last executing test programs:

9m28.376980978s ago: executing program 3 (id=520):
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110600", @ANYRES32, @ANYRESDEC=r0], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)

9m27.825365163s ago: executing program 3 (id=531):
syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0xc00)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100010000000000bb0700000100000a"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6018232500082c"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffc7, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x80}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0)
mq_open(&(0x7f0000000900)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00\xae|\x92/\x06\x81\xe2O \xd3\xb2O{b\x9e=M\x86\xc7{\x1c\x92\'\xe7\x0f\x18\x94B\x8d\x02\xfa\x864Lp\x10\xf83\xd1>_\xa6\xc2\xe3\xb0\xc6\x02S\xe1\xc0\xab\xd2\x92@\x1c\x9b\x01[3\x8e\xaf\x93\xcf7u\xef\xea\xf3\xcd\xffZ\x99O\x97\xc4\xe4\x8e7\xf2f', 0x2, 0x2c, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095", @ANYRES64=r6], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x20}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})

9m27.295363226s ago: executing program 3 (id=538):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x48, 0x8, 0xfe, 0x8}, {0x6, 0x0, 0x0, 0x8eb6}]})
write$ppp(r0, &(0x7f00000003c0)="138f", 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='afs_server\x00', r1, 0x0, 0x2000002400000034}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
socket$inet6(0xa, 0x3, 0x3c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
dup(r2)
epoll_create1(0x80000)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket$kcm(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket(0x28, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r3], 0x20)

9m26.717947443s ago: executing program 3 (id=542):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendfile(r1, r0, 0x0, 0x7ffff088)
io_uring_register$IORING_REGISTER_PROBE(r0, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x24)
rmdir(0x0)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb\xb8r~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x90\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8M$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xe1(\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xd5j*\xad\x18I\xcc\xe9\xaa{]\xef\xfb\xff\xff\xff\xff\xff\xff\xfft\xd0s\xc4\x04\xe0\xa1\xd2@\x06\xc2`H\xf7\xcc\xe3\xa0\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x00', 0x42, 0x0, 0x0)
perf_event_open(&(0x7f0000000580)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x80, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x5, 0x8}, 0x4e58, 0x5, 0x0, 0x4, 0x87, 0x9, 0xb, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0xfffffffffffffff0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffff72)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
creat(&(0x7f0000000100)='./file0\x00', 0x40)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
unlink(&(0x7f0000000180)='./file0\x00')
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2713, &(0x7f0000000580)=""/102393, &(0x7f0000000000)=0x18ff9)
close(r2)
syz_clone(0x800000, &(0x7f0000000000)="606403416b430cb3e85a5517fa2e1dcca50506aedd90b9b48eb47a8758a4eb74c8ec6b93cceb8b368ec8873ea6941d8ec5258950d2491da14c850e4b1f43a3fbfcc97350be040e9d2c59e86df11478dad596d3bcadd85918c055bd0e6df83886adb7a314f089718c7a4bc5db66d309c61f844507e064e9a0b05b383d27457c848d14f94919bf1f10ebc3a70272724f1c4e3472707f27237c2153cfbab05fec65145b7d2293363cb80edf847d7bdb24ff5c4f29c746fd18b35d050556d68ce9e430c9d30ac9507cd5", 0xc8, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="a2492d3dd8d68a2fa8e41ee75acfa9cf47a246d3256fa29f808af4a254f392f9ffa9f0c16a4331fa382e7de5b9cff4dc194c755daa8f7d93adae5a2f1be1b0db8d8b8b5b93e77f3dc1f55c43fe4194b92469dc6a13619609c7f8bd8b330344a06c1b2d9c29938440d5abbc910f3b9b0a2905ce")
r7 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
fcntl$dupfd(r7, 0x0, r7)

9m25.441544116s ago: executing program 3 (id=554):
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
pivot_root(&(0x7f0000000080)='./file0\x00', 0x0)

9m24.195479638s ago: executing program 3 (id=581):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000380), 0x1, r1}, 0x38) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_pgetevents(0x0, 0x5, 0x0, 0x0, 0x0, 0x0) (async)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) (async)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) (async)
sendto$inet(r4, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
shutdown(r4, 0x1)
recvfrom(r4, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
recvmmsg(r4, &(0x7f0000001240)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40010000, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0x0, 0x3}}, @TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000000)

9m24.160164251s ago: executing program 32 (id=581):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000380), 0x1, r1}, 0x38) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_pgetevents(0x0, 0x5, 0x0, 0x0, 0x0, 0x0) (async)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) (async)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) (async)
sendto$inet(r4, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
shutdown(r4, 0x1)
recvfrom(r4, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
recvmmsg(r4, &(0x7f0000001240)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40010000, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0x0, 0x3}}, @TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000000)

8m29.843833937s ago: executing program 2 (id=1431):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0xa0, 0xe000000000000000)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x96, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2, @perf_config_ext, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x108284, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000007c0)="ad237f1863d2d2d1a397e2a489c4ee1564e9eefdb4b79061470cc823e53d854435579529b39d744f960b8ed0bba79f9df628ff262afb11e4c03b500df2985e8f7a86f3ab28aa6e65dc1668e18aa4168755523a88d020c8955b46806d3f69f8112e948be32c675bd54ac2a8fae35dd71d00f06ab2cea8236060d1dcf3d1edf529357f70b8e066aaf93e5b32683568c00392ab3f0f8b1ac8a2ec51caacb1cc69306d814957a18b04bec4fae32726ae9013fe17948367ec6494080c4859841ebdb4d9237640caef0b7010d479", 0xcb}, {&(0x7f0000000d80)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a823d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91b1ae07c170a9c299fcf3d0ac4cea07e88", 0x386}], 0x2, 0x0, 0x0, 0x8004}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

8m29.746898055s ago: executing program 2 (id=1434):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

8m29.688786659s ago: executing program 2 (id=1439):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r1}, 0x18)
socket(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1}]}}]}, 0x40}}, 0x8000)
r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a40)={0x0, 0x0, 0x8}, 0xc)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b00)=@bpf_ext={0x1c, 0x19, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@generic={0x9, 0x8, 0x9, 0xff, 0x7}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000600)='syzkaller\x00', 0x1, 0x35, &(0x7f0000000640)=""/53, 0x100, 0x37, '\x00', r8, 0x0, r2, 0x8, &(0x7f0000000780)={0xa, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x5, 0x6, 0x2, 0xd}, 0x10, 0x432c, r6, 0x2, &(0x7f0000000a80)=[0xffffffffffffffff, r2, r9, r7, 0xffffffffffffffff, r0, r6, r2], &(0x7f0000000ac0)=[{0x0, 0x2, 0xe, 0xb}, {0x4, 0x1, 0x4, 0x7}], 0x10, 0xffff}, 0x94)
creat(0x0, 0x36)

8m29.633131864s ago: executing program 2 (id=1442):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYRESDEC=r1], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
unshare(0x40000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x88, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x44, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xe41f}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x20050800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r8, 0x0, 0x7}, 0x18)
r9 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200))
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000040), 0x208e24b)
prctl$PR_SET_SECCOMP(0xd, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)

8m28.528437634s ago: executing program 2 (id=1462):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0xa0, 0xe000000000000000)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x96, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2, @perf_config_ext, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x26}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000007c0)="ad237f1863d2d2d1a397e2a489c4ee1564e9eefdb4b79061470cc823e53d854435579529b39d744f960b8ed0bba79f9df628ff262afb11e4c03b500df2985e8f7a86f3ab28aa6e65dc1668e18aa4168755523a88d020c8955b46806d3f69f8112e948be32c675bd54ac2a8fae35dd71d00f06ab2cea8236060d1dcf3d1edf529357f70b8e066aaf93e5b32683568c00392ab3f0f8b1ac8a2ec51caacb1cc69306d814957a18b04bec4fae32726ae9013fe17948367ec6494080c4859841ebdb4d9237640caef0b7010d479", 0xcb}, {&(0x7f0000000d80)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a823d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91b1ae07c170a9c299fcf3d0ac4cea07e88", 0x386}], 0x2, 0x0, 0x0, 0x8004}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)

8m27.697849501s ago: executing program 2 (id=1475):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x3}, {0x0}, &(0x7f0000001b40)=[{&(0x7f0000000140)=""/86, 0x56}], 0x1}}], 0x48}, 0x0)

8m27.694519032s ago: executing program 33 (id=1475):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x3}, {0x0}, &(0x7f0000001b40)=[{&(0x7f0000000140)=""/86, 0x56}], 0x1}}], 0x48}, 0x0)

1m36.546422181s ago: executing program 1 (id=5790):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff00000085"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1900)

1m36.495151595s ago: executing program 1 (id=5792):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x11, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r6, &(0x7f0000000280)=ANY=[], 0x5)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0x5, 0x0, 0x700, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}]}, 0x28}, 0x1, 0x7}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800004b80bf65247783d299"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0xc0f00, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r9}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r10, &(0x7f0000000200)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x90}}, 0x24000000)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r13}, 0x10)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)

1m36.484719746s ago: executing program 1 (id=5795):
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
socket$packet(0x11, 0x2, 0x300)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, r1, 0x2f, 0x0, @void}, 0x10)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)

1m36.450357659s ago: executing program 1 (id=5797):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
prctl$PR_SVE_SET_VL(0x32, 0x13782)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000740)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[], 0x5, 0x7fd, &(0x7f0000000840)="$eJzs3U1oHPfZAPBnZMmRlfc1Ie+LX2NsZ+LkBRscZSU7CiKFZLMayZOsdsXuKtiEkphaDsZyE+IGah/q+JLS0hJ66jHJoZf2VHppKbTQHtpTob32Fgj0kLS0t5aAyszs2pL14S/FNunvJ6z5eub/f+av9TwaSTMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAkjZlabSKJZt5aPJlurjHTac9vsX3Q3q/XTLboNyIp/sXoaOytVu393+ub9xSfDsX+aml/jBaT0bj88J5Hnvuf4aHB/lsktN2GN1p58dLl86eXl5fevpUWRrY9p+3y3V+uWfzRWNziyM5lrbzbzufrc1mad9vp9NRU7ekTs910Nm9m3VPdXjafNjpZvdfupIcbR9KJ6eljaTZ+qr3YmpupN7N0uFr57FOTtdpU+tL4QlbvdNutp18a7zZO5M1m3pordyw2FzHPFi/El/Ne2svq82l69tzy0rG1Ke1al2QRNLFmzecrq5f2P/nIJ+98/I9zS5M3O9zJ2uTkxMTk5MRUEhG12vD1Fc9MP/NsrTZcu0Gsi7inL1oeQNt8Boc7N9Sv/9GMPFqxGCcj3fCjETPRiXbMx/UX8OrtfYP6//9P//UPW/X7/qr6X1X5of17r2/eF2X9P1gtHdys/ld973xok5y/qI/SV4pPF+NSXI7zcTqWYzmW4u0vpL9k+9oa2t7M5iKLVuTRjXbkMR/1ck3aX5PGdEzFVNTitTgRs9GNNGYjj2Zk0Y1T0Y1eZOUrqhGdyKIevWhHJ9I4HI04EmlMxHRMx7FII4vxOBXtWIxWzMVM1MtWzsa5ctyP3ZDXnm+9/os3/vjJB+VXaxA0sdUQvxtRBv19i6B1xVz957ZFxG+37wQOd2FlUP8BAACAL62k/Ol7cf0/EgfKudm8mb26JubVz27ca7j49O49TBMAAAC4C+Vv/vdHUs3EgUiK6//a2qCfjJSTh+5DfgAAAMDdS8p77IqL/7F4rJob3C5Vu9+5AQAAANuj/LX/wWIyFnGlXOH6HwAAAL5kXvlZf+bGZ+x/PHjG7tDCQ8mv/hadzkhy/MOTTyYX6kVc/cKOar/+5JVrLfZm9w3uJqjamhq+/HCxPNzI9ieDBwV/3r+ZoHq0wL7ha7uvzeOFXdXaJEmKBK4ubJpArElgd/8oriVQLsX34vEq5vEz1fTMYEt1tGOzeTMbb7Sbz01Evb57qJed7L3z9XPfjPLwv9Oa353E2XPLS+Nfe3P5TJnL1aKVqxf6x7vuOYpb5LIyuJ3iwPqnGxdNjZQ3YvT7Hav6ra0+/qGLu4uZoRvHYIs+34tD/1XGHBqrYsfWHv9o0efE+GZHP1Yd38S6Ix9e/8KqsjjVXyqyuHb7yHvxRDXzxOEnqskGWUxulUUxFpOrs6jGLIZuY/w3ySIeiYgPHr9y8sBoRHbsZlkcu8ssAO6Xs+VTf4oqVJ2eqyr0r5VKUf87nZGdsabuVDvc6lkuKXu5yTv5jBSn/luq7v9c2eKMfriKOVx9PzG8b4O6UtvgjP7Wubd+1z+jH//xDz/86sHf//SO6/roIGTXYObR3zw8FGUWu/pZXO5v6Ywk379WSaqq+lGx/qNN++02J5NiCHd848JbsefipctPnbtw+o2lN5Z2RsRU7Xit9kyS9L94K+V3DGoPABs4FAerQr7pe+xs8i485TcAZURyfKur6h2RPHrtTwqKmvhmLMeZOFrebRARj23c79iqP0M4Gof6yW581Tq26h1ejm50VXclrsUWdbKKndw4dsN2j60asf/7wRf59QCAe+HQTerwpvX/ekRy9CbX3Wtr+ZEq9sggg81reUQ8f29HAwD+M2Sdz5Kx3reTTidfeG1ienqi3juRpZ124+W0k8/MZWne6mWdGK635rJ0odPutRvtZjHzSj6TddPu4sJCu9NLZ9uddKHdzU+W7/ye9t/6vZvN11u9vNFdaGb1bpY22q1evdFLZ/JuI11YfLGZd09knXLn7kLWyGfzRr2Xt1tpt73YaWTjadrNslWB+UzW6uWzeTHbShc6+Xy9czUimovzWTqTdRudfKHXrhoc9JW3Ztud+bLZv+y+36MNAA+Gi5cunz+9vLz09p3N/PlWgjfvfXTkXh4rAFC5XqU//e8bt/nhOwAAAAAAAAAAAAAAPBju8v6/9TO7trfB0a1iVq5ErN+UrKys3EYXu+ImMTurkdoR2ztQ92Tm6ra0MxQbjfODM5Nsvun1558/v9nuL17Ze+LWurjp/5ThiOjf6vrupzt//n616YU7Opyh29/rTxFxB32tJFvE3OcTEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABs4N8BAAD//2uxZPA=")
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0)
fcntl$dupfd(r1, 0x0, r0)
write$cgroup_int(r2, &(0x7f0000000000)=0x800, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000001c0)='kyber_latency\x00', r3}, 0x18)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_FREE(r4, 0x3305)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r6)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r6, &(0x7f0000000380)={0x0, 0x2b, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r7, 0x701}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x10, 0x0, 0x0, 0x200, 0x18022, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}, 0x0, 0xfffffffffffffffe, 0xfffffffe, 0x9, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

