f00000005c0)='./file1/file0\x00')
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
stat(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001"], 0x114}, {&(0x7f00000009c0)=ANY=[@ANYRESOCT, @ANYRES32=r7, @ANYBLOB="040094807a026c57d2654d115e528c1459241cdf02597f14d35c3655073c5f407b4160b64e80e167c709d80d9da587820eeb0f3c363a773f519c2717597d2217f73d756a1e5262327a0d6705cffb6119d2df818584899aaf8d7b874dbb99330a6d2593829a3125c105c65840af5555000d003f0026e4b56b1866ada1d6000000ae69a5084963450371edc84dc99933e5f3798214db2bbd9046f0ccf707e29850c523bbf617b1d7ef1a551fb4d16bc02c3b80b31afd787c9d7b26e5ddbb196f76b5ae845fa547821e75e7ce9e57909e40c4879551d2f2238d4b261e66380a5ae73b551539b77a6588ca710abc8bcf5659e97a7c436980198477bba6e6a869a636c008a123467d4ebde947f09e3e18"], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x0)
pselect6(0x40, &(0x7f0000000040)={0x5, 0xfd, 0xffffffffffffffff, 0x5, 0x6, 0x8000000000000001, 0x81, 0x9}, &(0x7f0000000080)={0x8, 0x80, 0x1, 0x5, 0x8000000000000001, 0x2, 0x1b50, 0xf}, &(0x7f00000000c0)={0x4, 0x7, 0x3, 0x5, 0x7, 0x6, 0x8, 0x7}, &(0x7f0000000300)={0x77359400}, &(0x7f0000000580)={0x0})

20.298007735s ago: executing program 33 (id=2080):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r1, &(0x7f0000000340)='keyring\x00', &(0x7f0000000440)={'syz', 0x1}, 0xfffffffffffffff9)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x29, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x10)
openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file1\x00', 0x844, &(0x7f0000000bc0)=ANY=[], 0x5, 0x267, &(0x7f0000000740)="$eJzs3b9rVFkUAOAzmcmvbSYsCwvLLjuwLGw1JIHtsyy7bNigYhgkIsGJmUjIhICBgBZJrAQrG0vLdBFBCzv9HwQbG7ERS9NZSJ4kL0xmzEQTMfMk833NPbx7znv33vDeyxRz5/LPiwuzS8tzW1uvY2AgF4Wxq9tJkouh6Il8pNYDADhN3iVJvE1SWY8FAOgM738A6D6Hvf//60nb3rQ5l8XYAICT8eWf/+9OPXlZrY39eYTUpL8Rvpg+/hgBgK9rcuri/9tPfx8cj0d3IhZvrVRWKmmb9v81F/NRj1oMRzHeRyQNafzv+MQ/w6UdgxGVxbW9+rWVSr61fiSKMRRx4czB+pFSqrW+N75rrh+NYvzQ/vqjbev74o/fmurLUYxnV2Ip6jG78y9JU/3qSKn099mJj+r7d/NiI5/p3wcAAAAAAAAAAAAAAAAAAAAAgNOpXGoYard/T7l8WH9af/T9gfb357m9W1+InwpxM9vZAwAAAAAAAAAAAAAAAAAAwLdh+fqNhWq9XrvWCGbOz3/feuRzQa5NV37v/Mc5T9cEOwtzgpf4NSJOehYPN2vPN6YvTWa/mB0M2q/qg8wHNvOJnJ6I2A1+vDdWfbz66s3BnFhvupcL6X1bradtX/PDotThhxMAAAAAAAAAAAAAAAAAAHSZ/a8BH5aRdHZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCB/d//P3bQ1ziyOZierNH1y0Bzctp5v+W6ufUMJgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNf6EAAA//9rIKjm")
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000b8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
io_pgetevents(0x0, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x0})
sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000b00)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@private1}, 0x0, @in6}}, &(0x7f0000000500)=0xe8)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f00000004c0)=@nullb, r5, &(0x7f00000005c0)='./file1/file0\x00')
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
stat(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf250401f2800c00180008ac0f0000000100140001"], 0x114}, {&(0x7f00000009c0)=ANY=[@ANYRESOCT, @ANYRES32=r7, @ANYBLOB="040094807a026c57d2654d115e528c1459241cdf02597f14d35c3655073c5f407b4160b64e80e167c709d80d9da587820eeb0f3c363a773f519c2717597d2217f73d756a1e5262327a0d6705cffb6119d2df818584899aaf8d7b874dbb99330a6d2593829a3125c105c65840af5555000d003f0026e4b56b1866ada1d6000000ae69a5084963450371edc84dc99933e5f3798214db2bbd9046f0ccf707e29850c523bbf617b1d7ef1a551fb4d16bc02c3b80b31afd787c9d7b26e5ddbb196f76b5ae845fa547821e75e7ce9e57909e40c4879551d2f2238d4b261e66380a5ae73b551539b77a6588ca710abc8bcf5659e97a7c436980198477bba6e6a869a636c008a123467d4ebde947f09e3e18"], 0x2cc}], 0x2, 0x0, 0x0, 0x20000001}, 0x0)
pselect6(0x40, &(0x7f0000000040)={0x5, 0xfd, 0xffffffffffffffff, 0x5, 0x6, 0x8000000000000001, 0x81, 0x9}, &(0x7f0000000080)={0x8, 0x80, 0x1, 0x5, 0x8000000000000001, 0x2, 0x1b50, 0xf}, &(0x7f00000000c0)={0x4, 0x7, 0x3, 0x5, 0x7, 0x6, 0x8, 0x7}, &(0x7f0000000300)={0x77359400}, &(0x7f0000000580)={0x0})

2.733865982s ago: executing program 3 (id=2413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000340), &(0x7f0000000380)=r3}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
socket$inet6(0xa, 0x800000000000002, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0xf01c, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000480)={r5, 0x8, {0x2a00, 0x80010000, 0x0, 0x8, 0x18000000000, 0x0, 0x1, 0x0, 0xc, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96000100", "0000b432a1a03c5260f45f819e01177d3d458dd4992861ac10000000000000000000000000000000000200", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}})

2.414019616s ago: executing program 0 (id=2419):
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd1, &(0x7f0000000040)=0x2, 0x4)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, &(0x7f00000000c0))
syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x83, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe2981)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
write$P9_RGETLOCK(r0, &(0x7f0000000640)=ANY=[], 0x200002e6)
fcntl$setpipe(r0, 0x407, 0x7000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000100)=@add_del={0x2, &(0x7f0000000080)='batadv_slave_0\x00'})
fcntl$setpipe(r2, 0x407, 0x7fff)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, 0x0, 0x80)
io_setup(0x3ff, &(0x7f0000000500))
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.86214727s ago: executing program 6 (id=2421):
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x2000003, 0x5, 0x10000)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x1, @link_local, 'wg1\x00'}}, 0x1e)
close(r0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x2a, 0x2, 0x13)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x50)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="6800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000088520300480012800b000100697036746e6c00003800028014000300fc0000000000000000000000000000000400130008000100", @ANYRES32=r4, @ANYBLOB="6a6e00bb"], 0x68}, 0x1, 0x0, 0x0, 0x4000054}, 0x4000080)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8933, &(0x7f0000000140)='lo:\x96o8\x14d\xa1\xba\xda\xd1\xa0J\x12tQ\xb16\xe3\xd7\\b\x8b\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00l \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xeb\x00\xde\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xfc\xfa 6(%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn[\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xc1\xf7\xab\x9f\xf0\xc3\b\x00\x00\x00\x00\a\xf6\xfc\x1d\xd4\x893\xeb)\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00O!\xd2q\xda}\xe2\xa2\xfe\xfd)\\\xdf\x9aN\\\xaeyc\xe4g\xc0\x8a\n\v{\xa9H\\\xce\x9d\xc5BI!\xdc\x84\x89E\xfdE\xf0\xad\x91\xf6R\r\xff\xf8\x13\xfb\xd1\xc2.zl\x11\xef\xd8\xe6D\xe6/\xb2\xbe\xc1\'\x1b\x16\xa8\xd0\x9a\xa5i{\xc1\xa9\xc4\xdd\xc1\xa2\xd7\"\xc0n\xa2\xc8\x90\xf2\xcc\x10\xf5\xc8\x14\x95QG\xca\xd8\xbb6N\x9b\x19\xc3\xcfP\"]\x9f,[E\xd0\xb8MPO\xf1\x83I\x83D\"[\xa0\x17\xa0|\x136\xc9R\x8c\xaa\xd0\x04ea\x18\xc9\x11\xc1\xf7\xe3\xa4\xdf\x12\xf2\x92\xfea\xb4Q!x\xf9Q;$\xfc\xc3\xe3\\7,\r>\'\x9f\xd0\xcb\xe1mN\x1cA\xe54\xfa4\x84l\xb3\xc8\xc3\xd19\xc6_n\xf3:\x01\xc2\xec\xf0j\xb0nY\xea\x94VXo~\nC\x89\'\n=JBy\xc0\xe5\xe8\xc1.\x1bd\x9d\xe3\xee\xc55)`\xda\xf7\xb1\xc9\x04\xcfc\xd8\xb3F\xd3\xaa*\xc0\xcf\xd8]1\xcd\f\x9b\xb4\x12\x9d\xf37a\x98\x01\\\xb9\xa9\xbd\xf5\\\xd8\x96o\xff\xa5a\x8bkj~7\xd8\xe7F+l]\x18`\x9d\x94\xc6c\x81\xe4n\xa1\x1a{\xf8\xb2\xf0C\x7f\x8d+\xc3z!\xac\xc6\xd4\x1f=\xa2\xc7Y\xfc\xcb\xf6~Kx\x9e\x1d\xd5T\rC\x95\x94\xa7\x85\xb1Ff<2w\xd0s\xac36\xb8\x96U\x9e(Za\xf2\x9bk\xcfK\xd3\xa1\xd6\'\xdb\x8b\x06U\xf4a\xee\xac\xaa\x8b\xe3\x053Q7\xe3\xcc\xa5\xb1\x8a7w\x9b\xaa\xb4W[\xbas_\x95.\xd3\x89\xa7\x01R\xe9\xa3\f\xb8\x15e\x04l\xb1\x03\x82\xfc\x18\xcd6-\xd1\xbe\xc9w\x8a\xbd\x98\xe8\x04\xf0`\xe0O\b;\x9a\xf5\xb8\xcdv)\xaf\x83\x94\x00\xb4\xf9\xb3:Dc\x96K?dK.\x1e\x84r\xae\xc0\xe7\xf0+\xce\x0e\xealJ\xdb\x9b2\x92.\xb4\xbdG\xf7I\xc9\x84\xe0@\x89\xb516\xd0o\x83dr%0%-\xd2\xa2\xcb\xa3\x87f\xack\xfd?\x16u~\xb8\r$&\xb4,e\xc4\xea3\xbf\xab\xfc')
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000640)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r9 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r9, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r6, 0x0, 0x4804}, 0x18)
r10 = socket$inet6(0xa, 0x2, 0x1)
setsockopt$inet6_mreq(r10, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000200)={0x8, 0x6, 0x8734})

1.706039657s ago: executing program 5 (id=2422):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r1, 0x0, 0x2}, 0x18)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x28, 0x0, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0xfffffffa}}}}}, 0x28}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0103000000000000000001"], 0x30}}, 0x44)

1.605816361s ago: executing program 3 (id=2423):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
shmget(0x3, 0x1000, 0x1a0, &(0x7f0000ffc000/0x1000)=nil)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @remote}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x1ffffff, {0x0, 0x0, 0x0, r1, {0x7, 0x9}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000140)}, 0x10)

1.524918374s ago: executing program 5 (id=2424):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1006, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = io_uring_setup(0xc01, &(0x7f0000000000)={0x0, 0x2003, 0x40, 0x2, 0x276})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000380)=[@ioring_restriction_register_op={0x0, 0x19}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r3, 0x19, &(0x7f0000000080)={0xd340, 0xaca3, 0x4}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='xprtrdma_frwr_dereg\x00', r4, 0x0, 0x7ff}, 0x18)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4f, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$tun(r6, &(0x7f0000000440)=ANY=[@ANYBLOB="70000000ffffffffffffaaaaaaaaaabb0800450045bac5a79a10599c5178ac1e0001e00000010000655800189078040000000000000086ddffff00000000"], 0xfdef)
connect$inet6(r5, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
flistxattr(r8, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
write$binfmt_script(r5, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r0, r5, 0x0)

1.288715805s ago: executing program 3 (id=2425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r2 = fcntl$dupfd(r1, 0x0, r1)
sendmsg$IPVS_CMD_DEL_DAEMON(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001c00)={0x13c, 0x0, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xab}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x9}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x1d}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x19c3}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x30}}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6b7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x100}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xdb}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x390e}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x4004}, 0x4008011)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000000180)=0x40)

1.117474882s ago: executing program 0 (id=2427):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000cc0), 0x1}, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8e}, 0x94)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x3)
acct(&(0x7f0000000140)='./file0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x964, 0x89f8}, 0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000340)={0x0, 0x7, 0x2, [0x1, 0x6]}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000c00)={0x88, r6, 0x1, 0x70fd2b, 0x25d7dc01, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}]}, 0x88}, 0x1, 0x0, 0x0, 0x48010}, 0x4c840)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f00000003c0), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x3, 0x20010, r8, 0x10000000)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)

1.117117612s ago: executing program 5 (id=2428):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r0, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

1.035883455s ago: executing program 5 (id=2429):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0xff7ffffffffffffc}, 0x18)
r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, 0x0)

981.757948ms ago: executing program 2 (id=2430):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x2000000000000242, &(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRESDEC=r0, @ANYRESOCT=r0], 0x0, 0x4, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='./file1/file0\x00')

898.753941ms ago: executing program 2 (id=2431):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = fsopen(&(0x7f0000000600)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd70000000000021040000180001801400020064756d6d7930"], 0x2c}}, 0x880)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000f40000"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200000000f400850000008600000095"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mm_page_free\x00', r6, 0x0, 0x1002}, 0x18)
syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000641100fe80000000000000000000"], 0x0)
open(&(0x7f0000000080)='.\x00', 0x480, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64=r7], 0x50)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r8}, &(0x7f0000000140), &(0x7f0000000040)='%pI4   \x00'}, 0x2a)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r9}, 0x10)
unshare(0x62040200)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r10 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r10, &(0x7f0000004200)='t', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00'}, 0x18)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