1m36.266202664s ago: executing program 1 (id=5799):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffffc0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)

1m36.002412995s ago: executing program 1 (id=5808):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

1m36.001934725s ago: executing program 34 (id=5808):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

4.55173418s ago: executing program 4 (id=7748):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x11, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r6, &(0x7f0000000280)=ANY=[], 0x5)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0x5, 0x0, 0x700, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}]}, 0x28}, 0x1, 0x7}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800004b80bf65247783d299000000000000000000020000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0xc0f00, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r9}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r10 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r10, &(0x7f0000000200)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x90}}, 0x24000000)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r13}, 0x10)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffc, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)

4.505202624s ago: executing program 4 (id=7749):
creat(&(0x7f00000000c0)='./file0\x00', 0x9c)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41cacbf4a5"], 0x8, 0x0)

4.418485871s ago: executing program 4 (id=7750):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20048000}, 0x40010)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x500, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='btrfs_space_reservation\x00', r2, 0x0, 0x3}, 0x18)
writev(r3, &(0x7f00000004c0)=[{&(0x7f0000000200)="65e2848c71c5410ed4e56f5f4f1612d8b9e377daeec5ee318ade4115cdc5567c7d83cf78618e5bd51acc78855dfd05faec617b42d8572f2d2a5862ffbb16e3e4e3d59629d2a049530fdf05f89d9177bd5163ae5ceeb1ab55d2056b4dcd6a1953d502bb7d7540e13e4483d941134c78652759140445", 0x75}, {&(0x7f0000000280)="a718791533171724da02e08d6f166b97b6103f6d9d60e190c7e813dbacb457859f031549559eb1e001164893fca98d1fe13fec215b0b8a5a277f662a5fe7e38f2852cafc2df2ceb4869ac1423491b7b15015ac680a10156c9ed7e09d65c6c58531b9e33315f5", 0x66}, {&(0x7f0000000300)="7dbd178f98daa9a4b7b3d425369204519212b8bda569dea847c238cce20a755a3ba4118338dda5670b1c", 0x2a}, {&(0x7f0000000340)="97ab43b9f2e78fdd6abd3f2fdb95f9f66fd9db13117fefc27d07572b7e", 0x1d}, {&(0x7f0000000380)="161b38bf32868e2207b0c52d774180a0ea6000be4d2a72a9cefab3d291aa335b0733536c100d", 0x26}, {&(0x7f00000003c0)="809055090cf12408c5b9ebbed55668edc741a396fb2286b23bb3b62ee07dca56f457e5bf9b741fe73ba7fbcbfc1f2e6f55b21d2081f0483cf12d10c4326636e93170c84a9ecd1671e288dbeabd2ef418f0a73f1656cfbe8a37f605f38e433bb2300e6d692e97247ecdc9b04a7734e9cab706a550bb1e0032db2c293119e37194b81372799391c8813d49ad2cc4a7517afcf2a75c903d9b614a9b72aefe6ac319d2ac11531a260dc2ff8e04d47b3c3fb82db01afb3939fc5ddb4ee55cd71a0b69e0465496a138b63ff3ca652a05fb80d2051671f1eade25bfcc48500375468da0bf710a115c2dffdec78daa6571e974897ffbeb87f86d870e31e2a3", 0xfb}], 0x6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000580)={0xffffffffffffffff, r3, 0x0, 0x18, &(0x7f0000000540)='btrfs_space_reservation\x00', <r4=>0x0}, 0x30)
r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0)={r4}, 0x4)
ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000600)={0x1, 0x8})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000680)={0x4, &(0x7f0000000640)=[{0xeda0, 0x3, 0x9, 0x800}, {0x8, 0x7, 0xbe, 0x2d}, {0x3, 0xe1, 0x1, 0x6}, {0xe9, 0x1, 0xaf, 0xfffffff9}]})
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, r1, 0x300, 0x70bd29, 0x25dfdbfe, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x44)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r6, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x40, r7, 0x8, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010100}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x4800)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000940)={'wpan4\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000980)={'wpan0\x00', <r9=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000009c0)={'wpan1\x00', <r10=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x54, r1, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r9}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r10}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
connect$inet6(r2, &(0x7f0000000b00)={0xa, 0x4e22, 0x80000001, @loopback, 0x2}, 0x1c)
close_range(r5, r2, 0x0)
write$cgroup_int(r2, &(0x7f0000000b40)=0x9, 0x12)
fcntl$getownex(r3, 0x10, &(0x7f0000000c00)={0x0, <r11=>0x0})
perf_event_open(&(0x7f0000000b80)={0x842dd4dd3f4914ad, 0x80, 0x0, 0x8b, 0x56, 0x9, 0x0, 0x7, 0x14009, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x6, 0x1}, 0xd0, 0x5, 0x402d, 0x2, 0x9, 0x101, 0x400, 0x0, 0xff, 0x0, 0xffff}, r11, 0x10, r3, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000000c80)={0x2, 0x7fff, 0xa, &(0x7f0000000c40)=""/10})
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000d00), r0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000e00)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x48, r12, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x48}}, 0x21)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r13, 0x8933, &(0x7f0000000e40)={'wpan1\x00'})
r14 = timerfd_create(0x7, 0x0)
fsetxattr$system_posix_acl(r14, &(0x7f0000000e80)='system.posix_acl_default\x00', &(0x7f0000001480)={{}, {0x1, 0x3}, [{}, {}, {0x2, 0x4}, {}, {0x2, 0x3}, {0x2, 0x4}, {0x2, 0x1}], {}, [{0x8, 0x7}], {0x10, 0x3}, {0x20, 0x5}}, 0x64, 0x1)

4.386039424s ago: executing program 4 (id=7751):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T")

3.93368868s ago: executing program 4 (id=7757):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r1 = syz_io_uring_setup(0x709a, 0x0, 0x0, &(0x7f0000000440)=<r2=>0x0)
r3 = fcntl$dupfd(r0, 0x406, r1)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000180)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, r4})
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x303, 0x3a}, "c4d65ab71f5ef2fe", "9e8ecc7bb5352776725e104757e7dc25c6519a85ef828f711330ff2bb17b5508", "dc5db43f", "80031f0000000200"}, 0x38)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYRES64=r4, @ANYRESOCT=r2, @ANYRESOCT=r3, @ANYRESDEC=r3, @ANYRES8=r4, @ANYRES16=r1], 0x48)
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x36, 0x1, 0x0, 0x5, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x4, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x7, 0xb, 0x0, 0x8, 0x0, 0x2}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newtaction={0x1168, 0x30, 0x871a15abc695fb3d, 0x0, 0x80000, {}, [{0x1154, 0x1, [@m_pedit={0x1150, 0xa, 0x0, 0x0, {{0xa}, {0x1050, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0xdc, 0x5, 0x0, 0x1, [{0x24, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x3c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_KEYS_EX={0xa8, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x3c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}]}, {0x54, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}]}, @TCA_PEDIT_KEYS_EX={0x88, 0x5, 0x0, 0x1, [{0x4}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}, {0x4c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}]}]}, @TCA_PEDIT_KEYS_EX={0x20, 0x5, 0x0, 0x1, [{0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x12000, 0x10, 0x5, 0x800}, 0x7, 0x6}, [{0x1, 0x10, 0x0, 0x8b8, 0xdf6}, {0x6, 0x0, 0x7, 0x2, 0x3, 0x87}, {0x5, 0x4, 0x5, 0x0, 0x4, 0x800}, {0x9, 0x2, 0x4, 0x2, 0x1, 0x6}, {0x7, 0xffffbc5f, 0xfffff998, 0x58000000, 0x7, 0x9c}, {0x4, 0x401, 0x4, 0x7, 0x6, 0x6}, {0xc, 0x5, 0x3, 0x3a, 0x1, 0x9}, {0x800, 0x5, 0x3, 0x400, 0x5, 0x7}, {0xe20e, 0xfddf, 0xef5b, 0x8, 0xffffffff, 0x4}, {0xd, 0x0, 0x5, 0x8000, 0x2b9, 0xda}, {0xfa34, 0x0, 0x8, 0x8, 0x2, 0x6}, {0x40, 0x1e, 0x2, 0x11400000, 0x5b0d3cf1, 0x10000}, {0x8, 0xf, 0x401, 0x3, 0x4, 0x3}, {0x69fe, 0x0, 0x3, 0x7fff, 0x9, 0x9}, {0x7, 0xc, 0x0, 0x99, 0x0, 0x8}, {0x10001, 0x7, 0x3, 0x2, 0x7, 0x7}, {0x4876, 0xa, 0xa, 0x400, 0x5, 0x8}, {0xf, 0x7, 0x0, 0x6, 0x6, 0xfffffffd}, {0x3, 0x5, 0x5, 0x1, 0x0, 0xf2cc}, {0x1, 0x1, 0x4, 0xfe, 0x5, 0x96}, {0x100, 0x7, 0x9, 0x6, 0x3, 0x9}, {0x1, 0x4, 0x101, 0x3, 0x10000, 0xfffffffa}, {0x80, 0x6, 0x6, 0xc48, 0x0, 0x53}, {0x1, 0x5, 0x1000, 0x95, 0xf, 0xfffffded}, {0x3, 0x5, 0x2, 0x7, 0x10, 0x80000000}, {0x9, 0xea, 0x6, 0x101, 0xffffffff, 0x1}, {0x8, 0x7fffffff, 0xfffffffe, 0x6, 0x0, 0x8ef1}, {0x400, 0x10, 0x6, 0x80, 0x4, 0x9}, {0x1, 0x8000, 0x6, 0x362, 0x8, 0xe0}, {0x8, 0x4, 0xd3, 0x6, 0x9, 0x8}, {0x8, 0x405, 0x7ff, 0x9, 0x9826, 0xfff}, {0x8, 0x7, 0x10007, 0x5, 0x2, 0xc}, {0x5, 0x6, 0x6, 0x7, 0xf, 0xe}, {0x3, 0x7, 0xffff6eab, 0x1000, 0x7, 0x20000}, {0xfffffffd, 0x1, 0x100, 0x7fff, 0x7, 0x66e}, {0x8, 0x5, 0x1, 0x6, 0x7, 0x7}, {0x2dba, 0x5, 0x1ff, 0xffffffff, 0xfffffeff, 0x2}, {0x4, 0x1, 0x1, 0xe, 0x5d, 0x8}, {0x4, 0x5, 0x7, 0x4, 0x6, 0x8000}, {0x800, 0x7, 0x9, 0xa, 0x1, 0x10000}, {0x1, 0xf4c9, 0x2, 0x0, 0x40, 0x4}, {0x1, 0x9, 0xd1f0, 0x761, 0x6, 0x4}, {0x8, 0x5, 0x0, 0x7ff, 0x0, 0x10001}, {0x5, 0x9, 0x0, 0x200, 0x5, 0x9e89}, {0x3, 0x3ff, 0xffffffc9, 0x0, 0xb, 0x4}, {0xfffff800, 0x5, 0x3, 0x6, 0x3, 0x8}, {0xffffffff, 0x2, 0x6, 0x36166412, 0x6579}, {0x4, 0x101, 0x9, 0x7, 0x4, 0x3}, {0x3, 0x6, 0xf, 0x0, 0x1, 0x1}, {0x9, 0x7, 0x100, 0x81, 0x80}, {0x5, 0x9c4d, 0x10000, 0x7, 0xd8, 0x9}, {0x1ff, 0xc, 0x1, 0x8, 0x3, 0x7}, {0x1, 0x1, 0x380, 0x2, 0xfff, 0x8}, {0x6, 0xa2d, 0x60, 0x8, 0x7fff, 0x5}, {0x5, 0x63, 0x3, 0x7, 0x4, 0x6}, {0xfff, 0xa54, 0x7, 0x5, 0x9, 0xc963}, {0x17, 0x10c2, 0x7, 0xf, 0x1, 0x2}, {0x120000, 0x564, 0x4, 0x5, 0xe, 0x10}, {0x25f, 0x6f5, 0x7, 0xff, 0xaaf, 0x8000}, {0x2, 0x6, 0x6, 0x9, 0x8, 0x1}, {0x0, 0x6, 0x8, 0x9, 0x9889, 0x11}, {0x11a, 0x5, 0xfff, 0x2, 0xb, 0x1}, {0xfff, 0xe500, 0x84ff, 0x1, 0x80000001, 0x3}, {0x260, 0x8, 0x30, 0xe6cd, 0x7ff, 0xa}, {0x6, 0x39c, 0xe3, 0x0, 0x5, 0x8}, {0x7fff, 0x95, 0xa0, 0x7, 0x9, 0x5}, {0xffffff81, 0x0, 0x6c4, 0x4, 0x7, 0x7}, {0xc, 0x3ff, 0x8, 0x76, 0x8fc6, 0x100}, {0x5, 0xff, 0x9, 0x8, 0xfffffffb, 0x4}, {0x5, 0xf, 0x10000, 0x8000000, 0x4}, {0x10001, 0x3, 0x3, 0x9f66, 0xffffffff, 0x7}, {0x7fffffff, 0x7f, 0x800, 0xffffffff, 0x0, 0x3}, {0x1000, 0x0, 0x100, 0x8, 0xff1, 0x2}, {0x401, 0x0, 0xfffffff7, 0x8, 0xfffffff8, 0x6}, {0x4, 0x6, 0x3, 0x200, 0x0, 0x5}, {0x4, 0x2, 0x5, 0x8, 0x1, 0x5}, {0x101, 0x8, 0x5, 0x2, 0x0, 0x1}, {0x1, 0x74c, 0xa, 0x1ff, 0x5, 0x5}, {0x5, 0xfffffffc, 0x9, 0x6, 0xe, 0xfffffffd}, {0x10, 0x7fffffff, 0x5, 0x6b1, 0x2, 0x1}, {0x5, 0x4, 0x8, 0x6, 0x7, 0x3}, {0x38f, 0x4, 0x5da, 0x57, 0x3, 0x88b8}, {0x7, 0x10000, 0x4, 0x901, 0x10001, 0x4}, {0x1000004, 0xff, 0xffffffff, 0x6, 0x291, 0x4}, {0x1, 0x7fffffff, 0x4, 0x1, 0x6, 0x3}, {0xec7, 0xd7, 0x5f8b, 0x8, 0x6, 0x6}, {0xb, 0x3, 0x4, 0x3, 0x4}, {0x10001, 0x3, 0x15a0, 0x7ff, 0x64, 0x7}, {0xa, 0xe49, 0x0, 0x3, 0x80000001, 0x7fff}, {0xc, 0x9, 0x6, 0x8, 0x6, 0x5}, {0x40, 0x421a, 0x4, 0x5, 0x1000, 0x1}, {0x10001, 0xfffffff9, 0xffffff00, 0x0, 0x3ff, 0x727d}, {0x0, 0x5, 0x5, 0xfff, 0x40, 0x10000}, {0x8001, 0xb, 0x10, 0x8000, 0x80000001, 0x9}, {0x100, 0x3, 0x0, 0x80000000, 0x1, 0xebb}, {0x3, 0x6, 0xd, 0x3, 0xf, 0x8}, {0x2, 0x7fffffff, 0x8, 0x0, 0x8001, 0x3}, {0xa47, 0xc, 0x100, 0x79e63501, 0x7ff, 0x4}, {0x7a7, 0x7, 0xfffff218, 0xbc5, 0x5}, {0x0, 0x10, 0xb224, 0x5, 0x10, 0x10}, {0x9, 0xe, 0x9, 0x1, 0x1, 0x401}, {0xe25, 0xffffffff, 0xa76, 0x2, 0x5, 0x7}, {0x1, 0x2, 0x0, 0x897, 0x7, 0x80000001}, {0x1, 0x4, 0x100, 0x5, 0x8, 0x3ada}, {0x7, 0xf7, 0x101, 0x7ff, 0x7, 0x1}, {0xfffffff8, 0x9, 0x73, 0x1, 0x2, 0x22ae6a3f}, {0x8, 0x0, 0x1, 0x3, 0x0, 0x80}, {0x8, 0x8, 0x4, 0x7fffffff, 0x9}, {0x8, 0xadf4, 0xe, 0x0, 0x6, 0x77}, {0x1, 0x2, 0x6, 0x87e, 0xffffffff, 0x4}, {0x8, 0x3, 0x3, 0x9, 0x1, 0x8}, {0x2, 0x4, 0xb7a9, 0x800, 0x6, 0xb7b}, {0x1, 0x3, 0x3, 0x8, 0x5, 0x401}, {0x101, 0x9, 0x9, 0x4000, 0x2, 0x8000}, {0x9, 0xfffffff8, 0x5, 0x0, 0xa78, 0xe}, {0x8, 0x800, 0x4, 0x3, 0x3, 0x100}, {0x4, 0x80, 0x7, 0x2, 0x2, 0x9}, {0x5, 0x2, 0xfffffff7, 0x80000000, 0x0, 0x7}, {0x9, 0x80000000, 0x5, 0x400, 0x100, 0xfffffc00}, {0x9, 0x3ff, 0x80000, 0x1, 0x9, 0x85e}, {0x7cd, 0x8000, 0x7, 0x3, 0x8, 0x9}, {0x9, 0xd34, 0xe674, 0x4, 0x10, 0x56}, {0x5, 0x9, 0x5, 0x3, 0x8, 0x3}, {0x8, 0x8, 0x6, 0x10000, 0x5, 0x4}, {0x6, 0x5, 0x10, 0x3, 0x5, 0xd47ad3d}, {0x6, 0x7, 0x8, 0xffff8001, 0x9, 0x4}, {0x80000000, 0x40, 0x10, 0x6e3, 0x4, 0xf}, {0x8, 0x80, 0x3, 0x24, 0xa3ba, 0x8}], [{0x4, 0x1}, {0x4}, {0x3}, {}, {0x4}, {0x5}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x4}, {0x5, 0x1}, {}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x5}, {0x3}, {0x2}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {0x3}, {0x1}, {0x3}, {0x5, 0x1}, {0x1}, {0x5}, {0x4}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x4, 0x1}, {0x3}, {0x2, 0x1}, {0x3, 0x1}, {0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x3}, {0x4}, {0x4}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x1}, {0x2}, {0x2}, {0x4, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2}, {0x4}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {0x1, 0x1}, {0x2}, {0x5}, {0x1, 0x1}, {0x2}, {0x3}, {0x1}, {0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x3}, {}, {0x5, 0x1}, {0x1}, {0x3, 0x1}, {0x2}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x4, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x2}, {0x5}, {0x5, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x3}, {0x3}, {0x5, 0x1}, {0x0, 0x1}, {0x1}, {0x2}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x2}, {0x2, 0x1}, {0x3}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x5}, {0x3, 0x1}, {}, {0x4}, {0x2}, {0x5}, {0x3}, {0x3}], 0x1}}]}, {0xd5, 0x6, "fc5b9756c3a9bca98816adc0db5495bd810061caa7af81e0269a9a3a8d27cdd7de7f15c6cf59f36fd12ad7de76522674a3377d3383044ffae117ba2ea6acbaea4bb4ea46ba03c419851ed573b54742b02cc50c294bdeac2d75ac88f9d5d6a12dc7e04801e535e2f17e1c60522ef25ea26613589052012e5aa8b84b0f93672f77a20b6105096a0522d28c4e6691cacb8001bcbf0d5bc3419834e84a2bbb8eee3d8c4bbda31d68f536c890ac59bea92187258257eeaea8e74e338c5766073a419b80bfb2e7b677510e65519f0e713b36e67c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x1168}, 0x1, 0x0, 0x0, 0x40000c4}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x3000000, 0x4)
r6 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r6, 0x0, 0x0)
tee(r1, r3, 0x4, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
unshare(0x22020600)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0, r3, 0x0, 0x5}, 0x18)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
memfd_secret(0x80000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10)
getpid()