897.645551ms ago: executing program 5 (id=2432):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYRESDEC=r1, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f00000003c0))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x14)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kmem_cache_free\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
brk(0x400000ffc000)
r5 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TUNGETIFF(r5, 0x800454d2, &(0x7f0000000340)={'dummy0\x00'})
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), r2)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010025bd7000fddbdf250b00000008000400ff0055b51d00cf3f758dc7c625178834bd05437804000008000400050000000733213d24829ce779821e71ec2b9418f4c3e6f31c7ed17ff8b24854ef20c596dde0986e45dd3fda004dd82215ae2a27413eb6b313b07ff9f0350bf59554f1e53360716f01054cdfe96cd14ec287a9fb948f8f8fa1515f6b400107ea0558e23dd05f5b5e10296b145c7282ec83079b3054e2854815293a32ed52c10fef63e4d899c703e4396084b23ebe025ba4b43bc75dec0000000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4040451}, 0x50)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000400)={'syztnl1\x00', &(0x7f0000000780)={'syztnl2\x00', r1, 0x29, 0x15, 0x2, 0x4c, 0x4, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, 0x1, 0x80, 0x9, 0x3}})
write$cgroup_devices(r5, &(0x7f00000004c0)=ANY=[@ANYBLOB="62202a7700766839dba34d4af44229324dca040000009868c94fa2be9341ddf396f2041f019dcef4f7afcffcf2161a98deec6fb66d372c5c476c23e698ff32798b7ea51ce4ce486dca15732b98dc5525b0153ac4403e8e93bab3fbac17f345d23c27019c31db421479b7617ea0e5954ae902f307ac4ceda311e1f7fdffd27ef9a25b466910fa452b44fc371434ad0e554be5dc5523caee54c62f0e11f7ea32f0e5c60613279053135b9243371db04e5dedb9f0bf"], 0x9)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)=@newtaction={0x4c4, 0x30, 0x20, 0x70bd28, 0x25dfdbfe, {}, [{0x168, 0x1, [@m_vlan={0xf0, 0x17, 0x0, 0x0, {{0x9}, {0x2c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xd0e}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb4c}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x2dc}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0x9c, 0x6, "989f327c29e2e21cfc610b2ac5ec1e23960c0614e219dde8e7b6684db2f99b8c9d71fc54955ef1d1db9fbf8a711f9e9a1cbc2dceea0ad339f8ef11ba4cc156354395726e74d3ee8f35d811ccff692cc68a12bf834cee3c2ae863d28fcd1cf703dd76a67d5850ce46c40fbdcaafcbd514680e432a994855affafe8d6deb2f593993fbeac83d4b54f259dad41aee807a4972cace416d9fb47b"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_gact={0x74, 0xd, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x85, 0xd4, 0x8, 0x1, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x642, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x4, 0x3, 0x2, 0x0, 0xffffe3f0}}]}, {0xa, 0x6, "57bdbb32821b"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, {0x348, 0x1, [@m_ctinfo={0xa8, 0x16, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x2}, @TCA_CTINFO_ZONE={0x6, 0x4, 0xd57}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3fd0}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x7}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x100}]}, {0x4c, 0x6, "d4d0e1e452728c1b2ce96fadf39124c174db0ceafbc92d57728f27d73ac4de380fba69710b32588d61bf92513faa8bf2c739d1dee72dce462b7cb6ce935c16bd36ea7dde8c5052ac"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_connmark={0x164, 0x3, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9d77, 0x5, 0x3, 0x9, 0x4}, 0x100}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x397c, 0x200, 0x8, 0x8, 0x21c}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd44, 0x2, 0x4, 0x8001, 0x8107}, 0x481d}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0xfffffff8, 0x1, 0xb4d7, 0x8}, 0x273}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x8, 0x3844aca, 0xfffffff8}, 0xff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xcf, 0xfffffffe, 0x4, 0x2, 0x461e}, 0x6}}]}, {0x8b, 0x6, "d3bf6e4f52ca6e1ca28e104902bb635adaaeea15c5e9395e126fa2ed67dc688b3b769e20da1a6eae499fd1bd35dedfdfe81af4775505deb4cfea64078a7b9aa856e9afadf701a16d034315712bc70cd76083647274d3239c7c8fe177db9f1ea6ba47e8a9f09b54244b1fd7ec4eb2dd5ab751a834c691f18901342b0761f05f6dad0aedfa98b036"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x138, 0xe, 0x0, 0x0, {{0xb}, {0x7c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x9}, @TCA_CTINFO_ACT={0x18, 0x3, {0x5, 0x3, 0x20000000, 0x4, 0x8}}, @TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x7, 0x10000000, 0x2, 0x3}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x2}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xcd}, @TCA_CTINFO_ACT={0x18, 0x3, {0x6, 0x3, 0x7, 0x7fffffff, 0x3}}]}, {0x93, 0x6, "32b6e783c79a9c6994175b21f841c7c0d102f32d12685a5275487c0707e9b4d9c555a05192f59c15d397d303a5578aa8639ea1c16b5e56ffe46b3ad55b61cafd48c5870fe55b253ff94bcd303d256919f0d745ad22eeb1a31ddc98a502355a1e78d516b57509cb3fe81b6a23517df4856446d228de5211e5e2988d00e45b282a90dc23f98181b92d0b9c152d21c4cf"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x4c4}, 0x1, 0x0, 0x0, 0x4040810}, 0x200408c1)

729.855319ms ago: executing program 6 (id=2433):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = dup(r0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x13)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x7, 0x4, 0x100, 0x3fe, 0x28}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r6}, 0x18)
pivot_root(0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYRESDEC=r3, @ANYRES32=0x0, @ANYRESDEC=r4], 0x24}}, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1008}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4f, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r7, 0x10c000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})

639.836153ms ago: executing program 2 (id=2434):
r0 = socket$kcm(0x2, 0x1, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x3, 0x0}, 0x30004001)

563.419666ms ago: executing program 0 (id=2435):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000008000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000380d34ee22f660f2d4ddafcc9ae179f9b7bc1a361dc9081fc3abe8ab0e0656ca3aab9495a84c8db472e481f8c3d934357710d883e842747772972bca48e5109d3c88e6c63ea45d96f422629593c4f9f628a1449b8d4fa18f10dea6f3de18eff6da742062a390ad78c4f00e23f8b9831f6d66e75abdc99292cf9ae583eb8773a07209f0f10a6014a6740bc414a5bdb098c13fcf88a5fdb451637162955cb6986d40f217e3e105c20093f6eca2382d29409a4f82c3486ee7e53698a520e136894fa35e0c236ef2a06f0da63d84c96a4f8ff3a5a660a3716a460ceac851db15a9b017f695f22dc44ec750d4ad04acd782a8a0a2cce9a9d7aaae44c9514116107354fa"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYRESOCT=r2, @ANYRES32=r4, @ANYBLOB="0000000000000000b70300000088b000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4018f50b, &(0x7f0000000200)={0x1, 0x6, 0x1})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r5, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r6=>0x0]}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f0000000080)={r6, 0x8}, &(0x7f00000000c0)=0x8)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01c21668f6d1d66edb251c00000018000180140002006c6f"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

557.978996ms ago: executing program 2 (id=2436):
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
shmget(0x3, 0x1000, 0x1a0, &(0x7f0000ffc000/0x1000)=nil)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6, @remote}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0x0, 0x1ffffff, {0x0, 0x0, 0x0, r1, {0x7, 0x9}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000140)}, 0x10)

465.16245ms ago: executing program 5 (id=2437):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f00000002c0)='./file2\x00', 0x0, 0x8}, 0x18)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r0, 0x80286722, &(0x7f0000000440)={&(0x7f0000000380)=""/157, 0x9d, 0x2, 0x1})
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x1800)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000200)=""/180, &(0x7f0000000180)=0xb4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
getxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x9, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040), 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
listen(r4, 0x5)
r5 = socket(0x28, 0x5, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
connect$vsock_stream(r5, &(0x7f0000000080), 0x10)
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000014c0)=@deltclass={0x24, 0x29, 0x20, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xd}, {0xffff, 0x5}, {0xffe0, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004885}, 0x40004)
setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f00000000c0)={0x1, 0x79e}, 0x8)
sendmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x9, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
r6 = accept4$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x0)
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

388.138483ms ago: executing program 6 (id=2438):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x7, 0x8, &(0x7f0000000200)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0600000004000000ff0f00000900000000000000", @ANYRES32, @ANYBLOB="070000002a000000001006000000800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r4, 0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18)
unlinkat(r0, &(0x7f0000000280)='./file1\x00', 0x200)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendto$inet6(r5, &(0x7f0000000180)="1a", 0x1, 0x804, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendto$inet6(r5, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a9d6480046246e60bea0cf6f54abc69ff9418b6cb9301eb6890227215b633a886fb13c89698e51e482c42ca99613b20e22e5ce15272f5bda8b18cf53d49130a94135dd8a9692c", 0x34000, 0xbcff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000080), 0xc)
writev(r5, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0xfdef}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x50)
fcntl$setlease(r6, 0x400, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

343.321925ms ago: executing program 2 (id=2439):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x4000011, r0, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

294.180157ms ago: executing program 6 (id=2440):
time(&(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_x25_SIOCDELRT(r2, 0x890c, &(0x7f00000005c0)={@null, 0x12, 'tunl0\x00'})

293.432037ms ago: executing program 3 (id=2441):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='maps\x00')
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf25250000000e0001006e657464657673696d000000300000000000000000000000000000000ef3e0e10a474d1e2e7e7b4c9f0e0e8d7d4e3c088b5029b8f22345b232e2910269d2780b36efa2282fd8a97de34aca1f72d9b398415aecfe11e94ad74657cd02b7a203b117c322a99b8f66d593eb93f4dd1fbaeea6127da7d6ea029dab571eee850f6e5d3d9eb97e9a80b86949efda841fae361f81026069de00b1c60d24e41e34a3d9db2cf0773903d7bb41fb0e85b9328326112fcb43f542cc3537cee65d752a72a97d67977aeb2c53de063ea28c1893"], 0x34}}, 0x6048800)
syz_emit_ethernet(0x7a, &(0x7f0000000180)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "f6ff01", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0xdd86, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x10}, 0x1, {0x7b43}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x5, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x2}, 0x18)
socket$inet6(0xa, 0x1, 0x0)
r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xf96d, 0x3010, 0x4, 0xe6}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x28, 0x0, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0xfffffffa}}}}}, 0x28}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r7)
sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0103000000000000000001"], 0x30}}, 0x44)

272.694258ms ago: executing program 6 (id=2442):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0xff7ffffffffffffc}, 0x18)
r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, 0x0)

271.965168ms ago: executing program 0 (id=2443):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070011000000060004404e2200000600"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

236.64921ms ago: executing program 2 (id=2444):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x8000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000300, &(0x7f0000000600)={[{@grpid}]}, 0x1, 0x521, &(0x7f0000000640)="$eJzs3d9rZFcdAPDvvcmkyW5qpiqyFmyLrewW3ZmksRpF2gqiTwW1vq8xmYSQSSZkJnUTiqb4BwgiKvgH+CL44KMg/RNEWNB3UVFEd/VR98qdudH8mEnGZJJZJ58PnMw598f5nnPJ3Lk/DvcGcG29EBFvRMRYRLwcETPF9LRIsd9J+XKPHr6zlKcksuytvyaRFNMO6srL4xFxs1htMiK++qWIbyQn4zZ399YX6/XadlGutja2qs3dvbtrG4urtdXa5vz83M8j4tWF2axwoX6WI+K1L/zxB9/9yRdf++Unvvm7e3++8628WZ/7UKfdEbF0oQA9dOoutbfFgXwbbV9GsCHJ+1MaG3YrAADoR36M//6I+Gj7+H8mxtpHcwAAAMAoyV6fjn8mERkAAAAwstKImI4krRRjAaYjTSuVzhjeD8aNtN5otj6+0tjZXM7nRZSjlK6s1WuzxVjhcpSSvDxXjLE9KL9yrDwfEc9ExPdnptrlylKjvjzsix8AAABwTdx8/uj5/z9m0nYeAAAAGDHlngUAAABgVDjlBwAAgNHn/B8AAABG2pfffDNP2cF7vJff3t1Zb7x9d7nWXK9s7CxVlhrbW5XVRmO1/cy+jbPqqzcaW5+MzZ371Vat2ao2d/fubTR2Nlv31o68AhsAAAC4Qs88/95vk4jY/+xUO0XxHECAI/4w7AYAgzQ27AYAQzM+7AYAQ1M6cwl7CBh1yRnzTw7e6VwrjF9dTnsAAIDBu/3hk/f/J4p5Z18bAP6fGesDANfP0bt7U0NrB3D1SucdAXhr0C0BhuV9nY+nes3v+fCOPu7/d64xZNm5GgYAAAzMdDslaaU4Tp+ONK1UIp6Ox1k5SsnKWr02W5wf/Gam9FRenmuvmZw5ZhgAAAAAAAAAAAAAAAAAAAAAAAAA6MiyJDIAAABgpEWkf0raT/OPuD3z0vTRqwPH3vr147d+eH+x1dqei5hI/jaTT5qIiNaPiumvZF4JAAAAAMM1lf/pnKcXn3PDbhIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo+bRw3eWDtJVxv3L5yOi3C3+eEy2PyejFBE3/p7E+KH1kogYG0D8/Xcj4la3+Ek8zrKsXLSiW/ypS45fbm+a7vHTiLg5gPhwnb2X73/e6Pb9S+OF9mf37994kS6q9/4v/c/+b6zH/ufpY+Venn3ws2rP+O9GPDveff9zED/pxD8SIi+82Gcfv/61vb2uMw5V2S3+4VjV1sZWtbm7d3dtY3G1tlrbnJ+f+9TCpxdeXZitrqzVa8XfrmG+95FfPD6t/zd6xC8f7f+J7f9SX73P4l8P7j/8QKdQ6hb/zovdf39v9YifFr99Hyvy+fzbB/n9Tv6w53766+dO6/9yj/5PntH/O331Pz7z8le+8/uuc05sDQDgKjR399YX6/Xa9imZyT6W+Z8yERet5/WBtudJyMTZy0w+IU29jEz27c7/48XqueDqJzLZRVYfjwE0Y+LE93QszlthErGf19XnPyQAADBi/nvQf9odJAAAAAAAAAAAAAAAAAAAAOAynfOxZJMR0ffCx2PuD6erAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn+ncAAAD//+8b0g8=")

188.625932ms ago: executing program 0 (id=2445):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r1, @ANYRES16=r0, @ANYRESOCT=r1, @ANYBLOB="fecc17bf5f2d405b9d8a6ce9865596d3c7827621ed", @ANYRES32=r1, @ANYRES16=r0], 0x48)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001980), 0x200) (async)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001980), 0x200)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18)
r7 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r7, 0x2) (async)
flock(r7, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$setstatus(r3, 0x4, 0x2800)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x6}, &(0x7f00000000c0)=0x8) (async)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={<r9=>0x0, 0x6}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r8, 0x84, 0x79, &(0x7f0000000100)={r9, 0x4, 0x7}, 0x8)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x5452, &(0x7f0000000a00)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10, 0x0, 0xfffffffffffffffe}, 0x18)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000)

115.779645ms ago: executing program 6 (id=2446):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0xa)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10)
sendto(r1, &(0x7f0000000000)='A', 0x1, 0x40008c1, 0x0, 0x80101)

81.004746ms ago: executing program 3 (id=2447):
r0 = socket(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}, {0x3, 0x9, 0x0, 0x3}]})
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x97a3}, 0x18)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000500)='/sys/kernel/notes', 0x800, 0x188)
preadv(r2, &(0x7f0000000180)=[{&(0x7f00000012c0)=""/112, 0x6c}], 0x2, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x6, &(0x7f00000000c0)=[{0x2, 0x80, 0x86, 0xf}, {0x5, 0x1, 0x0, 0x204}, {0xc, 0x6, 0x1c, 0x3}, {0xf, 0x3, 0xfd, 0x7ff}, {0x7fff, 0x15, 0xff, 0xaa}, {0x4, 0x3c, 0x30}]})
fcntl$setlease(r3, 0x400, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000))
io_uring_setup(0x7f59, &(0x7f0000000340)={0x0, 0xb140, 0x1000, 0x1009, 0x197})
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x7}, 0x18)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106}}, 0x20)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000140)={0x0, 0x1, r1, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r6, 0x4b47, &(0x7f0000000280)={0x5, 0xfe, 0x8006})
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813, 0x0, 0x0, 0x5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001e008d2a00000000000000000a000000", @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}, 0x1, 0x0, 0x0, 0x10008000}, 0x14048010)

1.91484ms ago: executing program 0 (id=2448):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="02042700ea0e", 0x6}], 0x1}, 0x40010)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x0, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty=0xffffff7f, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d00007fffffff000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)

0s ago: executing program 3 (id=2449):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x10c000)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f0000000080))

kernel console output (not intermixed with test programs):