3.630038025s ago: executing program 4 (id=7766):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x65, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x286ca06bbee933dc, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x404, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0xc, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0xfffffffc, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x5}, {}, {0x0, 0x0, 0x0, 0x4000, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {0x0, 0xfffffffe}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd, 0x0, 0xffffffff}, {0x6}, {0x7f, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {0x0, 0xfffffffc, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x4, 0x4}, {0x0, 0x2e9c, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x6}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc, 0x2}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {0x4}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03"], 0x34}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3348cd842591e5ae7221c5cf665a7d6704000013220003714cf90e9de010be98b35d40734e39a4ff816ba9af195d212cf99db1b0db6f661438804b6c5cb29ad74980deb8ecdc8354fc618ebfd654730ff03ec867751221ca75d635fbcfd5f1cd312d37742b2c38c9ffd2551f0be5437811af691998c3a9fc05983a2b9979492e17bca3336a9fd3054c5d6a5485b6cff82748ce007254d1c49a85d870ef", @ANYRES32=0x0, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x2c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000007}, 0x20004004)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001240)={r5, r9, 0x25, 0xc, @val=@perf_event={0x1}}, 0x18)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='cpuset.mem_hardwall\x00', 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x40000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r10, 0xc0145401, &(0x7f0000000240)={0x3, 0x1, 0x1, 0x0, 0xd2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r11, 0x89f1, &(0x7f0000000080))
r12 = socket$key(0xf, 0x3, 0x2)
r13 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBENT(r13, 0x4b47, &(0x7f0000000000)={0x4, 0x25, 0x2})
sendmsg$key(r12, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x10}, 0x19}, 0x0)

3.629655945s ago: executing program 35 (id=7766):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x65, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x286ca06bbee933dc, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x93, 0xfc}, [{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0xfffffffc}, {0x1, 0x0, 0x0, 0x4000000, 0x7, 0x80000}, {0x8, 0x5, 0x0, 0xfffffffc, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0xc3}, {0x0, 0x5}, {0x5}, {}, {0x0, 0x10}, {0x0, 0x404, 0x0, 0x8000000}, {0x0, 0xffffffff, 0x0, 0x0, 0xfffffffd}, {0x2, 0x0, 0x400000, 0x0, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x20}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x2000}, {}, {0x0, 0x7, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffd}, {0xffffffff}, {}, {0x0, 0x0, 0xc, 0x0, 0x0, 0x6}, {0xffffffff}, {}, {}, {}, {0xffffffff, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x1, 0x3}, {0x80, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x15, 0x0, 0x48510}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffff}, {}, {}, {0x0, 0xfffefffd, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x1}, {}, {0x5}, {}, {0x0, 0xfffffffc, 0x0, 0x3ff, 0x40000000}, {0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x400000}, {0x4, 0x0, 0x200}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x5}, {}, {0x0, 0x0, 0x0, 0x4000, 0x0, 0xfb4}, {}, {0x0, 0x101, 0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x4, 0x9}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {}, {}, {}, {0x800000, 0x0, 0x0, 0x0, 0x0, 0x56}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffefffff}, {0x0, 0xfffffffe}, {0x0, 0x0, 0x6, 0x0, 0x4}, {}, {}, {0x0, 0xfffffffd, 0x0, 0xffffffff}, {0x6}, {0x7f, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x2, 0x0, 0x20000000}, {0x0, 0xfffffffc, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x292}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, {0x0, 0x5, 0x0, 0x0, 0x1}, {0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0x10000000, 0x0, 0x0, 0x4, 0x4}, {0x0, 0x2e9c, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x6}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {0x0, 0x8000}, {0x0, 0x0, 0x10000, 0x0, 0xfffffffc, 0x2}, {0x0, 0x80000000, 0x0, 0x7dff800}], [{}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x1, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {0x5}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {0x4}, {0x2}, {}, {}, {0x4}, {0x3}, {}, {}, {0x0, 0x1}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03"], 0x34}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="3348cd842591e5ae7221c5cf665a7d6704000013220003714cf90e9de010be98b35d40734e39a4ff816ba9af195d212cf99db1b0db6f661438804b6c5cb29ad74980deb8ecdc8354fc618ebfd654730ff03ec867751221ca75d635fbcfd5f1cd312d37742b2c38c9ffd2551f0be5437811af691998c3a9fc05983a2b9979492e17bca3336a9fd3054c5d6a5485b6cff82748ce007254d1c49a85d870ef", @ANYRES32=0x0, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x2c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000007}, 0x20004004)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001240)={r5, r9, 0x25, 0xc, @val=@perf_event={0x1}}, 0x18)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='cpuset.mem_hardwall\x00', 0x2, 0x0)
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x40000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r10, 0xc0145401, &(0x7f0000000240)={0x3, 0x1, 0x1, 0x0, 0xd2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r11, 0x89f1, &(0x7f0000000080))
r12 = socket$key(0xf, 0x3, 0x2)
r13 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBENT(r13, 0x4b47, &(0x7f0000000000)={0x4, 0x25, 0x2})
sendmsg$key(r12, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB="02"], 0x10}, 0x19}, 0x0)

2.192870622s ago: executing program 0 (id=7786):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

2.192241412s ago: executing program 0 (id=7787):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7}, 0x18)
r6 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x5, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.635149477s ago: executing program 0 (id=7788):
ioperm(0x0, 0xd, 0x4000000000000020)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='devpts\x00', 0x4, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='f2fs_filemap_fault\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)}, 0x40048e0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000072)
socket$netlink(0x10, 0x3, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000005}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r4, 0x10820, 0x343}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000014}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0xc, &(0x7f0000000f40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00'}, 0x10)
process_vm_writev(0x0, &(0x7f0000000f40)=[{0x0}, {&(0x7f0000000640)=""/236, 0xec}, {&(0x7f0000000580)=""/102, 0x66}, {&(0x7f0000000b00)=""/145, 0x91}, {&(0x7f0000000e00)=""/128, 0x80}, {&(0x7f0000000080)=""/188, 0xbc}], 0x6, &(0x7f00000007c0)=[{&(0x7f0000000240)=""/169, 0xa9}, {&(0x7f00000004c0)=""/87, 0x57}, {&(0x7f0000000740)=""/119, 0x77}, {&(0x7f0000000140)=""/50, 0x32}, {&(0x7f00000001c0)=""/49, 0x31}, {&(0x7f0000001040)=""/4096, 0x1000}], 0x6, 0x0)
r5 = perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0x2}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000180)='cpu>=0||!')