6.159327][   T29] audit: type=1326 audit(1764719625.434:4148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.0.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  106.182829][   T29] audit: type=1326 audit(1764719625.434:4149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.0.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  106.206258][   T29] audit: type=1326 audit(1764719625.434:4150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.0.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  106.229745][   T29] audit: type=1326 audit(1764719625.434:4151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7686 comm="syz.0.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  106.325669][ T7689] __nla_validate_parse: 3 callbacks suppressed
[  106.325685][ T7689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1232'.
[  106.833062][ T7737] veth0: entered promiscuous mode
[  106.838567][ T7737] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1246'.
[  106.852294][ T7737] veth0 (unregistering): left promiscuous mode
[  107.254603][ T7762] loop5: detected capacity change from 0 to 512
[  107.274591][ T7762] EXT4-fs (loop5): 1 truncate cleaned up
[  107.282533][ T7762] EXT4-fs mount: 12 callbacks suppressed
[  107.282549][ T7762] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.307786][ T7762] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1255: bg 0: block 465: padding at end of block bitmap is not set
[  107.322601][ T7762] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28
[  107.335105][ T7762] EXT4-fs (loop5): This should not happen!! Data will be lost
[  107.335105][ T7762] 
[  107.344794][ T7762] EXT4-fs (loop5): Total free blocks count 0
[  107.350849][ T7762] EXT4-fs (loop5): Free/Dirty block details
[  107.356763][ T7762] EXT4-fs (loop5): free_blocks=0
[  107.361805][ T7762] EXT4-fs (loop5): dirty_blocks=66
[  107.367034][ T7762] EXT4-fs (loop5): Block reservation details
[  107.373074][ T7762] EXT4-fs (loop5): i_reserved_data_blocks=66
[  107.400394][ T3511] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  107.539051][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1261'.
[  108.097145][ T7799] loop3: detected capacity change from 0 to 256
[  108.283499][ T7819] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1273'.
[  108.326764][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1273'.
[  108.368935][ T7822] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1274'.
[  108.452109][ T7824] veth0: entered promiscuous mode
[  108.464303][ T7824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1275'.
[  108.482834][ T7824] veth0 (unregistering): left promiscuous mode
[  108.495827][ T7822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1274'.
[  108.665637][ T7848] loop2: detected capacity change from 0 to 256
[  109.036655][ T7866] veth0: entered promiscuous mode
[  109.043335][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1289'.
[  109.785705][ T7897] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1301'.
[  110.279813][ T7929] loop7: detected capacity change from 0 to 7
[  110.286355][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.295556][    C1] buffer_io_error: 2 callbacks suppressed
[  110.295580][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.312486][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.321691][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.331420][ T7929]  loop7: unable to read partition table
[  110.344657][ T7929] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  110.357015][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.367299][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.377766][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.386959][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.395328][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.404534][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.412935][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.422202][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.433363][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  110.443636][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  110.446603][ T7938] loop5: detected capacity change from 0 to 7
[  110.466446][ T7938] Buffer I/O error on dev loop5, logical block 0, async page read
[  110.474406][ T7938] Buffer I/O error on dev loop5, logical block 0, async page read
[  110.482446][ T7938]  loop5: unable to read partition table
[  110.488686][ T7938] loop_reread_partitions: partition scan of loop5 (�被x������ڬ��dG�����ݡ�����
[  110.488686][ T7938] 
) failed (rc=-5)
[  110.491425][ T3303] Buffer I/O error on dev loop5, logical block 0, async page read
[  110.521896][ T3007]  loop5: unable to read partition table
[  110.912401][ T7955] loop5: detected capacity change from 0 to 512
[  110.922904][ T7955] EXT4-fs (loop5): 1 truncate cleaned up
[  110.929638][ T7955] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.943136][ T7955] 9pnet_fd: Insufficient options for proto=fd
[  111.010950][   T29] kauditd_printk_skb: 297 callbacks suppressed
[  111.010968][   T29] audit: type=1400 audit(1764719630.406:4449): avc:  denied  { override_creds } for  pid=7962 comm="syz.4.1318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  111.048752][ T7965] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  111.072895][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.166299][   T29] audit: type=1326 audit(1764719630.556:4450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.189794][   T29] audit: type=1326 audit(1764719630.556:4451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.213244][   T29] audit: type=1326 audit(1764719630.556:4452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.236679][   T29] audit: type=1326 audit(1764719630.556:4453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.260204][   T29] audit: type=1326 audit(1764719630.556:4454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.283658][   T29] audit: type=1326 audit(1764719630.566:4455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.307162][   T29] audit: type=1326 audit(1764719630.566:4456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.330603][   T29] audit: type=1326 audit(1764719630.566:4457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.354081][   T29] audit: type=1326 audit(1764719630.566:4458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7973 comm="syz.0.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe7b9dcf749 code=0x7ffc0000
[  111.400572][ T7979] __nla_validate_parse: 7 callbacks suppressed
[  111.400590][ T7979] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1325'.
[  111.419100][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1325'.
[  111.508573][ T7989] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1329'.
[  111.903885][ T8000] loop0: detected capacity change from 0 to 512
[  111.925936][ T8000] EXT4-fs (loop0): 1 truncate cleaned up
[  111.935047][ T8000] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.948642][ T8000] 9pnet_fd: Insufficient options for proto=fd
[  112.012852][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.349394][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1340'.
[  112.550424][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1343'.
[  112.651497][ T8057] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1352'.
[  112.704962][ T8057] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1352'.
[  112.705151][ T8058] loop5: detected capacity change from 0 to 512
[  112.758427][ T8058] EXT4-fs (loop5): 1 truncate cleaned up
[  112.781293][ T8058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.846361][ T8065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1355'.
[  112.874487][ T8031] 9pnet_fd: Insufficient options for proto=fd
[  112.891419][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1354'.
[  113.329572][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.922772][ T8136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1376'.
[  114.202202][ T8121] loop4: detected capacity change from 0 to 512
[  114.233505][ T8121] EXT4-fs (loop4): 1 truncate cleaned up
[  114.241242][ T8121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  114.258646][ T8121] 9pnet_fd: Insufficient options for proto=fd
[  114.335996][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.204324][ T8211] loop2: detected capacity change from 0 to 512
[  115.251985][ T8211] EXT4-fs (loop2): 1 truncate cleaned up
[  115.268759][ T8220] process 'syz.0.1405' launched './file1' with NULL argv: empty string added
[  115.298559][ T8211] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.353220][ T8211] 9pnet_fd: Insufficient options for proto=fd
[  115.520130][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.100378][ T8301] loop5: detected capacity change from 0 to 512
[  116.108503][ T8301] EXT4-fs (loop5): 1 truncate cleaned up
[  116.114591][ T8301] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  116.128097][ T8301] 9pnet_fd: Insufficient options for proto=fd
[  116.189514][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.207923][   T29] kauditd_printk_skb: 200 callbacks suppressed
[  116.207937][   T29] audit: type=1326 audit(1764719635.609:4659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.238670][   T29] audit: type=1326 audit(1764719635.609:4660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.262171][   T29] audit: type=1326 audit(1764719635.609:4661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.285631][   T29] audit: type=1326 audit(1764719635.609:4662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.309172][   T29] audit: type=1326 audit(1764719635.609:4663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.332698][   T29] audit: type=1326 audit(1764719635.609:4664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.356160][   T29] audit: type=1326 audit(1764719635.609:4665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.379567][   T29] audit: type=1326 audit(1764719635.609:4666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.402979][   T29] audit: type=1326 audit(1764719635.609:4667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.426500][   T29] audit: type=1326 audit(1764719635.609:4668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8304 comm="syz.3.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  116.926483][ T8365] __nla_validate_parse: 9 callbacks suppressed
[  116.926502][ T8365] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1435'.
[  117.071375][ T8376] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  117.103169][ T8378] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1443'.
[  117.128680][ T8349] loop4: detected capacity change from 0 to 512
[  117.145576][ T8349] EXT4-fs (loop4): 1 truncate cleaned up
[  117.151893][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'.
[  117.152478][ T8349] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.176188][ T8349] 9pnet_fd: Insufficient options for proto=fd
[  117.195836][ T8383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1444'.
[  117.250825][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.109498][ T8420] loop0: detected capacity change from 0 to 512
[  118.118694][ T8420] EXT4-fs (loop0): 1 truncate cleaned up
[  118.125926][ T8420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  118.227555][ T8420] 9pnet_fd: Insufficient options for proto=fd
[  118.376114][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.424262][ T8460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1468'.
[  118.459074][ T8462] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1470'.
[  118.547983][ T8462] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1470'.
[  118.641631][ T8469] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1473'.
[  118.698901][ T8469] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1473'.
[  119.149624][ T8487] loop0: detected capacity change from 0 to 512
[  119.169777][ T8487] EXT4-fs (loop0): 1 truncate cleaned up
[  119.182792][ T8487] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.206301][ T8487] 9pnet_fd: Insufficient options for proto=fd
[  119.280323][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.769996][ T8541] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1501'.
[  119.858019][ T8535] loop5: detected capacity change from 0 to 512
[  119.879150][ T8535] EXT4-fs (loop5): 1 truncate cleaned up
[  119.911616][ T8535] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.925824][ T8535] 9pnet_fd: Insufficient options for proto=fd
[  120.058749][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.818481][ T8586] loop2: detected capacity change from 0 to 512
[  120.844952][ T8586] EXT4-fs (loop2): 1 truncate cleaned up
[  120.851659][ T8586] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.865621][ T8586] 9pnet_fd: Insufficient options for proto=fd
[  121.046398][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.288988][   T29] kauditd_printk_skb: 192 callbacks suppressed
[  121.289008][   T29] audit: type=1326 audit(1764719640.681:4861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.327352][   T29] audit: type=1326 audit(1764719640.681:4862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.350938][   T29] audit: type=1326 audit(1764719640.681:4863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.374476][   T29] audit: type=1326 audit(1764719640.681:4864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.398090][   T29] audit: type=1326 audit(1764719640.681:4865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.421520][   T29] audit: type=1326 audit(1764719640.721:4866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.445150][   T29] audit: type=1326 audit(1764719640.721:4867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.468646][   T29] audit: type=1326 audit(1764719640.721:4868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.492071][   T29] audit: type=1326 audit(1764719640.721:4869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.515514][   T29] audit: type=1326 audit(1764719640.721:4870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8632 comm="syz.4.1531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7455eef749 code=0x7ffc0000
[  121.867255][ T8658] loop5: detected capacity change from 0 to 512
[  121.902699][ T8658] EXT4-fs (loop5): 1 truncate cleaned up
[  121.923939][ T8658] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.052119][ T8653] 9pnet_fd: Insufficient options for proto=fd
[  122.104254][ T8665] __nla_validate_parse: 7 callbacks suppressed
[  122.104332][ T8665] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1542'.
[  122.166170][ T8665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1542'.
[  122.247956][ T8669] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1544'.
[  122.293074][ T8669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1544'.
[  122.560714][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'.
[  122.614834][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.647555][ T8696] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1556'.
[  122.693362][ T8696] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1556'.
[  122.758871][ T8702] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1559'.
[  122.807435][ T8702] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1559'.
[  122.909909][ T8706] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1561'.
[  123.523135][ T8723] loop5: detected capacity change from 0 to 512
[  123.639640][ T8723] EXT4-fs (loop5): 1 truncate cleaned up
[  123.648974][ T8723] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.682032][ T8723] 9pnet_fd: Insufficient options for proto=fd
[  123.805979][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.315123][ T8786] loop0: detected capacity change from 0 to 512
[  124.335727][ T8786] EXT4-fs (loop0): 1 truncate cleaned up
[  124.349768][ T8786] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.474602][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.030031][ T8828] loop2: detected capacity change from 0 to 512
[  125.044221][ T8828] EXT4-fs (loop2): 1 truncate cleaned up
[  125.050577][ T8828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.141392][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.673789][ T8878] loop2: detected capacity change from 0 to 512
[  125.731209][ T8878] EXT4-fs (loop2): 1 truncate cleaned up
[  125.737597][ T8878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.821879][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.250858][ T8921] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  126.391546][   T29] kauditd_printk_skb: 225 callbacks suppressed
[  126.391566][   T29] audit: type=1326 audit(1764719645.784:5096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.421218][   T29] audit: type=1326 audit(1764719645.784:5097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.444874][   T29] audit: type=1326 audit(1764719645.784:5098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.468390][   T29] audit: type=1326 audit(1764719645.784:5099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.492017][   T29] audit: type=1326 audit(1764719645.784:5100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.515580][   T29] audit: type=1326 audit(1764719645.784:5101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.539103][   T29] audit: type=1326 audit(1764719645.784:5102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.575967][   T29] audit: type=1326 audit(1764719645.884:5103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8927 comm="syz.3.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  126.599555][   T29] audit: type=1326 audit(1764719645.934:5104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8922 comm="syz.5.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  126.623201][   T29] audit: type=1326 audit(1764719645.934:5105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8922 comm="syz.5.1652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  126.926957][ T8955] tipc: Started in network mode
[  126.932019][ T8955] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  126.941641][ T8955] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  126.950030][ T8955] tipc: Enabled bearer <udp:syz0>, priority 10
[  127.106142][ T8933] loop0: detected capacity change from 0 to 512
[  127.121230][ T8933] EXT4-fs (loop0): 1 truncate cleaned up
[  127.128388][ T8933] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.274511][ T8968] __nla_validate_parse: 33 callbacks suppressed
[  127.274526][ T8968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1679'.
[  127.330284][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.340914][ T8982] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1673'.
[  127.381353][ T8967] loop4: detected capacity change from 0 to 512
[  127.389364][ T8967] EXT4-fs (loop4): 1 truncate cleaned up
[  127.395643][ T8967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.565418][ T8998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1680'.
[  127.752499][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.091008][ T9011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1687'.
[  128.100338][ T3398] tipc: Node number set to 1
[  128.185838][ T9017] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1688'.
[  128.231678][ T9017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1688'.
[  128.318100][ T9025] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1692'.
[  128.343603][ T9013] loop5: detected capacity change from 0 to 512
[  128.353523][ T9026] support for the xor transformation has been removed.
[  128.526391][ T9013] EXT4-fs (loop5): 1 truncate cleaned up
[  128.532545][ T9013] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.682724][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.770644][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1700'.
[  128.821373][ T9049] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1702'.
[  128.836631][ T9051] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  128.895352][ T9053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1704'.
[  129.051196][ T9064] loop2: detected capacity change from 0 to 1024
[  129.126043][ T9064] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  129.135873][ T9064] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  129.159958][ T9064] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  129.190668][ T9064] EXT4-fs error (device loop2): ext4_get_journal_inode:5808: inode #5: comm syz.2.1708: unexpected bad inode w/o EXT4_IGET_BAD
[  129.214710][ T9064] EXT4-fs (loop2): no journal found
[  129.220119][ T9064] EXT4-fs (loop2): can't get journal size
[  129.261502][ T9064] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  129.314111][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.341901][ T9072] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  129.413070][ T9066] loop5: detected capacity change from 0 to 512
[  129.502872][ T9085] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  129.515738][ T9066] EXT4-fs (loop5): 1 truncate cleaned up
[  129.522413][ T9066] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.717357][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.844457][ T9105] loop2: detected capacity change from 0 to 1024
[  129.895723][ T9105] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  129.929209][ T9105] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.943950][ T9113] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  130.013520][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  130.182758][ T9153] support for the xor transformation has been removed.
[  130.425931][ T9179] FAULT_INJECTION: forcing a failure.
[  130.425931][ T9179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.439188][ T9179] CPU: 1 UID: 0 PID: 9179 Comm: syz.5.1749 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  130.439223][ T9179] Tainted: [W]=WARN
[  130.439230][ T9179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  130.439248][ T9179] Call Trace:
[  130.439259][ T9179]  <TASK>
[  130.439269][ T9179]  __dump_stack+0x1d/0x30
[  130.439303][ T9179]  dump_stack_lvl+0xe8/0x140
[  130.439330][ T9179]  dump_stack+0x15/0x1b
[  130.439354][ T9179]  should_fail_ex+0x265/0x280
[  130.439445][ T9179]  should_fail+0xb/0x20
[  130.439481][ T9179]  should_fail_usercopy+0x1a/0x20
[  130.439603][ T9179]  _copy_to_user+0x20/0xa0
[  130.439700][ T9179]  simple_read_from_buffer+0xb5/0x130
[  130.439745][ T9179]  proc_fail_nth_read+0x10e/0x150
[  130.439821][ T9179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  130.439855][ T9179]  vfs_read+0x1a8/0x770
[  130.439912][ T9179]  ? __rcu_read_unlock+0x4f/0x70
[  130.439939][ T9179]  ? __fget_files+0x184/0x1c0
[  130.440017][ T9179]  ? mutex_lock+0x58/0x90
[  130.440098][ T9179]  ksys_read+0xda/0x1a0
[  130.440172][ T9179]  __x64_sys_read+0x40/0x50
[  130.440192][ T9179]  x64_sys_call+0x2889/0x3000
[  130.440219][ T9179]  do_syscall_64+0xd8/0x2a0
[  130.440292][ T9179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.440319][ T9179] RIP: 0033:0x7f12fc4be15c
[  130.440338][ T9179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  130.440362][ T9179] RSP: 002b:00007f12faf1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  130.440466][ T9179] RAX: ffffffffffffffda RBX: 00007f12fc715fa0 RCX: 00007f12fc4be15c
[  130.440482][ T9179] RDX: 000000000000000f RSI: 00007f12faf1f0a0 RDI: 0000000000000004
[  130.440498][ T9179] RBP: 00007f12faf1f090 R08: 0000000000000000 R09: 0000000000000000
[  130.440589][ T9179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.440605][ T9179] R13: 00007f12fc716038 R14: 00007f12fc715fa0 R15: 00007ffddddb7628
[  130.440636][ T9179]  </TASK>
[  130.644500][ T9173] loop3: detected capacity change from 0 to 2048
[  130.680080][ T9173] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.712240][ T9184] sch_tbf: peakrate 7 is lower than or equals to rate 19 !
[  131.107023][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.263589][ T9206] support for the xor transformation has been removed.
[  131.363097][ T9194] loop4: detected capacity change from 0 to 512
[  131.373762][ T9194] EXT4-fs (loop4): 1 truncate cleaned up
[  131.380148][ T9194] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.405771][ T9194] 9pnet: Could not find request transport: fd0x0000000000000004
[  131.461055][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  131.461071][   T29] audit: type=1326 audit(1764719650.866:5366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.504342][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.548989][   T29] audit: type=1326 audit(1764719650.896:5367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.572447][   T29] audit: type=1326 audit(1764719650.896:5368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.596252][   T29] audit: type=1326 audit(1764719650.896:5369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.620132][   T29] audit: type=1326 audit(1764719650.896:5370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.643570][   T29] audit: type=1326 audit(1764719650.896:5371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.667078][   T29] audit: type=1326 audit(1764719650.896:5372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.690792][   T29] audit: type=1326 audit(1764719650.896:5373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.714450][   T29] audit: type=1326 audit(1764719650.896:5374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.738055][   T29] audit: type=1326 audit(1764719650.896:5375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9224 comm="syz.3.1768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f82ccc3f749 code=0x7ffc0000
[  131.972456][ T9258] loop0: detected capacity change from 0 to 1024
[  131.985885][ T9258] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  131.995783][ T9258] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  132.006054][ T9258] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  132.026738][ T9258] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: inode #5: comm syz.0.1778: unexpected bad inode w/o EXT4_IGET_BAD
[  132.068950][ T9258] EXT4-fs (loop0): no journal found
[  132.074218][ T9258] EXT4-fs (loop0): can't get journal size
[  132.091054][ T9258] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  132.159199][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.291643][ T9271] __nla_validate_parse: 24 callbacks suppressed
[  132.291658][ T9271] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1783'.
[  132.334719][ T9281] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1787'.
[  132.347077][ T9260] loop2: detected capacity change from 0 to 512
[  132.361622][ T9284] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1788'.
[  132.386311][ T9260] EXT4-fs (loop2): 1 truncate cleaned up
[  132.393287][ T9260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.430835][ T9260] 9pnet: Could not find request transport: fd0x0000000000000004
[  132.455402][ T9290] loop5: detected capacity change from 0 to 1024
[  132.487487][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.500707][ T9290] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  132.510521][ T9290] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  132.525941][ T9290] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  132.551215][ T9290] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: inode #5: comm syz.5.1791: unexpected bad inode w/o EXT4_IGET_BAD
[  132.553771][ T9294] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1793'.
[  132.637779][ T9294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1793'.
[  132.658586][ T9290] EXT4-fs (loop5): no journal found
[  132.663928][ T9290] EXT4-fs (loop5): can't get journal size
[  132.739016][ T9290] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  132.924522][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.077589][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1799'.
[  133.103805][ T9320] loop2: detected capacity change from 0 to 128
[  133.124159][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1796'.
[  133.128906][ T9320] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  133.225097][ T9330] loop5: detected capacity change from 0 to 1024
[  133.252738][ T9330] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  133.262671][ T9330] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  133.279181][ T9337] netlink: 'syz.4.1809': attribute type 3 has an invalid length.
[  133.311234][ T9330] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  133.337239][ T9342] FAULT_INJECTION: forcing a failure.
[  133.337239][ T9342] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.350715][ T9342] CPU: 0 UID: 0 PID: 9342 Comm: syz.2.1810 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  133.350820][ T9342] Tainted: [W]=WARN
[  133.350829][ T9342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  133.350845][ T9342] Call Trace:
[  133.350854][ T9342]  <TASK>
[  133.350864][ T9342]  __dump_stack+0x1d/0x30
[  133.350887][ T9342]  dump_stack_lvl+0xe8/0x140
[  133.350943][ T9342]  dump_stack+0x15/0x1b
[  133.350967][ T9342]  should_fail_ex+0x265/0x280
[  133.351003][ T9342]  should_fail+0xb/0x20
[  133.351029][ T9342]  should_fail_usercopy+0x1a/0x20
[  133.351069][ T9342]  _copy_to_user+0x20/0xa0
[  133.351130][ T9342]  simple_read_from_buffer+0xb5/0x130
[  133.351177][ T9342]  proc_fail_nth_read+0x10e/0x150
[  133.351235][ T9342]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  133.351260][ T9342]  vfs_read+0x1a8/0x770
[  133.351290][ T9342]  ? __rcu_read_unlock+0x4f/0x70
[  133.351320][ T9342]  ? __fget_files+0x184/0x1c0
[  133.351375][ T9342]  ? mutex_lock+0x58/0x90
[  133.351405][ T9342]  ksys_read+0xda/0x1a0
[  133.351486][ T9342]  __x64_sys_read+0x40/0x50
[  133.351509][ T9342]  x64_sys_call+0x2889/0x3000
[  133.351534][ T9342]  do_syscall_64+0xd8/0x2a0
[  133.351563][ T9342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.351596][ T9342] RIP: 0033:0x7f18c523e15c
[  133.351616][ T9342] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  133.351638][ T9342] RSP: 002b:00007f18c3ca7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  133.351657][ T9342] RAX: ffffffffffffffda RBX: 00007f18c5495fa0 RCX: 00007f18c523e15c
[  133.351742][ T9342] RDX: 000000000000000f RSI: 00007f18c3ca70a0 RDI: 0000000000000006
[  133.351758][ T9342] RBP: 00007f18c3ca7090 R08: 0000000000000000 R09: 0000000000000000
[  133.351774][ T9342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  133.351787][ T9342] R13: 00007f18c5496038 R14: 00007f18c5495fa0 R15: 00007ffc9f02ca28
[  133.351806][ T9342]  </TASK>
[  133.352836][ T9330] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: inode #5: comm syz.5.1806: unexpected bad inode w/o EXT4_IGET_BAD
[  133.568147][ T9330] EXT4-fs (loop5): no journal found
[  133.573504][ T9330] EXT4-fs (loop5): can't get journal size
[  133.582159][ T9330] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  133.619639][ T9335] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1805'.
[  133.619814][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.734892][ T9357] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  133.854669][ T9361] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1817'.
[  134.205722][ T9368] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1818'.
[  134.300259][ T9368] bond1: entered promiscuous mode
[  134.305473][ T9368] 8021q: adding VLAN 0 to HW filter on device bond1
[  134.323156][ T9368] IPv6: NLM_F_CREATE should be specified when creating new route
[  134.331075][ T9368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  134.338312][ T9368] IPv6: NLM_F_CREATE should be set when creating new route
[  134.345583][ T9368] IPv6: NLM_F_CREATE should be set when creating new route
[  134.352954][ T9368] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  134.401090][ T9371] 8021q: adding VLAN 0 to HW filter on device bond1
[  134.408769][ T9371] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  134.420564][ T9371] bond1: (slave wireguard0): Error -95 calling set_mac_address
[  134.556058][ T9380] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2660
[  135.009426][ T9417] loop5: detected capacity change from 0 to 1024
[  135.157822][ T9417] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  135.167723][ T9417] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  135.192422][ T9417] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  135.232775][ T9417] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: inode #5: comm syz.5.1838: unexpected bad inode w/o EXT4_IGET_BAD
[  135.280657][ T9417] EXT4-fs (loop5): no journal found
[  135.285920][ T9417] EXT4-fs (loop5): can't get journal size
[  135.301778][ T9417] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  135.319054][ T9440] loop3: detected capacity change from 0 to 128
[  135.381044][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.439780][ T9451] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  135.497865][ T9457] loop0: detected capacity change from 0 to 512
[  135.620692][ T9458] loop5: detected capacity change from 0 to 2048
[  135.701062][ T9469] loop4: detected capacity change from 0 to 512
[  135.709464][ T3768] Alternate GPT is invalid, using primary GPT.
[  135.713961][ T9469] EXT4-fs: dax option not supported
[  135.715960][ T3768]  loop5: p2 p3 p7
[  135.743453][ T9458] Alternate GPT is invalid, using primary GPT.
[  135.749940][ T9458]  loop5: p2 p3 p7
[  135.847940][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  135.851728][ T9478] support for the xor transformation has been removed.
[  135.865198][ T3768] udevd[3768]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  135.875542][ T8992] udevd[8992]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[  135.900628][ T3768] udevd[3768]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  135.907155][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  135.912220][ T8992] udevd[8992]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[  136.133892][ T9475] loop5: detected capacity change from 0 to 512
[  136.396777][ T9475] EXT4-fs (loop5): 1 truncate cleaned up
[  136.403119][ T9475] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.468876][ T9475] 9pnet_fd: Insufficient options for proto=fd
[  136.575196][   T29] kauditd_printk_skb: 316 callbacks suppressed
[  136.575211][   T29] audit: type=1326 audit(1764719655.979:5692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.661958][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.672923][   T29] audit: type=1326 audit(1764719656.029:5693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.696370][   T29] audit: type=1326 audit(1764719656.029:5694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.719872][   T29] audit: type=1326 audit(1764719656.029:5695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.743528][   T29] audit: type=1326 audit(1764719656.029:5696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.767028][   T29] audit: type=1326 audit(1764719656.029:5697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.790638][   T29] audit: type=1326 audit(1764719656.029:5698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.814072][   T29] audit: type=1326 audit(1764719656.029:5699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.837565][   T29] audit: type=1326 audit(1764719656.029:5700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.861027][   T29] audit: type=1326 audit(1764719656.029:5701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9490 comm="syz.2.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  136.929763][ T9505] 9pnet_fd: Insufficient options for proto=fd
[  136.937699][ T9503] loop5: detected capacity change from 0 to 128
[  136.974669][ T9503] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  137.002134][ T9503] ext4 filesystem being mounted at /144/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  137.071044][ T7296] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  137.105215][ T9524] loop3: detected capacity change from 0 to 1024
[  137.113475][ T9520] bridge0: entered promiscuous mode
[  137.120488][ T9520] bridge0: port 3(macvtap1) entered blocking state
[  137.127247][ T9520] bridge0: port 3(macvtap1) entered disabled state
[  137.133986][ T9520] macvtap1: entered allmulticast mode
[  137.139556][ T9520] bridge0: entered allmulticast mode
[  137.145856][ T9520] macvtap1: left allmulticast mode
[  137.151073][ T9520] bridge0: left allmulticast mode
[  137.161163][ T9520] bridge0: left promiscuous mode
[  137.167191][ T9524] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  137.176996][ T9524] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  137.217678][ T9524] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  137.285946][ T9524] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: inode #5: comm syz.3.1879: unexpected bad inode w/o EXT4_IGET_BAD
[  137.300652][ T9524] EXT4-fs (loop3): no journal found
[  137.305928][ T9524] EXT4-fs (loop3): can't get journal size
[  137.312731][ T9535] __nla_validate_parse: 12 callbacks suppressed
[  137.312746][ T9535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1881'.
[  137.316579][ T9524] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  137.346685][ T9520] loop0: detected capacity change from 0 to 512
[  137.368908][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.381013][ T9520] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  137.436917][ T9527] loop5: detected capacity change from 0 to 512
[  137.444486][ T9520] EXT4-fs (loop0): invalid journal inode
[  137.451122][ T9527] EXT4-fs (loop5): 1 truncate cleaned up
[  137.457393][ T9527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.472262][ T9527] 9pnet_fd: Insufficient options for proto=fd
[  137.557211][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.584750][ T9556] loop0: detected capacity change from 0 to 128
[  137.618648][ T9556] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  137.637050][ T9556] bio_check_eod: 98 callbacks suppressed
[  137.637067][ T9556] syz.0.1887: attempt to access beyond end of device
[  137.637067][ T9556] loop0: rw=2049, sector=154, nr_sectors = 96 limit=128
[  137.658516][ T9556] syz.0.1887: attempt to access beyond end of device
[  137.658516][ T9556] loop0: rw=2049, sector=138, nr_sectors = 16 limit=128
[  137.730719][ T9570] loop4: detected capacity change from 0 to 128
[  137.752339][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1891'.
[  137.802317][ T9574] loop5: detected capacity change from 0 to 1024
[  137.809295][ T9576] loop4: detected capacity change from 0 to 512
[  137.817344][ T9576] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  137.827201][ T9574] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  137.837011][ T9574] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  137.851176][ T9574] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  137.864219][ T9574] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: inode #5: comm syz.5.1894: unexpected bad inode w/o EXT4_IGET_BAD
[  137.905865][ T9576] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  137.936070][ T9576] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1895: bg 0: block 248: padding at end of block bitmap is not set
[  137.937814][ T9574] EXT4-fs (loop5): no journal found
[  137.955722][ T9574] EXT4-fs (loop5): can't get journal size
[  137.960822][ T9576] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.1895: Failed to acquire dquot type 1
[  137.982072][ T9576] EXT4-fs (loop4): 1 truncate cleaned up
[  137.998972][ T9574] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  138.020570][ T9583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1897'.
[  138.064887][ T9587] netlink: 'syz.0.1898': attribute type 1 has an invalid length.