1.462681052s ago: executing program 7 (id=7790):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x103940)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0xd)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x5)
close_range(r0, 0xffffffffffffffff, 0x0)

1.451408252s ago: executing program 7 (id=7791):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendto$inet6(r0, 0x0, 0x0, 0x54, &(0x7f00000001c0)={0xa, 0x2, 0x9, @empty, 0x10}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r1, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)

1.409558856s ago: executing program 7 (id=7792):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x4, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x4080)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8)

1.267409658s ago: executing program 0 (id=7793):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x6, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d921106f0b69617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020753ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cf0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000140016"], 0x4c}}, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000100)={0x2000000, 0x0, 0x13, 0x4, 0x200, 0x0})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = memfd_create(&(0x7f0000001040)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1\x8c.?}jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r9, &(0x7f0000000300)={'#! ', './file0'}, 0x17)
execveat(r9, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async)
execveat(r9, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r11=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)=ANY=[@ANYRES8=r11, @ANYRES16=r10, @ANYBLOB="010029bd7000fddbdf250f00000008002b000100010008000300", @ANYRES16=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x20000040) (async)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000000)=ANY=[@ANYRES8=r11, @ANYRES16=r10, @ANYBLOB="010029bd7000fddbdf250f00000008002b000100010008000300", @ANYRES16=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x20000040)

780.481227ms ago: executing program 6 (id=7794):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

726.752272ms ago: executing program 5 (id=7795):
creat(&(0x7f00000000c0)='./file0\x00', 0x9c)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000e40)=@filename='./file0\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41cacbf4a5"], 0x8, 0x0)

701.246634ms ago: executing program 6 (id=7796):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7}, 0x18)
r6 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x5, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)

623.97788ms ago: executing program 5 (id=7797):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000040000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x9c)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000e40)=@filename='./file0\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41cacbf4a5"], 0x8, 0x0)

623.63358ms ago: executing program 0 (id=7798):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

623.38151ms ago: executing program 0 (id=7799):
write$nbd(0xffffffffffffffff, 0x0, 0x0)
socket(0x2, 0x805, 0x0)
syz_clone(0x6200, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)

590.814043ms ago: executing program 5 (id=7800):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='signal_deliver\x00', r0}, 0x18)
r2 = syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000000)='./file0\x00', 0x1, 0x4000, r2}, 0x18)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000000)={0x0, 'team0\x00', {0x1}, 0x9})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x1, r5, 0x0, 0x4, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f00000004c0)='ext4_collapse_range\x00', r6, 0x0, 0x5}, 0x18)
mkdir(&(0x7f0000000400)='./file0\x00', 0x31d)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@keyring)
request_key(&(0x7f00000001c0)='ceph\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000340)='\x00', 0xfffffffffffffffc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000040)=ANY=[@ANYRES32=r1], 0x15)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='mm_page_free\x00', r10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)

549.838676ms ago: executing program 6 (id=7801):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000040000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41cacbf4a5"], 0x8, 0x0)

525.754588ms ago: executing program 6 (id=7802):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r0)
r1 = inotify_init1(0x800)
fcntl$setstatus(r0, 0x4, 0x2c00)
r2 = gettid()
fcntl$setown(r0, 0x8, r2)
fcntl$setsig(r1, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xf7ffffffffff7ffc]}, 0x0, 0x0, 0x8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0}, 0x10024, 0x10000, 0x1, 0x1, 0xa, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = creat(&(0x7f0000000340)='./file0\x00', 0x28)
close(r4)
r5 = getpid()
r6 = socket(0x1e, 0x1, 0x0)
connect$tipc(r6, &(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x802, 0xa3)
write$binfmt_misc(r6, &(0x7f0000000080), 0x2000011a)
r7 = syz_pidfd_open(r5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r7}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000aae62000000018110000", @ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3UFvG1kdAPD/OHZp2nSTBQ6wEsvCLkorqJ1s2DbiUIqE4FQJKPcSEieK4sRR7LRNVEEqPgASQoDECS5ckPgASKgSF44IqRKcQYBACFo4cIDOyvY4TVM7cVs3TuPfT5rMmzfz/H/P0YznzTzNBDC03oqIqxHxKE3TCxExnuXnsil2WlNju4cP7sw3piTS9Po/k0iyvPZnJdn8bFbsdER87csR30yejlvb2l6Zq1TKG9lyqb66XqptbV9cXp1bKi+V12Zmpi/NXp59b3aqL+08FxFXvvjXH3z3Z1+68qvP3PrTjb+f/1ajWmPZ+r3teEb5g1a2ml5ofhd7C2w8Z7DjKN9sYWa00xYjT+Xcfcl1AgCgs8Y5/gcj4pMRcSHGY+Tg01kAAADgFZR+fiz+l0SknZ3qkg8AAAC8QnLNMbBJrpiNBRiLXK5YbI3h/XCcyVWqtfqnF6ubawutsbITUcgtLlfKU9lY4YkoJI3l6Wb68fK7+5ZnIuL1iPj++GhzuThfrSwM+uIHAAAADImz+/r//xlv9f8BAACAE2Zi0BUAAAAAXjr9fwAAADj59P8BAADgRPvKtWuNKW2//3rh5tbmSvXmxYVybaW4ujlfnK9urBeXqtWl5jP7Vg/7vEq1uv7ZWNu8XaqXa/VSbWv7xmp1c61+Y/mJV2ADAAAAR+j1j9/7QxIRO58bbU4Np3or2uNmwHGV300l2bzDbv3H11rzvxxRpYAjMTLoCgADkx90BYCBKQy6AsDAJYes7zp457fZ/BP9rQ8AANB/kx/tfv8/d2DJnYNXA8eenRiGl/v/MLya9/97HcnrZAFOlIIzABh6L3z//1Bp+kwVAgAA+m6sOSW5YnZ5byxyuWIx4lzztQCFZHG5Up6KiNci4vfjhQ80lqebJZND+wwAAAAAAAAAAAAAAAAAAAAAAAAAQEuaJpECAAAAJ1pE7m/Jr1vP8p8cf2ds//WBU8l/xyN7ReitH1//4e25en1jupH/r938+o+y/HcHcQUDAAAAhsIzvcC/3U9v9+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJ8ePrgz356OMu4/vhARE53i5+N0c346ChFx5t9J5PeUy0XESB/ijzb+fKRT/KRRrd2Q++Mn7bIvaOfugfFjIvsWOsU/24f4MMzuNY4/Vzvtf7l4qznvvP/lI55Yfl7dj3+xe/wb6bL/n+sxxhv3f1HqGv9uxBv5zsefdvykS/y3e4z/ja9vb3dbl/4kYrLj70/yRKxSfXW9VNvavri8OrdUXiqvzcxMX5q9PPve7FRpcblSzv52jPG9j/3y0UHtP9Ml/sQh7X+nx/b///7tBx9qJQud4p9/u0P83/w02+Lp+O3fvk9l6cb6yXZ6p5Xe682f/+7Ng9q/0KX9h/3/z/fY/gtf/c6fe9wUADgCta3tlblKpbxxYhONXvoxqIbEMUx8u68fmKZp2tinXuBzkjgOX0szMegjEwAA0G+PT/oHXRMAAAAAAAAAAAAAAAAAAAAYXkfxOLH9MXd2U0k/HqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAX7wcAAP//ZWfZVg==")

328.682304ms ago: executing program 7 (id=7803):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r2)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
tee(r2, r3, 0x6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000480)=@assoc_value={0x0, 0x7255}, 0x8)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000a40)={0x0, @in={{0x2, 0x4e24, @rand_addr=0x64010100}}, [0x9dc, 0x6, 0x3, 0x100, 0x8, 0x3, 0x2, 0x7fffffff, 0x4, 0x1, 0x4, 0x10001, 0x3ff, 0xc, 0x6]}, &(0x7f00000001c0)=0x100)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r7}, 0x10)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x30, &(0x7f0000000600)=<r8=>0x0)
r9 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r8, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r9, &(0x7f00000000c0)="01", 0x24}])

322.474175ms ago: executing program 5 (id=7804):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

191.333185ms ago: executing program 5 (id=7805):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

134.5564ms ago: executing program 5 (id=7806):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
prctl$PR_SVE_SET_VL(0x32, 0x13782)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000740)='./file0\x00', 0x800, &(0x7f00000006c0)=ANY=[], 0x5, 0x7fd, &(0x7f0000000840)="$eJzs3U1oHPfZAPBnZMmRlfc1Ie+LX2NsZ+LkBRscZSU7CiKFZLMayZOsdsXuKtiEkphaDsZyE+IGah/q+JLS0hJ66jHJoZf2VHppKbTQHtpTob32Fgj0kLS0t5aAyszs2pL14S/FNunvJ6z5eub/f+av9TwaSTMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAkjZlabSKJZt5aPJlurjHTac9vsX3Q3q/XTLboNyIp/sXoaOytVu393+ub9xSfDsX+aml/jBaT0bj88J5Hnvuf4aHB/lsktN2GN1p58dLl86eXl5fevpUWRrY9p+3y3V+uWfzRWNziyM5lrbzbzufrc1mad9vp9NRU7ekTs910Nm9m3VPdXjafNjpZvdfupIcbR9KJ6eljaTZ+qr3YmpupN7N0uFr57FOTtdpU+tL4QlbvdNutp18a7zZO5M1m3pordyw2FzHPFi/El/Ne2svq82l69tzy0rG1Ke1al2QRNLFmzecrq5f2P/nIJ+98/I9zS5M3O9zJ2uTkxMTk5MRUEhG12vD1Fc9MP/NsrTZcu0Gsi7inL1oeQNt8Boc7N9Sv/9GMPFqxGCcj3fCjETPRiXbMx/UX8OrtfYP6//9P//UPW/X7/qr6X1X5of17r2/eF2X9P1gtHdys/ld973xok5y/qI/SV4pPF+NSXI7zcTqWYzmW4u0vpL9k+9oa2t7M5iKLVuTRjXbkMR/1ck3aX5PGdEzFVNTitTgRs9GNNGYjj2Zk0Y1T0Y1eZOUrqhGdyKIevWhHJ9I4HI04EmlMxHRMx7FII4vxOBXtWIxWzMVM1MtWzsa5ctyP3ZDXnm+9/os3/vjJB+VXaxA0sdUQvxtRBv19i6B1xVz957ZFxG+37wQOd2FlUP8BAACAL62k/Ol7cf0/EgfKudm8mb26JubVz27ca7j49O49TBMAAAC4C+Vv/vdHUs3EgUiK6//a2qCfjJSTh+5DfgAAAMDdS8p77IqL/7F4rJob3C5Vu9+5AQAAANuj/LX/wWIyFnGlXOH6HwAAAL5kXvlZf+bGZ+x/PHjG7tDCQ8mv/hadzkhy/MOTTyYX6kVc/cKOar/+5JVrLfZm9w3uJqjamhq+/HCxPNzI9ieDBwV/3r+ZoHq0wL7ha7uvzeOFXdXaJEmKBK4ubJpArElgd/8oriVQLsX34vEq5vEz1fTMYEt1tGOzeTMbb7Sbz01Evb57qJed7L3z9XPfjPLwv9Oa353E2XPLS+Nfe3P5TJnL1aKVqxf6x7vuOYpb5LIyuJ3iwPqnGxdNjZQ3YvT7Hav6ra0+/qGLu4uZoRvHYIs+34tD/1XGHBqrYsfWHv9o0efE+GZHP1Yd38S6Ix9e/8KqsjjVXyqyuHb7yHvxRDXzxOEnqskGWUxulUUxFpOrs6jGLIZuY/w3ySIeiYgPHr9y8sBoRHbsZlkcu8ssAO6Xs+VTf4oqVJ2eqyr0r5VKUf87nZGdsabuVDvc6lkuKXu5yTv5jBSn/luq7v9c2eKMfriKOVx9PzG8b4O6UtvgjP7Wubd+1z+jH//xDz/86sHf//SO6/roIGTXYObR3zw8FGUWu/pZXO5v6Ywk379WSaqq+lGx/qNN++02J5NiCHd848JbsefipctPnbtw+o2lN5Z2RsRU7Xit9kyS9L94K+V3DGoPABs4FAerQr7pe+xs8i485TcAZURyfKur6h2RPHrtTwqKmvhmLMeZOFrebRARj23c79iqP0M4Gof6yW581Tq26h1ejm50VXclrsUWdbKKndw4dsN2j60asf/7wRf59QCAe+HQTerwpvX/ekRy9CbX3Wtr+ZEq9sggg81reUQ8f29HAwD+M2Sdz5Kx3reTTidfeG1ienqi3juRpZ124+W0k8/MZWne6mWdGK635rJ0odPutRvtZjHzSj6TddPu4sJCu9NLZ9uddKHdzU+W7/ye9t/6vZvN11u9vNFdaGb1bpY22q1evdFLZ/JuI11YfLGZd09knXLn7kLWyGfzRr2Xt1tpt73YaWTjadrNslWB+UzW6uWzeTHbShc6+Xy9czUimovzWTqTdRudfKHXrhoc9JW3Ztud+bLZv+y+36MNAA+Gi5cunz+9vLz09p3N/PlWgjfvfXTkXh4rAFC5XqU//e8bt/nhOwAAAAAAAAAAAAAAPBju8v6/9TO7trfB0a1iVq5ErN+UrKys3EYXu+ImMTurkdoR2ztQ92Tm6ra0MxQbjfODM5Nsvun1558/v9nuL17Ze+LWurjp/5ThiOjf6vrupzt//n616YU7Opyh29/rTxFxB32tJFvE3OcTEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABs4N8BAAD//2uxZPA=")
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0)
fcntl$dupfd(r1, 0x0, r0)
write$cgroup_int(r2, &(0x7f0000000000)=0x800, 0x12)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000001c0)='kyber_latency\x00', r3}, 0x18)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_FREE(r4, 0x3305)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r5, 0x0, 0x40000000, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r7)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r7, &(0x7f0000000380)={0x0, 0x2b, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r8, 0x701}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x10, 0x0, 0x0, 0x200, 0x18022, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xf}, 0x0, 0xfffffffffffffffe, 0xfffffffe, 0x9, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

124.061071ms ago: executing program 7 (id=7807):
creat(&(0x7f00000000c0)='./file0\x00', 0x9c)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, &(0x7f0000000e40)=@filename='./file0\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x8840)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41cacbf4a5"], 0x8, 0x0)

92.930523ms ago: executing program 6 (id=7808):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000008000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={@mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x7, 0x40, 0x1, 0x100, 0x14, 0x200280})
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000000)={@none, 0x9, 0xd, 0xfff4, 0xb6, 0x5, "241407d72a4848fd77896dc23728eb65d740162e548a35ab14099f48c0690e8e3531722295a0813f4eef885cfd3dbe73f9e9901445adf4534a6204d701b09b6b1b1f25c79d2094b46dfb2fca5fe85d91dbeb6510f06e9ebfe3873d6a53067ad2dddaede9dff83c52f344f2e2ff05b2a95c77f80ac45d36ca95ff83d57ecd8dd9"})
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c8, 0x130, 0x12, 0x60a, 0x130, 0x202, 0x1f8, 0x2e8, 0x2e8, 0x1f8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@remote, @mcast2, [], [0x0, 0x0, 0xffffffff], 'netpci0\x00', 'xfrm0\x00'}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@unspec=@statistic={{0x38}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfe}, {0xffffffffffffffff, 0xf9}}}}, {{@ipv6={@private2, @loopback, [], [0xff], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328)

88.149284ms ago: executing program 8 (id=7767):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0xc, &(0x7f0000000040)={0x5, 0x7})
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
unshare(0x62040200)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/mnt\x00')
setns(r3, 0x20000)

26.673828ms ago: executing program 7 (id=7809):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=@framed={{}, [@printk={@x, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r3}, 0x10)
r4 = fsmount(r1, 0x0, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r5, &(0x7f0000000140)={[{0x2b, 'cpu'}]}, 0x5)

0s ago: executing program 6 (id=7810):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)

kernel console output (not intermixed with test programs):

read partition table
[  627.441702][ T1318] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  627.441702][ T1318] 
) failed (rc=-5)
[  627.454452][ T1300] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  627.504217][ T1325] syzkaller1: entered promiscuous mode
[  627.510120][ T1325] syzkaller1: entered allmulticast mode
[  627.602215][ T1336] loop6: detected capacity change from 0 to 512
[  627.616172][ T1336] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7082: Failed to acquire dquot type 1
[  627.643796][ T1336] EXT4-fs (loop6): 1 truncate cleaned up
[  627.655019][ T1336] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  627.673564][ T1336] ext4 filesystem being mounted at /461/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  627.685592][ T1344] loop5: detected capacity change from 0 to 764
[  627.697909][ T1344] rock: directory entry would overflow storage
[  627.704372][ T1344] rock: sig=0x4654, size=5, remaining=4
[  627.710558][ T1336] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7082: Failed to acquire dquot type 1
[  627.726893][ T1344] random: crng reseeded on system resumption
[  627.738234][ T1344] Restarting kernel threads ...
[  627.745211][ T1344] Done restarting kernel threads.
[  627.766840][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  627.835083][ T1357] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7087'.
[  627.847694][ T1355] loop9: detected capacity change from 0 to 7
[  627.858104][ T1355] Buffer I/O error on dev loop9, logical block 0, async page read
[  627.874083][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  627.884244][ T1355] Buffer I/O error on dev loop9, logical block 0, async page read
[  627.892150][ T1355]  loop9: unable to read partition table
[  627.899187][ T1355] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  627.899187][ T1355] 
) failed (rc=-5)
[  627.955219][ T1362] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  627.964162][ T1362] syzkaller0: entered promiscuous mode
[  627.969745][ T1362] syzkaller0: entered allmulticast mode
[  627.979871][ T1359] vhci_hcd: invalid port number 96
[  627.985167][ T1359] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  627.995291][ T1362] tipc: Resetting bearer <eth:syzkaller0>
[  628.011885][ T1362] netlink: 'syz.6.7092': attribute type 5 has an invalid length.
[  628.022235][ T1365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.030755][ T1365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.049553][ T1362] SELinux: security_context_str_to_sid (_) failed with errno=-22
[  628.063810][ T1361] tipc: Resetting bearer <eth:syzkaller0>
[  628.077376][ T1361] tipc: Disabling bearer <eth:syzkaller0>
[  628.100081][ T1363] loop4: detected capacity change from 0 to 8192
[  628.121088][ T1363] syz.4.7091: attempt to access beyond end of device
[  628.121088][ T1363] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  628.155359][ T1363] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  628.163693][ T1363] FAT-fs (loop4): Filesystem has been set read-only
[  628.181219][ T1363] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  628.191046][ T1363] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  628.207965][ T1374] netlink: 'syz.7.7096': attribute type 10 has an invalid length.
[  628.216031][ T1374] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7096'.
[  628.294934][ T1377] loop4: detected capacity change from 0 to 512
[  628.305643][ T1377] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.7099: bg 0: block 131: padding at end of block bitmap is not set
[  628.323390][ T1377] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  628.332505][ T1377] EXT4-fs (loop4): 1 truncate cleaned up
[  628.338553][ T1377] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  628.801375][ T1392] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7103'.
[  628.837437][ T1392] loop9: detected capacity change from 0 to 7
[  628.851074][ T1392] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.860772][ T1392] Buffer I/O error on dev loop9, logical block 0, async page read
[  628.868701][ T1392]  loop9: unable to read partition table
[  628.874685][ T1393] loop7: detected capacity change from 0 to 512
[  628.875207][ T1392] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  628.875207][ T1392] 
) failed (rc=-5)
[  628.892115][ T1393] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  628.929793][ T1393] EXT4-fs (loop7): 1 truncate cleaned up
[  628.957304][ T1393] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  629.083151][ T1404] FAULT_INJECTION: forcing a failure.
[  629.083151][ T1404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  629.096397][ T1404] CPU: 1 UID: 0 PID: 1404 Comm: syz.5.7105 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  629.096497][ T1404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  629.096568][ T1404] Call Trace:
[  629.096577][ T1404]  <TASK>
[  629.096587][ T1404]  __dump_stack+0x1d/0x30
[  629.096615][ T1404]  dump_stack_lvl+0xe8/0x140
[  629.096641][ T1404]  dump_stack+0x15/0x1b
[  629.096662][ T1404]  should_fail_ex+0x265/0x280
[  629.096712][ T1404]  should_fail+0xb/0x20
[  629.096745][ T1404]  should_fail_usercopy+0x1a/0x20
[  629.096781][ T1404]  _copy_from_user+0x1c/0xb0
[  629.096806][ T1404]  ___sys_sendmsg+0xc1/0x1d0
[  629.096915][ T1404]  __x64_sys_sendmsg+0xd4/0x160
[  629.096957][ T1404]  x64_sys_call+0x191e/0x2ff0
[  629.096979][ T1404]  do_syscall_64+0xd2/0x200
[  629.097014][ T1404]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  629.097065][ T1404]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  629.097100][ T1404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.097168][ T1404] RIP: 0033:0x7fec9cebe9a9
[  629.097188][ T1404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  629.097213][ T1404] RSP: 002b:00007fec9b527038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  629.097254][ T1404] RAX: ffffffffffffffda RBX: 00007fec9d0e5fa0 RCX: 00007fec9cebe9a9
[  629.097267][ T1404] RDX: 0000000000000000 RSI: 0000200000000700 RDI: 0000000000000003
[  629.097280][ T1404] RBP: 00007fec9b527090 R08: 0000000000000000 R09: 0000000000000000
[  629.097295][ T1404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  629.097311][ T1404] R13: 0000000000000000 R14: 00007fec9d0e5fa0 R15: 00007fffccd39058
[  629.097336][ T1404]  </TASK>
[  629.315626][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.325341][ T1406] loop5: detected capacity change from 0 to 512
[  629.348378][ T1406] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.7107: Failed to acquire dquot type 1
[  629.378567][ T1414] netlink: 'syz.6.7110': attribute type 10 has an invalid length.
[  629.386521][ T1414] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7110'.
[  629.389413][ T1406] EXT4-fs (loop5): 1 truncate cleaned up
[  629.402637][ T1380] x_tables: duplicate underflow at hook 3
[  629.409035][ T1406] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  629.421963][ T1406] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  629.444589][ T1406] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.7107: Failed to acquire dquot type 1
[  629.470233][ T1416] loop0: detected capacity change from 0 to 512
[  629.505237][ T1416] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.7109: bg 0: block 131: padding at end of block bitmap is not set
[  629.541439][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.560839][ T1421] syzkaller1: entered promiscuous mode
[  629.566486][ T1421] syzkaller1: entered allmulticast mode
[  629.575727][ T1423] loop6: detected capacity change from 0 to 764
[  629.582511][ T1416] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  629.602960][ T1423] rock: directory entry would overflow storage
[  629.609189][ T1423] rock: sig=0x4654, size=5, remaining=4
[  629.619350][ T1416] EXT4-fs (loop0): 1 truncate cleaned up
[  629.630526][ T1416] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  629.647973][ T1423] random: crng reseeded on system resumption
[  629.659804][ T1423] Restarting kernel threads ...
[  629.671424][ T1423] Done restarting kernel threads.
[  629.684155][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.726276][ T1435] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  629.839771][ T1444] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7117'.
[  629.890157][ T1446] loop5: detected capacity change from 0 to 2048
[  629.982068][ T1450] loop6: detected capacity change from 0 to 2364
[  629.990040][ T1450] iso9660: Unknown parameter 'sessi0000000043'
[  630.083808][ T1457] netlink: 'syz.5.7123': attribute type 10 has an invalid length.
[  630.091729][ T1457] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7123'.
[  630.102157][ T1457] dummy0: entered promiscuous mode
[  630.119226][ T1457] bridge0: port 3(dummy0) entered blocking state
[  630.125817][ T1457] bridge0: port 3(dummy0) entered disabled state
[  630.132492][ T1457] dummy0: entered allmulticast mode
[  630.138884][ T1457] bridge0: port 3(dummy0) entered blocking state
[  630.145324][ T1457] bridge0: port 3(dummy0) entered forwarding state
[  630.302588][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  630.378082][ T1469] vhci_hcd: invalid port number 96
[  630.383306][ T1469] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  630.428856][ T1480] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  630.647370][ T1500] loop0: detected capacity change from 0 to 764
[  630.668036][ T1500] rock: directory entry would overflow storage
[  630.674669][ T1500] rock: sig=0x4654, size=5, remaining=4
[  630.694006][ T1500] random: crng reseeded on system resumption
[  630.713727][ T1500] Restarting kernel threads ...
[  630.720016][ T1500] Done restarting kernel threads.
[  630.737738][ T1505] loop6: detected capacity change from 0 to 512
[  630.793344][ T1505] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7137: Failed to acquire dquot type 1
[  630.822988][ T1505] EXT4-fs (loop6): 1 truncate cleaned up
[  630.834097][ T1505] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  630.883923][ T1505] ext4 filesystem being mounted at /477/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  631.037170][ T1518] loop9: detected capacity change from 0 to 7
[  631.048567][ T1518] Buffer I/O error on dev loop9, logical block 0, async page read
[  631.067079][ T1518] Buffer I/O error on dev loop9, logical block 0, async page read
[  631.075098][ T1518]  loop9: unable to read partition table
[  631.093495][ T1518] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  631.093495][ T1518] 
) failed (rc=-5)
[  631.126671][ T1396] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  631.193578][ T1505] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7137: Failed to acquire dquot type 1
[  631.206033][ T1531] syzkaller1: entered promiscuous mode
[  631.211561][ T1531] syzkaller1: entered allmulticast mode
[  631.219164][ T1533] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  631.283715][ T1535] loop5: detected capacity change from 0 to 512
[  631.290967][ T1535] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  631.303628][ T1535] EXT4-fs (loop5): 1 truncate cleaned up
[  631.310655][ T1535] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  631.435166][ T1491] x_tables: duplicate underflow at hook 3
[  631.528611][ T1558] loop0: detected capacity change from 0 to 8192
[  631.547103][ T1558] syz.0.7150: attempt to access beyond end of device
[  631.547103][ T1558] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  631.590412][ T1558] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  631.598641][ T1558] FAT-fs (loop0): Filesystem has been set read-only
[  631.622683][ T1558] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  631.632135][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  631.642390][ T1558] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  631.657594][   T29] kauditd_printk_skb: 1214 callbacks suppressed
[  631.657615][   T29] audit: type=1326 audit(1753884030.082:35084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1555 comm="syz.0.7150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  631.727061][   T29] audit: type=1326 audit(1753884030.082:35085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1555 comm="syz.0.7150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  631.831104][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  631.873740][ T1571] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7154'.
[  631.979086][   T29] audit: type=1326 audit(1753884030.402:35086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.011957][   T29] audit: type=1326 audit(1753884030.432:35087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.035931][   T29] audit: type=1326 audit(1753884030.432:35088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.059846][   T29] audit: type=1326 audit(1753884030.432:35089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.084039][   T29] audit: type=1326 audit(1753884030.432:35090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.108145][   T29] audit: type=1326 audit(1753884030.432:35091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.132678][   T29] audit: type=1326 audit(1753884030.432:35092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.156349][   T29] audit: type=1326 audit(1753884030.432:35093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1575 comm="syz.5.7157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  632.197644][ T1580] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  632.332667][ T1584] loop7: detected capacity change from 0 to 8192
[  632.348035][ T1584] syz.7.7160: attempt to access beyond end of device
[  632.348035][ T1584] loop7: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  632.361928][ T1584] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  632.369861][ T1584] FAT-fs (loop7): Filesystem has been set read-only
[  632.378493][ T1584] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  632.386974][ T1584] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  632.409217][ T1596] loop9: detected capacity change from 0 to 7
[  632.421324][ T1596] Buffer I/O error on dev loop9, logical block 0, async page read
[  632.431498][ T1596] Buffer I/O error on dev loop9, logical block 0, async page read
[  632.442904][ T1596]  loop9: unable to read partition table
[  632.450841][ T1596] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  632.450841][ T1596] 
) failed (rc=-5)
[  632.775179][ T1623] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7175'.
[  632.823437][ T1623] loop9: detected capacity change from 0 to 7
[  632.840008][ T1629] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  632.851540][ T1623] Buffer I/O error on dev loop9, logical block 0, async page read
[  632.870196][ T1623] Buffer I/O error on dev loop9, logical block 0, async page read
[  632.878790][ T1623]  loop9: unable to read partition table
[  632.886960][ T1623] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  632.886960][ T1623] 
) failed (rc=-5)
[  633.010324][ T1650] loop5: detected capacity change from 0 to 512
[  633.039007][ T1650] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.7183: casefold flag without casefold feature
[  633.080476][ T1650] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.7183: couldn't read orphan inode 15 (err -117)
[  633.129431][ T1650] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  633.912419][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  633.977423][ T1688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.994685][ T1688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.034028][ T1691] loop7: detected capacity change from 0 to 512
[  634.050655][ T1691] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  634.083004][ T1691] EXT4-fs (loop7): 1 truncate cleaned up
[  634.089249][ T1691] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  634.138996][ T1660] x_tables: duplicate underflow at hook 3
[  634.194715][ T1700] syzkaller1: entered promiscuous mode
[  634.200269][ T1700] syzkaller1: entered allmulticast mode
[  634.269331][ T1701] loop4: detected capacity change from 0 to 512
[  634.282835][ T1701] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  634.305485][ T1701] EXT4-fs (loop4): 1 truncate cleaned up
[  634.311675][ T1701] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  634.441618][ T1668] x_tables: duplicate underflow at hook 3