[  138.072890][ T9587] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1898'.
[  138.097384][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.146082][ T9576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  138.199492][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  138.208692][ T9594] loop0: detected capacity change from 0 to 512
[  138.208658][ T9592] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  138.225833][ T9578] loop2: detected capacity change from 0 to 512
[  138.237748][ T9578] EXT4-fs (loop2): 1 truncate cleaned up
[  138.247573][ T9594] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  138.255831][ T9578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.297677][ T9594] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  138.316049][ T9578] 9pnet_fd: Insufficient options for proto=fd
[  138.362998][ T9594] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1901: bg 0: block 248: padding at end of block bitmap is not set
[  138.405990][ T9594] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.1901: Failed to acquire dquot type 1
[  138.421468][ T9594] EXT4-fs (loop0): 1 truncate cleaned up
[  138.429799][ T9594] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  138.464739][ T9608] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  138.471386][ T9608] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  138.478829][ T9607] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(10)
[  138.485463][ T9607] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  138.492901][ T9608] vhci_hcd vhci_hcd.0: Device attached
[  138.492945][ T9607] vhci_hcd vhci_hcd.0: Device attached
[  138.507892][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.512088][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  138.518333][ T9614] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1907'.
[  138.552778][ T9618] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1909'.
[  138.571702][ T9610] vhci_hcd: connection closed
[  138.571887][ T2135] vhci_hcd: stop threads
[  138.580888][ T2135] vhci_hcd: release socket
[  138.584460][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1908'.
[  138.585362][ T2135] vhci_hcd: disconnect device
[  138.606359][ T9620] ALSA: seq fatal error: cannot create timer (-22)
[  138.618125][ T9611] vhci_hcd: connection closed
[  138.618320][ T2135] vhci_hcd: stop threads
[  138.627405][ T2135] vhci_hcd: release socket
[  138.631840][ T2135] vhci_hcd: disconnect device
[  138.765314][ T9643] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  138.843806][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1920'.
[  138.865379][ T9646] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1921'.
[  138.966278][ T9661] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1928'.
[  138.977914][ T9659] loop5: detected capacity change from 0 to 4096
[  138.988804][ T9659] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.006221][ T9659] batman_adv: batadv0: Adding interface: dummy0
[  139.011735][ T9664] loop0: detected capacity change from 0 to 1024
[  139.012594][ T9659] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  139.044257][ T9659] batman_adv: batadv0: Interface activated: dummy0
[  139.075137][ T9664] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  139.084950][ T9664] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  139.125004][ T9664] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  139.138458][ T9664] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: inode #5: comm syz.0.1929: unexpected bad inode w/o EXT4_IGET_BAD
[  139.152091][ T9664] EXT4-fs (loop0): no journal found
[  139.157404][ T9664] EXT4-fs (loop0): can't get journal size
[  139.167137][ T9664] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  139.186640][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.245146][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.341837][ T9679] support for the xor transformation has been removed.
[  139.551988][ T9696] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  139.637398][ T9700] loop4: detected capacity change from 0 to 1024
[  139.664805][ T9700] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  139.674601][ T9700] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  139.704665][ T9700] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  139.754870][ T9700] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: inode #5: comm syz.4.1943: unexpected bad inode w/o EXT4_IGET_BAD
[  139.774885][ T9700] EXT4-fs (loop4): no journal found
[  139.780111][ T9700] EXT4-fs (loop4): can't get journal size
[  139.789241][ T9700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  139.814613][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.347272][ T9743] loop2: detected capacity change from 0 to 256
[  140.419848][ T9743] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001)
[  140.585371][ T9757] loop4: detected capacity change from 0 to 512
[  140.615115][ T9757] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  140.623048][ T9757] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002]
[  140.631710][ T9757] EXT4-fs (loop4): orphan cleanup on readonly fs
[  140.638212][ T9757] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  140.652835][ T9757] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  140.664219][ T9757] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1970: bg 0: block 40: padding at end of block bitmap is not set
[  140.684778][ T9757] EXT4-fs (loop4): Remounting filesystem read-only
[  140.691574][ T9730] loop3: detected capacity change from 0 to 512
[  140.702003][ T9757] EXT4-fs (loop4): 1 truncate cleaned up
[  140.712327][ T9757] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  140.713152][ T9730] EXT4-fs (loop3): 1 truncate cleaned up
[  140.727092][ T9757] EXT4-fs (loop4): shut down requested (2)
[  140.756279][ T9730] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.757044][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.926141][ T9771] loop4: detected capacity change from 0 to 512
[  140.951253][ T9771] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  140.959987][ T9771] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  141.016125][ T9771] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.1973: Allocating blocks 41-42 which overlap fs metadata
[  141.030691][ T9771] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4193: comm syz.4.1973: Allocating blocks 41-42 which overlap fs metadata
[  141.045525][ T9771] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.1973: Failed to acquire dquot type 1
[  141.074485][ T9771] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  141.089808][ T9771] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #12: comm syz.4.1973: corrupted inode contents
[  141.108762][ T9778] loop0: detected capacity change from 0 to 1024
[  141.137505][ T9771] EXT4-fs error (device loop4): ext4_dirty_inode:6513: inode #12: comm syz.4.1973: mark_inode_dirty error
[  141.150192][ T9778] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  141.159956][ T9778] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  141.184201][ T9771] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #12: comm syz.4.1973: corrupted inode contents
[  141.222976][ T9771] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #12: comm syz.4.1973: mark_inode_dirty error
[  141.223278][ T9778] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  141.252956][ T9778] EXT4-fs (loop0): orphan cleanup on readonly fs
[  141.259558][ T9771] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #12: comm syz.4.1973: corrupted inode contents
[  141.263195][ T9778] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.1975: Inode bitmap for bg 0 marked uninitialized
[  141.295566][ T9771] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[  141.296077][ T9778] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  141.314375][ T9771] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #12: comm syz.4.1973: corrupted inode contents
[  141.340383][ T9771] EXT4-fs error (device loop4): ext4_truncate:4633: inode #12: comm syz.4.1973: mark_inode_dirty error
[  141.353963][ T9771] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[  141.362925][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.372535][ T9771] EXT4-fs (loop4): 1 truncate cleaned up
[  141.380075][ T9771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.439336][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.473952][ T9789] FAULT_INJECTION: forcing a failure.
[  141.473952][ T9789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.487101][ T9789] CPU: 0 UID: 0 PID: 9789 Comm: syz.3.1978 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  141.487192][ T9789] Tainted: [W]=WARN
[  141.487200][ T9789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  141.487213][ T9789] Call Trace:
[  141.487219][ T9789]  <TASK>
[  141.487226][ T9789]  __dump_stack+0x1d/0x30
[  141.487247][ T9789]  dump_stack_lvl+0xe8/0x140
[  141.487266][ T9789]  dump_stack+0x15/0x1b
[  141.487333][ T9789]  should_fail_ex+0x265/0x280
[  141.487365][ T9789]  should_fail+0xb/0x20
[  141.487401][ T9789]  should_fail_usercopy+0x1a/0x20
[  141.487433][ T9789]  strncpy_from_user+0x25/0x230
[  141.487480][ T9789]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  141.487505][ T9789]  __se_sys_memfd_create+0x1f6/0x5f0
[  141.487685][ T9789]  __x64_sys_memfd_create+0x31/0x40
[  141.487714][ T9789]  x64_sys_call+0x28cb/0x3000
[  141.487735][ T9789]  do_syscall_64+0xd8/0x2a0
[  141.487770][ T9789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.487914][ T9789] RIP: 0033:0x7f82ccc3f749
[  141.487928][ T9789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.487946][ T9789] RSP: 002b:00007f82cb6a6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  141.487969][ T9789] RAX: ffffffffffffffda RBX: 0000000000000545 RCX: 00007f82ccc3f749
[  141.487983][ T9789] RDX: 00007f82cb6a6ef0 RSI: 0000000000000000 RDI: 00007f82cccc4960
[  141.487994][ T9789] RBP: 0000200000001300 R08: 00007f82cb6a6bb7 R09: 00007f82cb6a6e40
[  141.488005][ T9789] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  141.488091][ T9789] R13: 00007f82cb6a6ef0 R14: 00007f82cb6a6eb0 R15: 00002000000001c0
[  141.488108][ T9789]  </TASK>
[  141.664190][   T29] kauditd_printk_skb: 323 callbacks suppressed
[  141.664206][   T29] audit: type=1400 audit(1764719660.901:6016): avc:  denied  { remount } for  pid=9770 comm="syz.4.1973" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  141.717297][ T3325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.749292][   T29] audit: type=1326 audit(1764719661.152:6017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.774001][   T29] audit: type=1326 audit(1764719661.182:6018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.797545][   T29] audit: type=1326 audit(1764719661.182:6019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.821016][   T29] audit: type=1326 audit(1764719661.182:6020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.845721][   T29] audit: type=1326 audit(1764719661.252:6021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.869174][   T29] audit: type=1326 audit(1764719661.252:6022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.896979][   T29] audit: type=1326 audit(1764719661.282:6023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.920487][   T29] audit: type=1326 audit(1764719661.282:6024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  141.943939][   T29] audit: type=1326 audit(1764719661.282:6025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9794 comm="syz.2.1984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18c523f749 code=0x7ffc0000
[  142.085428][ T9816] loop5: detected capacity change from 0 to 512
[  142.096193][ T9816] ext4: Unknown parameter 'obj_role'
[  142.640984][ T9839] loop0: detected capacity change from 0 to 256
[  142.703944][ T9834] __nla_validate_parse: 17 callbacks suppressed
[  142.704010][ T9834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1994'.
[  142.708962][ T9844] serio: Serial port ptm0
[  142.793308][ T9854] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2001'.
[  142.802743][ T9857] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  142.838046][ T9863] tmpfs: Bad value for 'mpol'
[  142.852567][ T9863] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9863 comm=syz.2.2004
[  142.869855][ T9867] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2006'.
[  142.880569][ T9865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2005'.
[  142.896210][ T9863] netlink: 'syz.2.2004': attribute type 16 has an invalid length.
[  142.904105][ T9863] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2004'.
[  142.972370][ T9867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2006'.
[  143.078786][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2012'.
[  143.153118][ T9877] 9pnet_fd: Insufficient options for proto=fd
[  143.240626][ T9885] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.2009'.
[  143.260289][ T9885] netlink: zone id is out of range
[  143.265484][ T9885] netlink: zone id is out of range
[  143.278333][ T9885] netlink: zone id is out of range
[  143.283600][ T9885] netlink: zone id is out of range
[  143.289066][ T9885] netlink: zone id is out of range
[  143.303790][ T9885] netlink: zone id is out of range
[  143.308945][ T9885] netlink: zone id is out of range
[  143.314163][ T9885] netlink: zone id is out of range
[  143.319330][ T9885] netlink: zone id is out of range
[  143.324519][ T9885] netlink: zone id is out of range
[  143.326610][ T2694] Bluetooth: hci0: Frame reassembly failed (-84)
[  143.354708][ T9901] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2020'.
[  143.452111][ T9903] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14 sclass=netlink_route_socket pid=9903 comm=syz.4.2021
[  143.468230][ T9903] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2021'.
[  143.478121][ T3512] IPVS: starting estimator thread 0...
[  143.501500][ T9907] ------------[ cut here ]------------
[  143.507053][ T9907] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x17, 0x10] s64=[0x17, 0x10] u32=[0x17, 0x10] s32=[0x17, 0x10] var_off=(0x10, 0x0)
[  143.523555][ T9907] WARNING: kernel/bpf/verifier.c:2721 at 0x0, CPU#1: syz.5.2022/9907
[  143.531691][ T9907] Modules linked in:
[  143.536126][ T9907] CPU: 1 UID: 0 PID: 9907 Comm: syz.5.2022 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  143.547552][ T9907] Tainted: [W]=WARN
[  143.551372][ T9907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  143.561533][ T9907] RIP: 0010:reg_bounds_sanity_check+0x27d/0x660
[  143.567957][ T9907] Code: 24 78 4c 8b 44 24 70 4c 8b 4c 24 60 41 ff 74 24 20 41 55 53 ff 74 24 68 ff 74 24 78 ff b4 24 90 00 00 00 ff b4 24 b0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 4c 8b ac 24 98 00 00 00 49 8d 85 80 06
[  143.587712][ T9907] RSP: 0018:ffffc900139a73a8 EFLAGS: 00010246
[  143.593817][ T9907] RAX: ffff88810230eda0 RBX: 0000000000000010 RCX: 0000000000000017
[  143.601817][ T9907] RDX: ffffffff865e3fad RSI: ffffffff865f7dd2 RDI: ffffffff86db2200
[  143.609856][ T9907] RBP: ffff8881031318b0 R08: 0000000000000010 R09: 0000000000000017
[  143.617879][ T9907] R10: 00000000000000d0 R11: 0000000000000002 R12: ffff888103131870
[  143.625975][ T9907] R13: 0000000000000010 R14: ffff8881031318bc R15: ffff8881031318a8
[  143.633998][ T9907] FS:  00007f12faf1f6c0(0000) GS:ffff8882aeef4000(0000) knlGS:0000000000000000
[  143.642995][ T9907] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  143.649620][ T9907] CR2: ffffffff93000000 CR3: 00000001306fa000 CR4: 00000000003506f0
[  143.657694][ T9907] DR0: fffffffffffffffe DR1: 0000000000000000 DR2: 0000000000000000
[  143.665798][ T9907] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  143.673880][ T9907] Call Trace:
[  143.673989][ T9905] IPVS: using max 2064 ests per chain, 103200 per kthread
[  143.677240][ T9907]  <TASK>
[  143.687320][ T9907]  reg_set_min_max+0x1eb/0x260
[  143.692117][ T9907]  check_cond_jmp_op+0x1370/0x19e0
[  143.697372][ T9907]  do_check+0x3314/0x80e0
[  143.701821][ T9907]  do_check_common+0xc42/0x1280
[  143.706731][ T9907]  bpf_check+0xaa74/0xd5f0
[  143.711165][ T9907]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  143.717252][ T9907]  ? pcpu_block_update+0x232/0x3b0
[  143.722400][ T9907]  ? _find_next_zero_bit+0x64/0xa0
[  143.727571][ T9907]  ? pcpu_block_update+0x24e/0x3b0
[  143.732829][ T9907]  ? pcpu_block_refresh_hint+0x157/0x170
[  143.738487][ T9907]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  143.744765][ T9907]  ? css_rstat_updated+0xb7/0x240
[  143.749828][ T9907]  ? __rcu_read_unlock+0x4f/0x70
[  143.754845][ T9907]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  143.760691][ T9907]  ? bpf_prog_alloc+0x5b/0x150
[  143.765536][ T9907]  ? pcpu_alloc_noprof+0xd29/0x1250
[  143.770767][ T9907]  ? should_fail_ex+0x30/0x280
[  143.775744][ T9907]  ? should_failslab+0x8c/0xb0
[  143.780529][ T9907]  ? __kmalloc_noprof+0x2a2/0x570
[  143.785615][ T9907]  ? security_bpf_prog_load+0x60/0x140
[  143.791103][ T9907]  ? selinux_bpf_prog_load+0xad/0xd0
[  143.796424][ T9907]  ? security_bpf_prog_load+0x9e/0x140
[  143.801914][ T9907]  bpf_prog_load+0xf6e/0x1100
[  143.806711][ T9907]  ? security_bpf+0x2b/0x90
[  143.811239][ T9907]  __sys_bpf+0x469/0x7c0
[  143.815594][ T9907]  __x64_sys_bpf+0x41/0x50
[  143.820077][ T9907]  x64_sys_call+0x28e1/0x3000
[  143.824939][ T9907]  do_syscall_64+0xd8/0x2a0
[  143.829495][ T9907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.835490][ T9907] RIP: 0033:0x7f12fc4bf749
[  143.839923][ T9907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.859604][ T9907] RSP: 002b:00007f12faf1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  143.861402][ T9921] loop3: detected capacity change from 0 to 8192
[  143.868077][ T9907] RAX: ffffffffffffffda RBX: 00007f12fc715fa0 RCX: 00007f12fc4bf749
[  143.868097][ T9907] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  143.875901][ T9921] msdos: Unknown parameter 'n�'
[  143.882425][ T9907] RBP: 00007f12fc543f91 R08: 0000000000000000 R09: 0000000000000000
[  143.882444][ T9907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  143.911409][ T9907] R13: 00007f12fc716038 R14: 00007f12fc715fa0 R15: 00007ffddddb7628
[  143.919475][ T9907]  </TASK>
[  143.922540][ T9907] ---[ end trace 0000000000000000 ]---
[  144.237525][ T9956] netlink: 'syz.2.2041': attribute type 2 has an invalid length.
[  144.665456][ T9993] loop4: detected capacity change from 0 to 128
[  144.674842][ T9993] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  144.727133][ T9993] ext4 filesystem being mounted at /433/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  144.799462][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0
[  144.884250][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  144.900277][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[  144.914908][ T3325] EXT4-fs error (device loop4): ext4_empty_dir:3080: inode #11: comm syz-executor: Directory block failed checksum
[  144.933521][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0
[  144.947794][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  144.968335][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[  145.003875][ T3325] EXT4-fs error (device loop4): ext4_empty_dir:3080: inode #11: comm syz-executor: Directory block failed checksum
[  145.016908][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 0
[  145.031479][ T3325] EXT4-fs error (device loop4): ext4_readdir:224: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[  145.186952][T10031] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  145.342875][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  145.443568][ T3325] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  145.453789][ T2694] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.494580][ T2694] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.550554][ T2694] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.588866][T10051] SELinux:  Context system_u:object_r:pam_console_exec_t:s0 is not valid (left unmapped).