[  634.509705][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  634.612466][ T1715] loop9: detected capacity change from 0 to 7
[  634.624813][ T1715] Buffer I/O error on dev loop9, logical block 0, async page read
[  634.642573][ T1715] Buffer I/O error on dev loop9, logical block 0, async page read
[  634.650557][ T1715]  loop9: unable to read partition table
[  634.675648][ T1715] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  634.675648][ T1715] 
) failed (rc=-5)
[  634.699932][ T1724] loop0: detected capacity change from 0 to 764
[  634.720146][ T1724] rock: directory entry would overflow storage
[  634.726559][ T1724] rock: sig=0x4654, size=5, remaining=4
[  634.749427][ T1724] random: crng reseeded on system resumption
[  634.759457][ T1724] Restarting kernel threads ...
[  634.764565][ T1724] Done restarting kernel threads.
[  634.782705][ T1733] syzkaller1: entered promiscuous mode
[  634.788249][ T1733] syzkaller1: entered allmulticast mode
[  634.870890][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  634.977614][ T1740] loop5: detected capacity change from 0 to 8192
[  635.000146][ T1740] syz.5.7211: attempt to access beyond end of device
[  635.000146][ T1740] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  635.039896][ T1740] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  635.047950][ T1740] FAT-fs (loop5): Filesystem has been set read-only
[  635.058184][ T1740] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  635.066547][ T1740] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  635.088846][ T1754] loop4: detected capacity change from 0 to 512
[  635.128539][ T1754] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7214: Failed to acquire dquot type 1
[  635.162313][ T1754] EXT4-fs (loop4): 1 truncate cleaned up
[  635.176055][ T1754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  635.249989][ T1754] ext4 filesystem being mounted at /325/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  635.270942][ T1766] loop0: detected capacity change from 0 to 512
[  635.293549][ T1766] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7221: Failed to acquire dquot type 1
[  635.294053][ T1766] EXT4-fs (loop0): 1 truncate cleaned up
[  635.294522][ T1766] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  635.294621][ T1766] ext4 filesystem being mounted at /350/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  635.296407][ T1766] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7221: Failed to acquire dquot type 1
[  635.315897][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  635.379321][ T1776] loop6: detected capacity change from 0 to 512
[  635.383200][ T1776] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  635.386602][ T1776] EXT4-fs (loop6): 1 truncate cleaned up
[  635.387080][ T1776] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  635.486326][ T1779] loop5: detected capacity change from 0 to 764
[  635.502927][ T1779] rock: directory entry would overflow storage
[  635.509166][ T1779] rock: sig=0x4654, size=5, remaining=4
[  635.536534][ T1779] random: crng reseeded on system resumption
[  635.557568][ T1779] Restarting kernel threads ...
[  635.562451][ T1754] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7214: Failed to acquire dquot type 1
[  635.604219][ T1779] Done restarting kernel threads.
[  635.643400][ T1725] x_tables: duplicate underflow at hook 3
[  635.780587][ T1792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.802608][ T1792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.916209][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  635.978375][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  636.114936][ T1812] syzkaller1: entered promiscuous mode
[  636.120490][ T1812] syzkaller1: entered allmulticast mode
[  636.157717][ T1813] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.256907][ T1813] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.286263][ T1819] loop6: detected capacity change from 0 to 8192
[  636.295782][ T1819] syz.6.7240: attempt to access beyond end of device
[  636.295782][ T1819] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  636.317829][ T1822] tipc: MTU too low for tipc bearer
[  636.335854][ T1822] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7234'.
[  636.346334][ T1819] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  636.354318][ T1819] FAT-fs (loop6): Filesystem has been set read-only
[  636.377294][ T1813] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.408748][ T1819] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  636.420179][ T1825] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7242'.
[  636.426831][ T1830] loop0: detected capacity change from 0 to 512
[  636.435044][ T1819] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  636.451073][ T1825] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7242'.
[  636.451195][ T1830] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7244: Failed to acquire dquot type 1
[  636.513134][ T1813] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  636.546569][ T1830] EXT4-fs (loop0): 1 truncate cleaned up
[  636.565907][ T1830] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  636.578722][ T1830] ext4 filesystem being mounted at /358/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  636.604567][ T1830] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7244: Failed to acquire dquot type 1
[  636.621122][ T1813] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  636.645128][ T1813] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  636.655459][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  636.668930][ T1813] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  636.712336][ T1813] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  636.809529][ T1850] loop7: detected capacity change from 0 to 764
[  636.818276][ T1850] rock: directory entry would overflow storage
[  636.824514][ T1850] rock: sig=0x4654, size=5, remaining=4
[  636.838144][ T1850] random: crng reseeded on system resumption
[  636.851056][ T1850] Restarting kernel threads ...
[  636.856466][ T1850] Done restarting kernel threads.
[  636.966685][ T1854] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  637.260992][   T29] kauditd_printk_skb: 552 callbacks suppressed
[  637.261011][   T29] audit: type=1400 audit(1753884035.682:35634): avc:  denied  { unmount } for  pid=29601 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  637.406242][ T1872] FAULT_INJECTION: forcing a failure.
[  637.406242][ T1872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  637.419534][ T1872] CPU: 0 UID: 0 PID: 1872 Comm: syz.4.7255 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  637.419572][ T1872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  637.419589][ T1872] Call Trace:
[  637.419597][ T1872]  <TASK>
[  637.419639][ T1872]  __dump_stack+0x1d/0x30
[  637.419662][ T1872]  dump_stack_lvl+0xe8/0x140
[  637.419681][ T1872]  dump_stack+0x15/0x1b
[  637.419698][ T1872]  should_fail_ex+0x265/0x280
[  637.419729][ T1872]  should_fail+0xb/0x20
[  637.419842][ T1872]  should_fail_usercopy+0x1a/0x20
[  637.419877][ T1872]  _copy_to_iter+0x381/0xe30
[  637.419914][ T1872]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  637.419973][ T1872]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  637.420009][ T1872]  __skb_datagram_iter+0xc6/0x690
[  637.420045][ T1872]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  637.420164][ T1872]  skb_copy_datagram_iter+0x3d/0x110
[  637.420207][ T1872]  netlink_recvmsg+0x1a8/0x550
[  637.420253][ T1872]  ? __pfx_netlink_recvmsg+0x10/0x10
[  637.420295][ T1872]  sock_recvmsg+0x136/0x170
[  637.420345][ T1872]  ____sys_recvmsg+0xf5/0x280
[  637.420386][ T1872]  ___sys_recvmsg+0x11f/0x370
[  637.420435][ T1872]  do_recvmmsg+0x1ef/0x540
[  637.420537][ T1872]  ? get_timespec64+0xc9/0x100
[  637.420616][ T1872]  __x64_sys_recvmmsg+0xfb/0x170
[  637.420652][ T1872]  x64_sys_call+0x27a6/0x2ff0
[  637.420675][ T1872]  do_syscall_64+0xd2/0x200
[  637.420708][ T1872]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  637.420773][ T1872]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  637.420838][ T1872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.420861][ T1872] RIP: 0033:0x7f4c26c7e9a9
[  637.420878][ T1872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  637.420898][ T1872] RSP: 002b:00007f4c252e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  637.420917][ T1872] RAX: ffffffffffffffda RBX: 00007f4c26ea5fa0 RCX: 00007f4c26c7e9a9
[  637.421026][ T1872] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  637.421039][ T1872] RBP: 00007f4c252e7090 R08: 0000200000003700 R09: 0000000000000000
[  637.421052][ T1872] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[  637.421066][ T1872] R13: 0000000000000000 R14: 00007f4c26ea5fa0 R15: 00007ffd5e32de28
[  637.421086][ T1872]  </TASK>
[  637.739831][ T1881] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7259'.
[  637.747022][   T29] audit: type=1326 audit(1753884036.162:35635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1880 comm="syz.6.7261" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8da696e9a9 code=0x0
[  637.783277][ T1881] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7259'.
[  637.824424][ T1885] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7262'.
[  637.827245][ T1888] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7260'.
[  637.862049][ T1888] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7260'.
[  637.944613][   T29] audit: type=1326 audit(1753884036.372:35636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  637.996502][   T29] audit: type=1326 audit(1753884036.372:35637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.020333][   T29] audit: type=1326 audit(1753884036.372:35638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.043994][   T29] audit: type=1326 audit(1753884036.372:35639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.067729][   T29] audit: type=1326 audit(1753884036.372:35640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.091389][   T29] audit: type=1326 audit(1753884036.372:35641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.115154][   T29] audit: type=1326 audit(1753884036.372:35642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f23a4ddd310 code=0x7ffc0000
[  638.138696][   T29] audit: type=1326 audit(1753884036.372:35643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1894 comm="syz.0.7265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a4dde9a9 code=0x7ffc0000
[  638.377862][ T1907] loop4: detected capacity change from 0 to 512
[  638.397938][ T1907] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.7268: bg 0: block 131: padding at end of block bitmap is not set
[  638.425991][ T1907] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  638.437186][ T1907] EXT4-fs (loop4): 1 truncate cleaned up
[  638.452197][ T1907] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  638.747983][ T1915] loop6: detected capacity change from 0 to 512
[  638.773903][ T1915] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7271: Failed to acquire dquot type 1
[  638.803860][ T1915] EXT4-fs (loop6): 1 truncate cleaned up
[  638.829168][ T1915] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  638.842614][ T1915] ext4 filesystem being mounted at /497/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  638.860848][ T1924] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7274'.
[  638.873915][ T1915] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7271: Failed to acquire dquot type 1
[  639.093199][ T1948] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  639.300019][ T1963] loop6: detected capacity change from 0 to 512
[  639.320854][ T1968] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7289'.
[  639.345732][ T1963] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7288: Failed to acquire dquot type 1
[  639.382867][ T1963] EXT4-fs (loop6): 1 truncate cleaned up
[  639.408239][ T1963] ext4 filesystem being mounted at /501/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  639.431716][ T1963] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7288: Failed to acquire dquot type 1
[  639.593504][ T1987] loop6: detected capacity change from 0 to 8192
[  639.603245][ T1993] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  639.611844][ T1987] syz.6.7297: attempt to access beyond end of device
[  639.611844][ T1987] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  639.630817][ T1992] loop4: detected capacity change from 0 to 8192
[  639.638488][ T1987] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  639.646466][ T1987] FAT-fs (loop6): Filesystem has been set read-only
[  639.653890][ T1987] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  639.662026][ T1987] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  639.671451][ T1992] syz.4.7299: attempt to access beyond end of device
[  639.671451][ T1992] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  639.688393][ T1992] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  639.696304][ T1992] FAT-fs (loop4): Filesystem has been set read-only
[  639.738943][ T1992] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  639.753847][ T1992] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  639.773758][ T1995] vhci_hcd: invalid port number 96
[  639.778947][ T1995] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  639.934953][ T2009] usb usb1: usbfs: interface 0 claimed by hub while 'syz.7.7307' sets config #0
[  639.977274][ T2009] FAULT_INJECTION: forcing a failure.
[  639.977274][ T2009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.990667][ T2009] CPU: 0 UID: 0 PID: 2009 Comm: syz.7.7307 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  639.990696][ T2009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  639.990709][ T2009] Call Trace:
[  639.990718][ T2009]  <TASK>
[  639.990729][ T2009]  __dump_stack+0x1d/0x30
[  639.990809][ T2009]  dump_stack_lvl+0xe8/0x140
[  639.990832][ T2009]  dump_stack+0x15/0x1b
[  639.990854][ T2009]  should_fail_ex+0x265/0x280
[  639.990957][ T2009]  should_fail+0xb/0x20
[  639.990984][ T2009]  should_fail_usercopy+0x1a/0x20
[  639.991022][ T2009]  _copy_from_user+0x1c/0xb0
[  639.991044][ T2009]  ___sys_sendmsg+0xc1/0x1d0
[  639.991159][ T2009]  __x64_sys_sendmsg+0xd4/0x160
[  639.991201][ T2009]  x64_sys_call+0x191e/0x2ff0
[  639.991274][ T2009]  do_syscall_64+0xd2/0x200
[  639.991319][ T2009]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  639.991348][ T2009]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  639.991377][ T2009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.991401][ T2009] RIP: 0033:0x7f9f1507e9a9
[  639.991416][ T2009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.991436][ T2009] RSP: 002b:00007f9f136df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  639.991456][ T2009] RAX: ffffffffffffffda RBX: 00007f9f152a5fa0 RCX: 00007f9f1507e9a9
[  639.991495][ T2009] RDX: 0000000020000000 RSI: 00002000000000c0 RDI: 0000000000000007
[  639.991513][ T2009] RBP: 00007f9f136df090 R08: 0000000000000000 R09: 0000000000000000
[  639.991529][ T2009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.991546][ T2009] R13: 0000000000000000 R14: 00007f9f152a5fa0 R15: 00007fffee498718
[  639.991565][ T2009]  </TASK>
[  640.465438][ T2019] loop6: detected capacity change from 0 to 8192
[  640.487095][ T2019] syz.6.7311: attempt to access beyond end of device
[  640.487095][ T2019] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  640.522295][ T2019] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  640.530214][ T2019] FAT-fs (loop6): Filesystem has been set read-only
[  640.551382][ T2019] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  640.571810][ T2019] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  640.636438][ T2026] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  640.917145][ T2039] loop0: detected capacity change from 0 to 764
[  640.932050][ T2039] rock: directory entry would overflow storage
[  640.938377][ T2039] rock: sig=0x4654, size=5, remaining=4
[  640.977996][ T2039] random: crng reseeded on system resumption
[  640.987802][ T2046] loop7: detected capacity change from 0 to 512
[  640.997652][ T2039] Restarting kernel threads ...
[  641.005326][ T2039] Done restarting kernel threads.
[  641.044829][ T2046] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7321: Failed to acquire dquot type 1
[  641.066782][ T2046] EXT4-fs (loop7): 1 truncate cleaned up
[  641.073382][ T2046] ext4 filesystem being mounted at /281/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  641.108545][ T2056] loop6: detected capacity change from 0 to 764
[  641.131514][ T2056] rock: directory entry would overflow storage
[  641.137833][ T2056] rock: sig=0x4654, size=5, remaining=4
[  641.329512][ T2067] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7321: Failed to acquire dquot type 1
[  641.825017][ T2084] __nla_validate_parse: 6 callbacks suppressed
[  641.825034][ T2084] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7334'.
[  642.191472][ T2093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  642.210418][ T2093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  642.289534][ T2097] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  642.624170][ T2112] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7346'.
[  642.633263][ T2112] tipc: Enabled bearer <ib:vlan0>, priority 10
[  642.854120][ T2132] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7352'.
[  642.895186][ T2137] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  642.921349][ T2138] loop0: detected capacity change from 0 to 128
[  642.951366][ T2138] ext4 filesystem being mounted at /385/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  643.082981][ T2144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.121987][ T2144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.175974][ T2143] loop6: detected capacity change from 0 to 8192
[  643.189780][ T2143] syz.6.7358: attempt to access beyond end of device
[  643.189780][ T2143] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  643.205347][ T2143] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  643.213327][ T2143] FAT-fs (loop6): Filesystem has been set read-only
[  643.230605][ T2143] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  643.251995][ T2143] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  643.310751][ T2154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.331061][ T2154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.708918][   T29] kauditd_printk_skb: 462 callbacks suppressed
[  643.708937][   T29] audit: type=1326 audit(1753884042.132:36094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.748522][   T29] audit: type=1326 audit(1753884042.132:36095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.772359][   T29] audit: type=1326 audit(1753884042.132:36096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.795996][   T29] audit: type=1326 audit(1753884042.132:36097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.819604][   T29] audit: type=1326 audit(1753884042.132:36098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.843333][   T29] audit: type=1326 audit(1753884042.132:36099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.866842][   T29] audit: type=1326 audit(1753884042.132:36100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.890414][   T29] audit: type=1326 audit(1753884042.132:36101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.913950][   T29] audit: type=1326 audit(1753884042.132:36102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.937540][   T29] audit: type=1326 audit(1753884042.132:36103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2173 comm="syz.4.7369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  643.992901][ T2181] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7372'.
[  644.030557][ T2181] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7372'.
[  644.132096][ T2187] loop6: detected capacity change from 0 to 2048
[  644.183472][ T2191] SELinux: ebitmap: truncated map
[  644.191605][ T2191] SELinux: failed to load policy
[  644.204186][ T2187]  loop6: p1 < > p4
[  644.215713][ T2187] loop6: p4 size 8388608 extends beyond EOD, truncated
[  644.288321][ T2179] loop5: detected capacity change from 0 to 32768
[  644.316443][ T2198] FAULT_INJECTION: forcing a failure.
[  644.316443][ T2198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  644.329609][ T2198] CPU: 1 UID: 0 PID: 2198 Comm: syz.4.7379 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  644.329707][ T2198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  644.329724][ T2198] Call Trace:
[  644.329731][ T2198]  <TASK>
[  644.329739][ T2198]  __dump_stack+0x1d/0x30
[  644.329761][ T2198]  dump_stack_lvl+0xe8/0x140
[  644.329859][ T2198]  dump_stack+0x15/0x1b
[  644.329880][ T2198]  should_fail_ex+0x265/0x280
[  644.329930][ T2198]  should_fail+0xb/0x20
[  644.329959][ T2198]  should_fail_usercopy+0x1a/0x20
[  644.329989][ T2198]  _copy_from_user+0x1c/0xb0
[  644.330018][ T2198]  ___sys_sendmsg+0xc1/0x1d0
[  644.330127][ T2198]  __x64_sys_sendmsg+0xd4/0x160
[  644.330203][ T2198]  x64_sys_call+0x191e/0x2ff0
[  644.330226][ T2198]  do_syscall_64+0xd2/0x200
[  644.330264][ T2198]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  644.330358][ T2198]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  644.330389][ T2198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.330412][ T2198] RIP: 0033:0x7f4c26c7e9a9
[  644.330429][ T2198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.330465][ T2198] RSP: 002b:00007f4c252e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  644.330485][ T2198] RAX: ffffffffffffffda RBX: 00007f4c26ea5fa0 RCX: 00007f4c26c7e9a9
[  644.330498][ T2198] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  644.330557][ T2198] RBP: 00007f4c252e7090 R08: 0000000000000000 R09: 0000000000000000
[  644.330571][ T2198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  644.330584][ T2198] R13: 0000000000000000 R14: 00007f4c26ea5fa0 R15: 00007ffd5e32de28
[  644.330603][ T2198]  </TASK>
[  644.715723][ T2216] loop5: detected capacity change from 0 to 512
[  644.760132][ T2216] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  644.914187][ T2234] SELinux: ebitmap: truncated map
[  644.935782][ T2234] SELinux: failed to load policy
[  644.949735][ T2239] FAULT_INJECTION: forcing a failure.
[  644.949735][ T2239] name failslab, interval 1, probability 0, space 0, times 0
[  644.962519][ T2239] CPU: 1 UID: 0 PID: 2239 Comm: syz.7.7393 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  644.962554][ T2239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  644.962619][ T2239] Call Trace:
[  644.962629][ T2239]  <TASK>
[  644.962638][ T2239]  __dump_stack+0x1d/0x30
[  644.962664][ T2239]  dump_stack_lvl+0xe8/0x140
[  644.962690][ T2239]  dump_stack+0x15/0x1b
[  644.962710][ T2239]  should_fail_ex+0x265/0x280
[  644.962792][ T2239]  ? ftrace_profile_set_filter+0x96/0x190
[  644.962823][ T2239]  should_failslab+0x8c/0xb0
[  644.962855][ T2239]  __kmalloc_cache_noprof+0x4c/0x320
[  644.962896][ T2239]  ftrace_profile_set_filter+0x96/0x190
[  644.962954][ T2239]  perf_ioctl+0x7b3/0x12e0
[  644.962991][ T2239]  ? ioctl_has_perm+0x289/0x2a0
[  644.963074][ T2239]  ? do_vfs_ioctl+0x866/0xe10
[  644.963117][ T2239]  ? selinux_file_ioctl+0x308/0x3a0
[  644.963150][ T2239]  ? __fget_files+0x184/0x1c0
[  644.963174][ T2239]  ? __pfx_perf_ioctl+0x10/0x10
[  644.963270][ T2239]  __se_sys_ioctl+0xce/0x140
[  644.963332][ T2239]  __x64_sys_ioctl+0x43/0x50
[  644.963370][ T2239]  x64_sys_call+0x1816/0x2ff0
[  644.963397][ T2239]  do_syscall_64+0xd2/0x200
[  644.963455][ T2239]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  644.963490][ T2239]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  644.963524][ T2239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.963550][ T2239] RIP: 0033:0x7f9f1507e9a9
[  644.963570][ T2239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.963626][ T2239] RSP: 002b:00007f9f136be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  644.963652][ T2239] RAX: ffffffffffffffda RBX: 00007f9f152a6080 RCX: 00007f9f1507e9a9
[  644.963698][ T2239] RDX: 00002000000001c0 RSI: 0000000040082406 RDI: 0000000000000006
[  644.963715][ T2239] RBP: 00007f9f136be090 R08: 0000000000000000 R09: 0000000000000000
[  644.963730][ T2239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  644.963746][ T2239] R13: 0000000000000000 R14: 00007f9f152a6080 R15: 00007fffee498718
[  644.963770][ T2239]  </TASK>
[  645.176960][ T2238] loop0: detected capacity change from 0 to 8192
[  645.185775][ T2238] syz.0.7395: attempt to access beyond end of device
[  645.185775][ T2238] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  645.200894][ T2238] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  645.208907][ T2238] FAT-fs (loop0): Filesystem has been set read-only
[  645.231744][ T2238] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  645.240828][ T2238] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  645.385796][ T2252] loop7: detected capacity change from 0 to 512
[  645.406905][ T2252] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7400: Failed to acquire dquot type 1
[  645.423889][ T2252] EXT4-fs (loop7): 1 truncate cleaned up
[  645.430723][ T2252] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  645.476160][ T2262] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7405'.
[  645.572205][ T2269] loop5: detected capacity change from 0 to 512
[  645.590242][ T2269] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.7407: casefold flag without casefold feature
[  645.616863][ T2252] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7400: Failed to acquire dquot type 1
[  645.633675][ T2269] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.7407: couldn't read orphan inode 15 (err -117)
[  645.654486][ T2273] FAULT_INJECTION: forcing a failure.
[  645.654486][ T2273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.667625][ T2273] CPU: 0 UID: 0 PID: 2273 Comm: syz.6.7408 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  645.667652][ T2273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  645.667664][ T2273] Call Trace:
[  645.667687][ T2273]  <TASK>
[  645.667694][ T2273]  __dump_stack+0x1d/0x30
[  645.667713][ T2273]  dump_stack_lvl+0xe8/0x140
[  645.667731][ T2273]  dump_stack+0x15/0x1b
[  645.667824][ T2273]  should_fail_ex+0x265/0x280
[  645.667863][ T2273]  should_fail+0xb/0x20
[  645.667886][ T2273]  should_fail_usercopy+0x1a/0x20
[  645.667980][ T2273]  _copy_to_user+0x20/0xa0
[  645.668061][ T2273]  simple_read_from_buffer+0xb5/0x130
[  645.668143][ T2273]  proc_fail_nth_read+0x10e/0x150
[  645.668191][ T2273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  645.668213][ T2273]  vfs_read+0x19d/0x6f0
[  645.668230][ T2273]  ? __rcu_read_unlock+0x4f/0x70
[  645.668251][ T2273]  ? __fget_files+0x184/0x1c0
[  645.668274][ T2273]  ksys_read+0xda/0x1a0
[  645.668327][ T2273]  __x64_sys_read+0x40/0x50
[  645.668345][ T2273]  x64_sys_call+0x27bc/0x2ff0
[  645.668412][ T2273]  do_syscall_64+0xd2/0x200
[  645.668441][ T2273]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  645.668464][ T2273]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  645.668613][ T2273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.668676][ T2273] RIP: 0033:0x7f8da696d3bc
[  645.668689][ T2273] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  645.668706][ T2273] RSP: 002b:00007f8da4fd7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  645.668723][ T2273] RAX: ffffffffffffffda RBX: 00007f8da6b95fa0 RCX: 00007f8da696d3bc
[  645.668806][ T2273] RDX: 000000000000000f RSI: 00007f8da4fd70a0 RDI: 0000000000000003
[  645.668817][ T2273] RBP: 00007f8da4fd7090 R08: 0000000000000000 R09: 0000000000000000
[  645.668828][ T2273] R10: 0000000002010042 R11: 0000000000000246 R12: 0000000000000001
[  645.668839][ T2273] R13: 0000000000000001 R14: 00007f8da6b95fa0 R15: 00007fff06a1b838
[  645.668856][ T2273]  </TASK>
[  645.917461][ T2279] syzkaller1: entered promiscuous mode
[  645.923056][ T2279] syzkaller1: entered allmulticast mode
[  646.122464][ T2298] tipc: Enabling of bearer <udp:� > rejected, already enabled
[  646.341879][ T2304] netlink: 96 bytes leftover after parsing attributes in process `syz.4.7419'.
[  646.386924][ T2306] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7421'.
[  646.596600][ T2318] Invalid logical block size (67108864)
[  646.705114][ T2323] loop4: detected capacity change from 0 to 2048
[  646.732693][ T2323]  loop4: p1 < > p4
[  646.737190][ T2323] loop4: p4 size 8388608 extends beyond EOD, truncated
[  646.834273][ T2330] loop5: detected capacity change from 0 to 764
[  646.841462][ T2330] rock: directory entry would overflow storage
[  646.847733][ T2330] rock: sig=0x4654, size=5, remaining=4
[  646.872998][ T2330] random: crng reseeded on system resumption
[  646.889278][ T2330] Restarting kernel threads ...
[  646.894619][ T2330] Done restarting kernel threads.
[  646.909198][ T2332] syzkaller1: entered promiscuous mode
[  646.914856][ T2332] syzkaller1: entered allmulticast mode
[  646.996103][ T2341] loop4: detected capacity change from 0 to 512
[  647.006007][ T2342] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7433'.
[  647.034517][ T2341] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7432: Failed to acquire dquot type 1
[  647.046861][ T2341] EXT4-fs (loop4): 1 truncate cleaned up
[  647.053283][ T2341] EXT4-fs mount: 14 callbacks suppressed
[  647.053302][ T2341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  647.095584][ T2341] ext4 filesystem being mounted at /372/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  647.227975][ T2359] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7432: Failed to acquire dquot type 1
[  647.321369][ T2361] loop7: detected capacity change from 0 to 2048
[  647.383364][ T2361]  loop7: p1 < > p4
[  647.392283][ T2361] loop7: p4 size 8388608 extends beyond EOD, truncated
[  647.473475][ T2367] FAULT_INJECTION: forcing a failure.
[  647.473475][ T2367] name failslab, interval 1, probability 0, space 0, times 0
[  647.486342][ T2367] CPU: 0 UID: 0 PID: 2367 Comm: syz.7.7441 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  647.486379][ T2367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.486464][ T2367] Call Trace:
[  647.486474][ T2367]  <TASK>
[  647.486485][ T2367]  __dump_stack+0x1d/0x30
[  647.486506][ T2367]  dump_stack_lvl+0xe8/0x140
[  647.486526][ T2367]  dump_stack+0x15/0x1b
[  647.486547][ T2367]  should_fail_ex+0x265/0x280
[  647.486612][ T2367]  should_failslab+0x8c/0xb0
[  647.486711][ T2367]  __kmalloc_noprof+0xa5/0x3e0
[  647.486749][ T2367]  ? bpf_test_init+0xa9/0x160
[  647.486858][ T2367]  bpf_test_init+0xa9/0x160
[  647.486895][ T2367]  bpf_prog_test_run_xdp+0x274/0x910
[  647.486932][ T2367]  ? kstrtouint+0x76/0xc0
[  647.486978][ T2367]  ? __rcu_read_unlock+0x4f/0x70
[  647.487016][ T2367]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  647.487056][ T2367]  bpf_prog_test_run+0x22a/0x390
[  647.487116][ T2367]  __sys_bpf+0x3dc/0x790
[  647.487151][ T2367]  __x64_sys_bpf+0x41/0x50
[  647.487183][ T2367]  x64_sys_call+0x2aea/0x2ff0
[  647.487270][ T2367]  do_syscall_64+0xd2/0x200
[  647.487307][ T2367]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  647.487341][ T2367]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  647.487399][ T2367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.487429][ T2367] RIP: 0033:0x7f9f1507e9a9
[  647.487449][ T2367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.487469][ T2367] RSP: 002b:00007f9f136df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  647.487490][ T2367] RAX: ffffffffffffffda RBX: 00007f9f152a5fa0 RCX: 00007f9f1507e9a9
[  647.487506][ T2367] RDX: 0000000000000050 RSI: 0000200000000300 RDI: 000000000000000a
[  647.487522][ T2367] RBP: 00007f9f136df090 R08: 0000000000000000 R09: 0000000000000000
[  647.487596][ T2367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.487612][ T2367] R13: 0000000000000000 R14: 00007f9f152a5fa0 R15: 00007fffee498718
[  647.487637][ T2367]  </TASK>
[  647.734181][ T2373] syzkaller1: entered promiscuous mode
[  647.739830][ T2373] syzkaller1: entered allmulticast mode
[  647.804312][ T2375] loop0: detected capacity change from 0 to 8192
[  647.813449][ T2375] syz.0.7444: attempt to access beyond end of device
[  647.813449][ T2375] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  647.845251][ T2375] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  647.853316][ T2375] FAT-fs (loop0): Filesystem has been set read-only
[  647.870274][ T2375] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  647.879888][ T2375] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  647.932192][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  648.130315][ T2395] loop4: detected capacity change from 0 to 512