[  145.601429][ T2694] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.679922][T10064] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  145.760210][ T2694] bridge_slave_1: left allmulticast mode
[  145.765928][ T2694] bridge_slave_1: left promiscuous mode
[  145.771688][ T2694] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.780092][ T2694] bridge_slave_0: left allmulticast mode
[  145.785855][ T2694] bridge_slave_0: left promiscuous mode
[  145.791823][ T2694] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.800590][ T2694] veth0_to_team: left allmulticast mode
[  145.806220][ T2694] veth0_to_team: left promiscuous mode
[  145.811886][ T2694] ��
: port 2(veth0_to_team) entered disabled state
[  145.820963][ T2694] gretap0: left allmulticast mode
[  145.826117][ T2694] gretap0: left promiscuous mode
[  145.831234][ T2694] ��
: port 1(gretap0) entered disabled state
[  145.994476][ T2694] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  146.005174][ T2694] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  146.015276][ T2694] bond0 (unregistering): Released all slaves
[  146.063494][ T2694] tipc: Disabling bearer <udp:syz0>
[  146.068758][ T2694] tipc: Left network mode
[  146.092790][T10049] chnl_net:caif_netlink_parms(): no params data found
[  146.156083][ T2694] hsr_slave_0: left promiscuous mode
[  146.167698][ T2694] hsr_slave_1: left promiscuous mode
[  146.175490][ T2694] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.182984][ T2694] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.190573][ T2694] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.198251][ T2694] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.216547][T10092] loop3: detected capacity change from 0 to 1024
[  146.224769][ T2694] veth1_macvtap: left promiscuous mode
[  146.230338][ T2694] veth0_macvtap: left promiscuous mode
[  146.236738][T10092] EXT4-fs: Ignoring removed orlov option
[  146.243621][ T2694] veth1_vlan: left promiscuous mode
[  146.249949][ T2694] veth0_vlan: left promiscuous mode
[  146.285050][T10092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.307927][T10092] xt_hashlimit: max too large, truncated to 1048576
[  146.414143][ T2694] team0 (unregistering): Port device team_slave_1 removed
[  146.427682][ T2694] team0 (unregistering): Port device team_slave_0 removed
[  146.479219][T10110] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  146.553100][T10049] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.560296][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.567983][T10049] bridge_slave_0: entered allmulticast mode
[  146.574803][T10049] bridge_slave_0: entered promiscuous mode
[  146.582197][T10049] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.589300][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.596775][T10049] bridge_slave_1: entered allmulticast mode
[  146.603379][T10049] bridge_slave_1: entered promiscuous mode
[  146.616927][T10118] netlink: 'syz.5.2099': attribute type 12 has an invalid length.
[  146.617147][T10116] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10116 comm=syz.2.2098
[  146.682417][T10049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.732648][T10131] loop2: detected capacity change from 0 to 512
[  146.736803][T10118] loop5: detected capacity change from 0 to 1024
[  146.756930][T10049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.760759][T10131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.786038][T10131] ext4 filesystem being mounted at /453/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.821523][T10118] EXT4-fs: inline encryption not supported
[  146.868160][T10049] team0: Port device team_slave_0 added
[  146.882200][T10118] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.896737][T10145] loop9: detected capacity change from 0 to 7
[  146.904176][T10049] team0: Port device team_slave_1 added
[  146.928095][T10145] buffer_io_error: 6 callbacks suppressed
[  146.928115][T10145] Buffer I/O error on dev loop9, logical block 0, async page read
[  146.950598][ T2694] IPVS: stop unused estimator thread 0...
[  146.958943][T10118] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.2099: Allocating blocks 385-513 which overlap fs metadata
[  146.974981][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.980151][T10049] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.990984][T10049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  147.016931][T10049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  147.029176][T10118] EXT4-fs (loop5): pa ffff8881075642a0: logic 16, phys. 129, len 24
[  147.037342][T10118] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[  147.048705][T10145] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.056568][T10145]  loop9: unable to read partition table
[  147.077279][T10118] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  147.089527][T10118] EXT4-fs (loop5): This should not happen!! Data will be lost
[  147.089527][T10118] 
[  147.091632][T10145] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  147.091632][T10145] 
) failed (rc=-5)
[  147.099412][T10118] EXT4-fs (loop5): Total free blocks count 0
[  147.114502][ T3303] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.118603][T10118] EXT4-fs (loop5): Free/Dirty block details
[  147.118617][T10118] EXT4-fs (loop5): free_blocks=128
[  147.118628][T10118] EXT4-fs (loop5): dirty_blocks=0
[  147.142828][T10118] EXT4-fs (loop5): Block reservation details
[  147.148822][T10118] EXT4-fs (loop5): i_reserved_data_blocks=0
[  147.157450][T10049] batman_adv: batadv0: Adding interface: batadv_slave_1
[  147.164591][T10049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  147.186254][T10147] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt.
[  147.191055][T10049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.209523][ T3303] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.232914][ T3303] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.241072][ T3303] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.249032][ T3303] Buffer I/O error on dev loop9, logical block 0, async page read
[  147.274341][T10156] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=10156 comm=syz.0.2106
[  147.293614][T10049] hsr_slave_0: entered promiscuous mode
[  147.308019][   T29] kauditd_printk_skb: 246 callbacks suppressed
[  147.308104][   T29] audit: type=1400 audit(1764719666.714:6272): avc:  denied  { create } for  pid=10155 comm="syz.0.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  147.335209][T10049] hsr_slave_1: entered promiscuous mode
[  147.348019][T10049] debugfs: 'hsr0' already exists in 'hsr'
[  147.353959][T10049] Cannot create hsr debugfs directory
[  147.372320][T10156] ip6tnl3: entered allmulticast mode
[  147.389595][   T29] audit: type=1400 audit(1764719666.794:6273): avc:  denied  { read } for  pid=10155 comm="syz.0.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  147.635527][T10049] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  147.651498][T10049] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  147.773325][T10049] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  147.813055][T10049] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  147.876273][T10049] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.899635][T10049] 8021q: adding VLAN 0 to HW filter on device team0
[  147.915119][ T1620] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.922398][ T1620] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.985993][ T1748] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.993122][ T1748] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.001617][   T29] audit: type=1326 audit(1764719667.395:6274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.025484][   T29] audit: type=1326 audit(1764719667.395:6275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.049044][   T29] audit: type=1326 audit(1764719667.395:6276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.072706][   T29] audit: type=1326 audit(1764719667.395:6277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.096311][   T29] audit: type=1326 audit(1764719667.395:6278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.119833][   T29] audit: type=1326 audit(1764719667.395:6279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.143283][   T29] audit: type=1326 audit(1764719667.395:6280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.166869][   T29] audit: type=1326 audit(1764719667.395:6281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10204 comm="syz.5.2113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f12fc4bf749 code=0x7ffc0000
[  148.192580][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.282929][T10210] __nla_validate_parse: 26 callbacks suppressed
[  148.282946][T10210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2114'.
[  148.401539][T10049] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.411529][T10221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2117'.
[  148.420241][T10224] netlink: 'syz.5.2118': attribute type 22 has an invalid length.
[  148.428406][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2118'.
[  148.439564][T10227] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2119'.
[  148.471784][ T1748] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  148.481583][T10224] netlink: 'syz.5.2118': attribute type 22 has an invalid length.
[  148.489426][T10224] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2118'.
[  148.503526][ T1748] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  148.524942][T10227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2119'.
[  148.556132][ T1748] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  148.593400][ T1748] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  148.601303][T10240] support for the xor transformation has been removed.
[  148.697099][T10256] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2126'.
[  148.724233][T10049] veth0_vlan: entered promiscuous mode
[  148.742304][T10049] veth1_vlan: entered promiscuous mode
[  148.773620][T10049] veth0_macvtap: entered promiscuous mode
[  148.785892][T10049] veth1_macvtap: entered promiscuous mode
[  148.807569][T10049] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.822952][T10049] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.834720][ T1748] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.863903][ T1748] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.877975][T10268] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  148.900610][ T1748] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.919117][ T1748] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.943752][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2131'.
[  149.021141][T10277] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2132'.
[  149.038618][T10277] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2132'.
[  149.661360][T10311] loop6: detected capacity change from 0 to 512
[  149.704108][T10311] EXT4-fs: Ignoring removed nobh option
[  149.736658][T10311] EXT4-fs (loop6): orphan cleanup on readonly fs
[  149.796340][T10311] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  149.809504][T10311] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #15: comm syz.6.2145: corrupted inode contents
[  149.822082][T10311] EXT4-fs error (device loop6): ext4_dirty_inode:6513: inode #15: comm syz.6.2145: mark_inode_dirty error
[  149.834047][T10311] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #15: comm syz.6.2145: corrupted inode contents
[  149.846161][T10311] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2996: inode #15: comm syz.6.2145: mark_inode_dirty error
[  149.858827][T10311] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2999: inode #15: comm syz.6.2145: mark inode dirty (error -117)
[  149.872673][T10311] EXT4-fs warning (device loop6): ext4_evict_inode:273: xattr delete (err -117)
[  149.881936][T10311] EXT4-fs (loop6): 1 orphan inode deleted
[  149.888261][T10311] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  149.930318][T10325] loop3: detected capacity change from 0 to 128
[  150.008818][T10330] support for the xor transformation has been removed.
[  150.046527][T10333] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.145144][T10333] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.304567][T10339] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  150.421836][T10343] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  150.485878][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.570908][T10341] 9pnet_fd: Insufficient options for proto=fd
[  150.616945][T10341] net_ratelimit: 579 callbacks suppressed
[  150.616965][T10341] netlink: zone id is out of range
[  150.627937][T10341] netlink: zone id is out of range
[  150.645765][T10341] netlink: zone id is out of range
[  150.651000][T10341] netlink: zone id is out of range
[  150.666062][T10341] netlink: zone id is out of range
[  150.693559][ T1748] Bluetooth: hci1: Frame reassembly failed (-84)
[  150.694025][T10341] netlink: zone id is out of range
[  150.705374][T10341] netlink: zone id is out of range
[  150.710538][T10341] netlink: zone id is out of range
[  150.715694][T10341] netlink: zone id is out of range
[  150.720867][T10341] netlink: zone id is out of range
[  150.891546][T10369] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  150.933889][T10371] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10371 comm=syz.5.2168
[  151.108607][T10390] netlink: 'syz.6.2177': attribute type 12 has an invalid length.
[  151.123337][T10390] loop6: detected capacity change from 0 to 1024
[  151.131008][T10390] EXT4-fs: inline encryption not supported
[  151.150566][T10390] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.167070][T10390] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4193: comm syz.6.2177: Allocating blocks 385-513 which overlap fs metadata
[  151.182948][T10390] EXT4-fs (loop6): pa ffff888107564310: logic 16, phys. 129, len 24
[  151.191112][T10390] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8
[  151.201481][T10390] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  151.213758][T10390] EXT4-fs (loop6): This should not happen!! Data will be lost
[  151.213758][T10390] 
[  151.223474][T10390] EXT4-fs (loop6): Total free blocks count 0
[  151.229468][T10390] EXT4-fs (loop6): Free/Dirty block details
[  151.235462][T10390] EXT4-fs (loop6): free_blocks=128
[  151.240593][T10390] EXT4-fs (loop6): dirty_blocks=0
[  151.245661][T10390] EXT4-fs (loop6): Block reservation details
[  151.251659][T10390] EXT4-fs (loop6): i_reserved_data_blocks=0
[  151.263713][T10400] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt.
[  151.289766][T10402] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  151.376574][T10412] 9pnet_fd: Insufficient options for proto=fd
[  151.433321][T10416] loop5: detected capacity change from 0 to 512
[  151.450942][T10418] veth0: entered promiscuous mode
[  151.456191][T10416] EXT4-fs: Invalid want_extra_isize 2
[  151.746339][T10423] loop5: detected capacity change from 0 to 8192
[  152.034688][ T9899] Bluetooth: hci0: command 0x1003 tx timeout
[  152.040866][ T3616] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  152.353162][T10434] loop0: detected capacity change from 0 to 512
[  152.385558][T10434] EXT4-fs: Ignoring removed nobh option
[  152.419727][T10437] loop6: detected capacity change from 0 to 1024
[  152.428674][T10437] EXT4-fs: Ignoring removed orlov option
[  152.454622][T10437] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.466811][T10434] EXT4-fs (loop0): orphan cleanup on readonly fs
[  152.475983][T10434] EXT4-fs error (device loop0): ext4_do_update_inode:5628: inode #15: comm syz.0.2191: corrupted inode contents
[  152.495759][T10437] xt_hashlimit: max too large, truncated to 1048576
[  152.503970][T10434] EXT4-fs error (device loop0): ext4_dirty_inode:6513: inode #15: comm syz.0.2191: mark_inode_dirty error
[  152.531820][T10434] EXT4-fs error (device loop0): ext4_do_update_inode:5628: inode #15: comm syz.0.2191: corrupted inode contents
[  152.565972][T10434] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2996: inode #15: comm syz.0.2191: mark_inode_dirty error
[  152.593319][T10434] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2999: inode #15: comm syz.0.2191: mark inode dirty (error -117)
[  152.616840][T10434] EXT4-fs warning (device loop0): ext4_evict_inode:273: xattr delete (err -117)
[  152.635718][T10434] EXT4-fs (loop0): 1 orphan inode deleted
[  152.647729][T10434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  152.744713][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.889721][   T44] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  152.923533][   T29] kauditd_printk_skb: 214 callbacks suppressed
[  152.923553][   T29] audit: type=1326 audit(1764719672.144:6494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  152.964451][   T29] audit: type=1326 audit(1764719672.144:6495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  152.988150][   T29] audit: type=1326 audit(1764719672.144:6496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.011733][   T29] audit: type=1326 audit(1764719672.144:6497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.035259][   T29] audit: type=1326 audit(1764719672.144:6498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.058943][   T29] audit: type=1326 audit(1764719672.144:6499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.082547][   T29] audit: type=1326 audit(1764719672.144:6500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.106027][   T29] audit: type=1326 audit(1764719672.144:6501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.129707][   T29] audit: type=1326 audit(1764719672.144:6502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.153124][   T29] audit: type=1326 audit(1764719672.172:6503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10448 comm="syz.6.2197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  153.261748][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.354334][T10457] veth0: entered promiscuous mode
[  153.368766][T10457] veth0 (unregistering): left promiscuous mode
[  153.495519][T10468] loop5: detected capacity change from 0 to 512
[  153.510279][T10468] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  153.551229][T10468] EXT4-fs (loop5): 1 truncate cleaned up
[  153.587470][T10477] loop3: detected capacity change from 0 to 512
[  153.604146][T10468] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.655387][T10477] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.697736][T10477] ext4 filesystem being mounted at /377/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  153.729849][T10489] loop6: detected capacity change from 0 to 1024
[  153.792464][T10477] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #2: block 18: comm syz.3.2208: lblock 23 mapped to illegal pblock 18 (length 1)
[  153.793248][T10489] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.832656][T10501] __nla_validate_parse: 18 callbacks suppressed
[  153.832676][T10501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2212'.
[  153.863909][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.094327][T10528] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2218'.
[  154.134635][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.171504][T10535] loop2: detected capacity change from 0 to 512
[  154.192264][ T7296] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.250442][T10543] SELinux:  policydb version 975448081 does not match my version range 15-35
[  154.278149][T10543] SELinux: failed to load policy
[  154.335749][T10545] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  154.356314][T10557] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2226'.
[  154.405177][T10545] vhci_hcd: invalid port number 96
[  154.410462][T10545] vhci_hcd: default hub control req: 0500 vfffa i0060 l0
[  154.449238][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2224'.
[  154.460760][T10567] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  154.498117][T10577] loop6: detected capacity change from 0 to 512
[  154.677868][T10577] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.733497][T10577] ext4 filesystem being mounted at /35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  154.775078][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.782913][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.790659][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.798526][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.806291][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.814042][T10606] netlink: 'syz.5.2234': attribute type 1 has an invalid length.
[  154.833909][T10577] EXT4-fs error (device loop6): ext4_map_blocks:777: inode #2: block 18: comm syz.6.2231: lblock 23 mapped to illegal pblock 18 (length 1)
[  154.959874][T10632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2241'.
[  155.111312][T10652] FAULT_INJECTION: forcing a failure.
[  155.111312][T10652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.124524][T10652] CPU: 1 UID: 0 PID: 10652 Comm: syz.0.2249 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  155.124604][T10652] Tainted: [W]=WARN
[  155.124612][T10652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  155.124625][T10652] Call Trace:
[  155.124631][T10652]  <TASK>
[  155.124638][T10652]  __dump_stack+0x1d/0x30
[  155.124661][T10652]  dump_stack_lvl+0xe8/0x140
[  155.124680][T10652]  dump_stack+0x15/0x1b
[  155.124702][T10652]  should_fail_ex+0x265/0x280
[  155.124806][T10652]  should_fail+0xb/0x20
[  155.124831][T10652]  should_fail_usercopy+0x1a/0x20
[  155.124901][T10652]  _copy_from_user+0x1c/0xb0
[  155.124947][T10652]  __copy_msghdr+0x244/0x300
[  155.124988][T10652]  ___sys_sendmsg+0x109/0x1d0
[  155.125031][T10652]  __x64_sys_sendmsg+0xd4/0x160
[  155.125134][T10652]  x64_sys_call+0x17ba/0x3000
[  155.125225][T10652]  do_syscall_64+0xd8/0x2a0
[  155.125263][T10652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.125286][T10652] RIP: 0033:0x7fe7b9dcf749
[  155.125381][T10652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.125404][T10652] RSP: 002b:00007fe7b8837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.125424][T10652] RAX: ffffffffffffffda RBX: 00007fe7ba025fa0 RCX: 00007fe7b9dcf749
[  155.125435][T10652] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  155.125448][T10652] RBP: 00007fe7b8837090 R08: 0000000000000000 R09: 0000000000000000
[  155.125490][T10652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.125501][T10652] R13: 00007fe7ba026038 R14: 00007fe7ba025fa0 R15: 00007ffd19896348
[  155.125520][T10652]  </TASK>
[  155.321977][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.414440][T10666] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  155.478245][T10674] FAULT_INJECTION: forcing a failure.
[  155.478245][T10674] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.491582][T10674] CPU: 0 UID: 0 PID: 10674 Comm: syz.0.2259 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  155.491624][T10674] Tainted: [W]=WARN
[  155.491633][T10674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  155.491649][T10674] Call Trace:
[  155.491657][T10674]  <TASK>
[  155.491666][T10674]  __dump_stack+0x1d/0x30
[  155.491694][T10674]  dump_stack_lvl+0xe8/0x140
[  155.491750][T10674]  dump_stack+0x15/0x1b
[  155.491772][T10674]  should_fail_ex+0x265/0x280
[  155.491811][T10674]  should_fail+0xb/0x20
[  155.491845][T10674]  should_fail_usercopy+0x1a/0x20
[  155.491884][T10674]  _copy_from_user+0x1c/0xb0
[  155.491984][T10674]  __sys_bind+0x106/0x2a0
[  155.492038][T10674]  __x64_sys_bind+0x3f/0x50
[  155.492070][T10674]  x64_sys_call+0x2ceb/0x3000
[  155.492111][T10674]  do_syscall_64+0xd8/0x2a0
[  155.492148][T10674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.492176][T10674] RIP: 0033:0x7fe7b9dcf749
[  155.492203][T10674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.492224][T10674] RSP: 002b:00007fe7b8837038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  155.492248][T10674] RAX: ffffffffffffffda RBX: 00007fe7ba025fa0 RCX: 00007fe7b9dcf749
[  155.492263][T10674] RDX: 0000000000000006 RSI: 0000200000000140 RDI: 0000000000000008
[  155.492278][T10674] RBP: 00007fe7b8837090 R08: 0000000000000000 R09: 0000000000000000
[  155.492292][T10674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.492323][T10674] R13: 00007fe7ba026038 R14: 00007fe7ba025fa0 R15: 00007ffd19896348
[  155.492345][T10674]  </TASK>
[  155.504416][T10676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2260'.
[  155.592127][T10680] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2260'.
[  155.782310][ T2135] Bluetooth: hci0: Frame reassembly failed (-84)
[  155.877034][T10702] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  155.895418][T10700] loop5: detected capacity change from 0 to 128
[  155.950755][T10707] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2271'.
[  155.959860][T10707] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2271'.
[  155.968855][T10707] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2271'.
[  156.027650][T10707] bridge0: entered promiscuous mode
[  156.481377][T10776] syz.6.2298 (10776): /proc/10774/oom_adj is deprecated, please use /proc/10774/oom_score_adj instead.
[  156.493840][T10777] bridge_slave_0: left allmulticast mode
[  156.499532][T10777] bridge_slave_0: left promiscuous mode
[  156.505432][T10777] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.510422][T10776] loop6: detected capacity change from 0 to 1024
[  156.522750][T10777] bridge_slave_1: left allmulticast mode
[  156.528550][T10777] bridge_slave_1: left promiscuous mode
[  156.534519][T10777] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.544717][T10776] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  156.545124][T10777] $H�: (slave bond_slave_0): Releasing backup interface
[  156.564640][T10776] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.575697][T10777] bond_slave_0: left promiscuous mode
[  156.582763][T10777] $H�: (slave bond_slave_1): Releasing backup interface
[  156.590882][T10777] bond_slave_1: left promiscuous mode
[  156.597707][T10777] team0: Port device team_slave_0 removed
[  156.598730][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  156.613126][T10777] team0: Port device team_slave_1 removed
[  156.619413][T10777] net_ratelimit: 579 callbacks suppressed
[  156.619426][T10777] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  156.714406][T10791] pim6reg: tun_chr_ioctl cmd 2147767521
[  156.889717][T10811] FAULT_INJECTION: forcing a failure.
[  156.889717][T10811] name failslab, interval 1, probability 0, space 0, times 0
[  156.902773][T10811] CPU: 1 UID: 0 PID: 10811 Comm: syz.2.2308 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  156.902807][T10811] Tainted: [W]=WARN
[  156.902815][T10811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  156.902908][T10811] Call Trace:
[  156.902967][T10811]  <TASK>
[  156.902977][T10811]  __dump_stack+0x1d/0x30
[  156.903004][T10811]  dump_stack_lvl+0xe8/0x140
[  156.903072][T10811]  dump_stack+0x15/0x1b
[  156.903095][T10811]  should_fail_ex+0x265/0x280
[  156.903133][T10811]  should_failslab+0x8c/0xb0
[  156.903209][T10811]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  156.903237][T10811]  ? __alloc_skb+0x101/0x320
[  156.903269][T10811]  ? xa_load+0xb1/0xe0
[  156.903341][T10811]  __alloc_skb+0x101/0x320
[  156.903365][T10811]  ? radix_tree_lookup+0x117/0x140
[  156.903394][T10811]  netlink_ack+0xfd/0x500
[  156.903443][T10811]  ? obj_cgroup_charge_account+0x122/0x1a0
[  156.903482][T10811]  ? should_fail_ex+0x30/0x280
[  156.903518][T10811]  netlink_rcv_skb+0x192/0x220
[  156.903637][T10811]  ? __pfx_genl_rcv_msg+0x10/0x10
[  156.903665][T10811]  genl_rcv+0x28/0x40
[  156.903684][T10811]  netlink_unicast+0x5c0/0x690
[  156.903762][T10811]  netlink_sendmsg+0x58b/0x6b0
[  156.903794][T10811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.903822][T10811]  __sock_sendmsg+0x145/0x180
[  156.903852][T10811]  ____sys_sendmsg+0x31e/0x4a0
[  156.903882][T10811]  ___sys_sendmsg+0x17b/0x1d0
[  156.903932][T10811]  __x64_sys_sendmsg+0xd4/0x160
[  156.903981][T10811]  x64_sys_call+0x17ba/0x3000
[  156.904001][T10811]  do_syscall_64+0xd8/0x2a0
[  156.904065][T10811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.904083][T10811] RIP: 0033:0x7f18c523f749
[  156.904097][T10811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.904128][T10811] RSP: 002b:00007f18c3c86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.904146][T10811] RAX: ffffffffffffffda RBX: 00007f18c5496090 RCX: 00007f18c523f749
[  156.904157][T10811] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000006
[  156.904168][T10811] RBP: 00007f18c3c86090 R08: 0000000000000000 R09: 0000000000000000
[  156.904185][T10811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.904228][T10811] R13: 00007f18c5496128 R14: 00007f18c5496090 R15: 00007ffc9f02ca28
[  156.904246][T10811]  </TASK>
[  157.725091][T10821] tipc: Started in network mode
[  157.730106][T10821] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  157.737028][T10821] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  157.747530][T10821] tipc: Enabled bearer <udp:syz0>, priority 10
[  157.904394][T10834] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  157.942433][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  157.948536][ T3616] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  157.989873][T10838] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  158.248928][T10862] loop0: detected capacity change from 0 to 512
[  158.267903][T10862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.280750][T10862] ext4 filesystem being mounted at /454/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  158.306024][   T29] kauditd_printk_skb: 356 callbacks suppressed
[  158.306041][   T29] audit: type=1326 audit(1764719677.190:6860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.347219][   T29] audit: type=1326 audit(1764719677.190:6861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.370971][   T29] audit: type=1326 audit(1764719677.190:6862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.378643][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.394777][   T29] audit: type=1326 audit(1764719677.190:6863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.427133][   T29] audit: type=1326 audit(1764719677.190:6864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.450740][   T29] audit: type=1326 audit(1764719677.190:6865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.474420][   T29] audit: type=1326 audit(1764719677.190:6866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.475193][T10871] SELinux:  Context system_u:object_r:crash_device_t:s0 is not valid (left unmapped).
[  158.497953][   T29] audit: type=1326 audit(1764719677.190:6867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.531104][   T29] audit: type=1326 audit(1764719677.190:6868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.554785][   T29] audit: type=1326 audit(1764719677.190:6869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10859 comm="syz.6.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb9c9f749 code=0x7ffc0000
[  158.664080][T10878] veth0: entered promiscuous mode
[  158.686368][T10878] veth0 (unregistering): left promiscuous mode
[  158.946648][ T3512] tipc: Node number set to 1
[  159.051934][T10911] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  159.083383][T10905] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  159.102200][T10905] vhci_hcd: invalid port number 96
[  159.107462][T10905] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  159.198600][T10924] __nla_validate_parse: 24 callbacks suppressed
[  159.198618][T10924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2354'.
[  159.216941][T10923] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2352'.
[  159.240442][T10926] random: crng reseeded on system resumption
[  159.251391][T10926] Restarting kernel threads ...
[  159.256591][T10926] Done restarting kernel threads.
[  159.348399][T10923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2352'.
[  159.430633][T10937] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2360'.
[  159.446917][T10942] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  159.790909][T10964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2366'.
[  159.895598][T10967] loop3: detected capacity change from 0 to 8192
[  160.055552][T10981] support for the xor transformation has been removed.
[  160.590070][T11019] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  160.614441][T11022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2375'.
[  160.753957][T11028] xt_l2tp: v2 doesn't support IP mode
[  160.785463][T11028] loop6: detected capacity change from 0 to 1024
[  160.837743][T11028] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.878269][T10967] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2368'.
[  160.903585][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.009854][T11046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2381'.
[  161.108141][T11055] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2379'.
[  161.219272][T11046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2381'.
[  161.442243][T11074] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  161.577238][T11081] loop2: detected capacity change from 0 to 164
[  161.626839][T11081] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  161.688213][T11081] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  162.345545][T11099] loop2: detected capacity change from 0 to 512
[  162.384666][T11099] ext4: Unknown parameter 'permit_directio'
[  162.583327][T11106] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=11106 comm=syz.2.2399
[  163.327090][T11151] support for the xor transformation has been removed.
[  163.354592][T11152] loop6: detected capacity change from 0 to 512
[  163.400835][T11152] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  163.492882][T11152] EXT4-fs (loop6): 1 orphan inode deleted
[  163.499410][T11152] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.512157][ T1620] EXT4-fs error (device loop6): ext4_release_dquot:6981: comm kworker/u8:7: Failed to release dquot type 1
[  163.518925][T11150] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  163.531148][T11150] vhci_hcd: invalid port number 96
[  163.536309][T11150] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  163.543825][T11152] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  163.766885][   T29] kauditd_printk_skb: 1781 callbacks suppressed
[  163.766902][   T29] audit: type=1400 audit(1764719682.179:8650): avc:  denied  { read write } for  pid=7296 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  163.797350][   T29] audit: type=1400 audit(1764719682.179:8651): avc:  denied  { open } for  pid=7296 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  163.821531][   T29] audit: type=1400 audit(1764719682.179:8652): avc:  denied  { ioctl } for  pid=7296 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  163.847478][   T29] audit: type=1400 audit(1764719682.263:8653): avc:  denied  { prog_load } for  pid=11161 comm="syz.5.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  163.866934][   T29] audit: type=1400 audit(1764719682.263:8654): avc:  denied  { bpf } for  pid=11161 comm="syz.5.2420" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  163.887639][   T29] audit: type=1400 audit(1764719682.263:8655): avc:  denied  { perfmon } for  pid=11161 comm="syz.5.2420" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  163.979717][T10049] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.990427][   T29] audit: type=1400 audit(1764719682.300:8656): avc:  denied  { prog_load } for  pid=11161 comm="syz.5.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  164.009661][   T29] audit: type=1400 audit(1764719682.328:8657): avc:  denied  { bpf } for  pid=11161 comm="syz.5.2420" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  164.030303][   T29] audit: type=1400 audit(1764719682.328:8658): avc:  denied  { perfmon } for  pid=11161 comm="syz.5.2420" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  164.051349][   T29] audit: type=1400 audit(1764719682.328:8659): avc:  denied  { prog_run } for  pid=11161 comm="syz.5.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  164.367992][T11172] syzkaller1: entered promiscuous mode
[  164.373508][T11172] syzkaller1: entered allmulticast mode
[  164.733760][T11181] __nla_validate_parse: 9 callbacks suppressed
[  164.733778][T11181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2426'.
[  165.001580][T11203] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2432'.
[  165.045565][T11202] loop2: detected capacity change from 0 to 1024
[  165.088480][T11199] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2432'.
[  165.140196][T11199] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=11199 comm=syz.5.2432
[  165.294471][T11205] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  165.319727][T11205] vhci_hcd: invalid port number 96
[  165.324940][T11205] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  165.371757][T11216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2436'.
[  165.582439][T11231] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2441'.
[  165.605467][T11221] loop5: detected capacity change from 0 to 8192
[  165.658019][T11236] loop2: detected capacity change from 0 to 512
[  165.666897][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2441'.
[  165.762227][T11236] EXT4-fs (loop2): 1 orphan inode deleted
[  165.775235][ T2694] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 1
[  165.837920][T11236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.854018][ T3007] ==================================================================
[  165.862154][ T3007] BUG: KCSAN: data-race in atime_needs_update / inode_set_ctime_current
[  165.870511][ T3007] 
[  165.872843][ T3007] write to 0xffff88811af23b08 of 8 bytes by task 3588 on cpu 1:
[  165.880472][ T3007]  inode_set_ctime_current+0x524/0x760
[  165.885959][ T3007]  shmem_unlink+0x115/0x170
[  165.890488][ T3007]  vfs_unlink+0x28b/0x440
[  165.894828][ T3007]  do_unlinkat+0x1cd/0x4b0
[  165.899247][ T3007]  __x64_sys_unlink+0x2e/0x40
[  165.903935][ T3007]  x64_sys_call+0x2f48/0x3000
[  165.908617][ T3007]  do_syscall_64+0xd8/0x2a0
[  165.913133][ T3007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.919050][ T3007] 
[  165.921379][ T3007] read to 0xffff88811af23b08 of 8 bytes by task 3007 on cpu 0:
[  165.928924][ T3007]  atime_needs_update+0x2ef/0x3e0
[  165.933962][ T3007]  touch_atime+0x4a/0x340
[  165.938306][ T3007]  do_readlinkat+0x134/0x320
[  165.942914][ T3007]  __x64_sys_readlink+0x47/0x60
[  165.947777][ T3007]  x64_sys_call+0x2af1/0x3000
[  165.952463][ T3007]  do_syscall_64+0xd8/0x2a0
[  165.956979][ T3007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.962878][ T3007] 
[  165.965199][ T3007] value changed: 0x00000000692f7c43 -> 0x00000000692f7c44
[  165.972307][ T3007] 
[  165.974643][ T3007] Reported by Kernel Concurrency Sanitizer on:
[  165.980793][ T3007] CPU: 0 UID: 0 PID: 3007 Comm: udevd Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  165.991652][ T3007] Tainted: [W]=WARN
[  165.995457][ T3007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  166.005520][ T3007] ==================================================================
[  166.041331][T11236] ext4 filesystem being mounted at /531/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.106019][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.