[  648.144910][ T2395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  648.161531][ T2395] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  648.249249][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  648.315930][ T2416] netlink: 'syz.7.7462': attribute type 1 has an invalid length.
[  648.323921][ T2416] netlink: 224 bytes leftover after parsing attributes in process `syz.7.7462'.
[  648.377225][ T2424] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7464'.
[  648.430868][ T2426] loop0: detected capacity change from 0 to 764
[  648.450710][ T2424] loop9: detected capacity change from 0 to 7
[  648.475225][ T2424] Buffer I/O error on dev loop9, logical block 0, async page read
[  648.487668][ T2426] rock: directory entry would overflow storage
[  648.494075][ T2426] rock: sig=0x4654, size=5, remaining=4
[  648.499948][ T2430] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7467'.
[  648.519040][ T2424] Buffer I/O error on dev loop9, logical block 0, async page read
[  648.527005][ T2424]  loop9: unable to read partition table
[  648.533914][ T2426] random: crng reseeded on system resumption
[  648.538403][ T2424] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  648.538403][ T2424] 
) failed (rc=-5)
[  648.555775][ T2426] Restarting kernel threads ...
[  648.562057][ T2426] Done restarting kernel threads.
[  648.765045][ T2451] loop5: detected capacity change from 0 to 512
[  648.772146][ T2451] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  648.787999][ T2451] EXT4-fs (loop5): 1 truncate cleaned up
[  648.794607][ T2451] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  648.854875][ T2400] x_tables: duplicate underflow at hook 3
[  648.875545][   T29] kauditd_printk_skb: 612 callbacks suppressed
[  648.875565][   T29] audit: type=1326 audit(1753884047.302:36706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  648.926398][   T29] audit: type=1326 audit(1753884047.302:36707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  648.950403][   T29] audit: type=1326 audit(1753884047.302:36708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  648.974100][   T29] audit: type=1326 audit(1753884047.302:36709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  648.998010][   T29] audit: type=1326 audit(1753884047.302:36710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.021586][   T29] audit: type=1326 audit(1753884047.302:36711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.045117][   T29] audit: type=1326 audit(1753884047.302:36712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.068911][   T29] audit: type=1326 audit(1753884047.302:36713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.092655][   T29] audit: type=1326 audit(1753884047.302:36714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.116191][   T29] audit: type=1326 audit(1753884047.302:36715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2458 comm="syz.6.7480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8da696e9a9 code=0x7ffc0000
[  649.173180][ T2468] syzkaller1: entered promiscuous mode
[  649.173680][ T2470] FAULT_INJECTION: forcing a failure.
[  649.173680][ T2470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  649.178825][ T2468] syzkaller1: entered allmulticast mode
[  649.191920][ T2470] CPU: 1 UID: 0 PID: 2470 Comm: syz.6.7483 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  649.191960][ T2470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.191978][ T2470] Call Trace:
[  649.191989][ T2470]  <TASK>
[  649.192001][ T2470]  __dump_stack+0x1d/0x30
[  649.192109][ T2470]  dump_stack_lvl+0xe8/0x140
[  649.192137][ T2470]  dump_stack+0x15/0x1b
[  649.192226][ T2470]  should_fail_ex+0x265/0x280
[  649.192324][ T2470]  should_fail+0xb/0x20
[  649.192361][ T2470]  should_fail_usercopy+0x1a/0x20
[  649.192434][ T2470]  _copy_from_user+0x1c/0xb0
[  649.192479][ T2470]  __sys_bpf+0x178/0x790
[  649.192514][ T2470]  __x64_sys_bpf+0x41/0x50
[  649.192559][ T2470]  x64_sys_call+0x2aea/0x2ff0
[  649.192640][ T2470]  do_syscall_64+0xd2/0x200
[  649.192689][ T2470]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  649.192739][ T2470]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  649.192837][ T2470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.192867][ T2470] RIP: 0033:0x7f8da696e9a9
[  649.192889][ T2470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.192917][ T2470] RSP: 002b:00007f8da4fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  649.192944][ T2470] RAX: ffffffffffffffda RBX: 00007f8da6b95fa0 RCX: 00007f8da696e9a9
[  649.193026][ T2470] RDX: 000000000000000c RSI: 0000200000000140 RDI: 000000000000000e
[  649.193045][ T2470] RBP: 00007f8da4fd7090 R08: 0000000000000000 R09: 0000000000000000
[  649.193063][ T2470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  649.193081][ T2470] R13: 0000000000000000 R14: 00007f8da6b95fa0 R15: 00007fff06a1b838
[  649.193108][ T2470]  </TASK>
[  649.419256][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  649.810279][ T2488] loop0: detected capacity change from 0 to 1024
[  649.830591][ T2462] loop7: detected capacity change from 0 to 1024
[  649.837484][ T2488] EXT4-fs: Ignoring removed oldalloc option
[  649.852704][ T2488] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  649.884217][ T2462] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  649.903551][ T2488] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  649.917093][ T2462] ext4 filesystem being mounted at /308/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  649.952568][ T2488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7491'.
[  649.973227][ T2488] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  649.980686][ T2488] batman_adv: batadv0: Removing interface: batadv_slave_0
[  650.013936][ T2499] netlink: 'syz.4.7494': attribute type 10 has an invalid length.
[  650.021825][ T2499] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7494'.
[  650.034653][ T2488] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  650.042143][ T2488] batman_adv: batadv0: Removing interface: batadv_slave_1
[  650.074292][ T2470] loop6: detected capacity change from 0 to 1024
[  650.084127][ T2473] loop5: detected capacity change from 0 to 1024
[  650.095609][ T2473] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  650.108453][ T2470] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  650.122002][ T2473] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  650.133615][ T2470] ext4 filesystem being mounted at /540/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  650.190314][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.335103][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.364319][ T2516] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.381909][ T2516] loop0: detected capacity change from 0 to 128
[  650.402109][ T2516] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  650.424033][ T2516] ext4 filesystem being mounted at /430/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  650.439014][ T2516] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  650.456978][ T2525] loop4: detected capacity change from 0 to 512
[  650.514435][ T2525] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7500: Failed to acquire dquot type 1
[  650.566067][ T2525] EXT4-fs (loop4): 1 truncate cleaned up
[  650.572875][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.592591][ T2525] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  650.608510][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  650.617630][ T2525] ext4 filesystem being mounted at /393/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  650.640587][ T2536] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7506'.
[  650.677769][ T2538] netlink: 'syz.0.7508': attribute type 10 has an invalid length.
[  650.685769][ T2538] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7508'.
[  650.711791][ T2543] loop6: detected capacity change from 0 to 512
[  650.763129][ T2543] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7507: Failed to acquire dquot type 1
[  650.797978][ T2543] EXT4-fs (loop6): 1 truncate cleaned up
[  650.815439][ T2542] loop5: detected capacity change from 0 to 8192
[  650.833140][ T2543] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  650.845824][ T2547] loop7: detected capacity change from 0 to 2048
[  650.862406][ T2543] ext4 filesystem being mounted at /541/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  650.863936][ T2542] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  650.888915][ T2525] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7500: Failed to acquire dquot type 1
[  650.893412][ T2543] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7507: Failed to acquire dquot type 1
[  650.924784][ T2547]  loop7: p1 < > p4
[  650.929177][ T2547] loop7: p4 size 8388608 extends beyond EOD, truncated
[  650.975608][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.144047][ T2568] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7518'.
[  651.165490][ T2568] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7518'.
[  651.297623][ T2222] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  651.457480][ T2580] loop6: detected capacity change from 0 to 512
[  651.514665][ T2580] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7523: Failed to acquire dquot type 1
[  651.531575][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.573121][ T2580] EXT4-fs (loop6): 1 truncate cleaned up
[  651.579311][ T2580] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  651.595526][ T2580] ext4 filesystem being mounted at /546/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  651.608198][ T2580] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7523: Failed to acquire dquot type 1
[  651.633945][ T2588] syzkaller1: entered promiscuous mode
[  651.639535][ T2588] syzkaller1: entered allmulticast mode
[  651.660394][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.816286][ T2607] loop9: detected capacity change from 0 to 7
[  651.822795][ T2607] Buffer I/O error on dev loop9, logical block 0, async page read
[  651.830815][ T2607] Buffer I/O error on dev loop9, logical block 0, async page read
[  651.838786][ T2607]  loop9: unable to read partition table
[  651.846272][ T2607] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  651.846272][ T2607] 
) failed (rc=-5)
[  651.881528][ T2609] loop4: detected capacity change from 0 to 764
[  651.895069][ T2609] rock: directory entry would overflow storage
[  651.901301][ T2609] rock: sig=0x4654, size=5, remaining=4
[  651.912632][ T2609] random: crng reseeded on system resumption
[  651.931887][ T2609] Restarting kernel threads ...
[  651.937679][ T2609] Done restarting kernel threads.
[  651.960387][ T2614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.969045][ T2614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  652.240647][ T2631] loop4: detected capacity change from 0 to 8192
[  652.249634][ T2631] syz.4.7543: attempt to access beyond end of device
[  652.249634][ T2631] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  652.263968][ T2631] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  652.272015][ T2631] FAT-fs (loop4): Filesystem has been set read-only
[  652.279325][ T2631] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  652.288735][ T2631] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  652.448453][ T2643] tipc: New replicast peer: 255.255.255.83
[  652.454424][ T2643] tipc: Enabled bearer <udp:�>, priority 10
[  652.575939][ T2652] loop0: detected capacity change from 0 to 2048
[  652.593794][ T2654] loop4: detected capacity change from 0 to 764
[  652.603061][ T2654] rock: directory entry would overflow storage
[  652.603380][ T2652]  loop0: p1 < > p4
[  652.609286][ T2654] rock: sig=0x4654, size=5, remaining=4
[  652.621507][ T2656] __nla_validate_parse: 1 callbacks suppressed
[  652.621603][ T2656] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7551'.
[  652.621659][ T2654] random: crng reseeded on system resumption
[  652.628161][ T2652] loop0: p4 size 8388608 extends beyond EOD, truncated
[  652.647186][ T2654] Restarting kernel threads ...
[  652.655189][ T2654] Done restarting kernel threads.
[  652.667395][ T2656] loop9: detected capacity change from 0 to 7
[  652.676130][ T2656] Buffer I/O error on dev loop9, logical block 0, async page read
[  652.684132][ T2656] Buffer I/O error on dev loop9, logical block 0, async page read
[  652.691986][ T2656]  loop9: unable to read partition table
[  652.697764][ T2656] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  652.697764][ T2656] 
) failed (rc=-5)
[  652.762738][ T2664] syzkaller1: entered promiscuous mode
[  652.768414][ T2664] syzkaller1: entered allmulticast mode
[  652.873143][ T2669] loop4: detected capacity change from 0 to 764
[  652.896217][ T2669] rock: directory entry would overflow storage
[  652.902551][ T2669] rock: sig=0x4654, size=5, remaining=4
[  652.917092][ T2669] random: crng reseeded on system resumption
[  652.935150][ T2669] Restarting kernel threads ...
[  652.951644][ T2669] Done restarting kernel threads.
[  652.988069][ T2679] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7559'.
[  653.161272][ T2699] loop7: detected capacity change from 0 to 512
[  653.186436][ T2701] loop4: detected capacity change from 0 to 2048
[  653.186555][ T2699] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7564: Failed to acquire dquot type 1
[  653.209181][ T2699] EXT4-fs (loop7): 1 truncate cleaned up
[  653.216547][ T2699] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.229432][ T2699] ext4 filesystem being mounted at /320/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  653.244420][ T2699] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7564: Failed to acquire dquot type 1
[  653.256503][ T2701]  loop4: p1 < > p4
[  653.261954][ T2701] loop4: p4 size 8388608 extends beyond EOD, truncated
[  653.273870][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  653.336729][ T2717] loop4: detected capacity change from 0 to 512
[  653.355003][ T2717] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7569: Failed to acquire dquot type 1
[  653.372877][ T2717] EXT4-fs (loop4): 1 truncate cleaned up
[  653.382889][ T2717] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.395862][ T2723] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7572'.
[  653.401932][ T2717] ext4 filesystem being mounted at /409/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  653.423349][ T2717] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7569: Failed to acquire dquot type 1
[  653.452061][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  653.520567][ T2736] loop4: detected capacity change from 0 to 8192
[  653.536068][ T2736] syz.4.7576: attempt to access beyond end of device
[  653.536068][ T2736] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  653.613652][ T2736] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  653.621586][ T2736] FAT-fs (loop4): Filesystem has been set read-only
[  653.635062][ T2736] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  653.641454][ T2746] loop7: detected capacity change from 0 to 512
[  653.649117][ T2736] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[  653.659886][ T2747] tipc: Bearer <udp:�>: already 2 bearers with priority 10
[  653.667322][ T2747] tipc: Bearer <udp:�>: trying with adjusted priority
[  653.673830][ T2746] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7580: Failed to acquire dquot type 1
[  653.675749][ T2747] tipc: New replicast peer: 255.255.255.83
[  653.691573][ T2747] tipc: Enabled bearer <udp:�>, priority 9
[  653.703032][ T2746] EXT4-fs (loop7): 1 truncate cleaned up
[  653.719846][ T2746] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.733158][ T2746] ext4 filesystem being mounted at /325/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  653.754446][ T2746] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7580: Failed to acquire dquot type 1
[  653.779406][ T2753] loop4: detected capacity change from 0 to 2048
[  653.804643][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  653.834998][ T2757] netlink: 'syz.6.7584': attribute type 21 has an invalid length.
[  653.843048][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.851969][ T2757] netlink: 'syz.6.7584': attribute type 1 has an invalid length.
[  653.859899][ T2757] netlink: 144 bytes leftover after parsing attributes in process `syz.6.7584'.
[  653.873039][ T2753]  loop4: p1 < > p4
[  653.881352][ T2753] loop4: p4 size 8388608 extends beyond EOD, truncated
[  653.893859][ T2757] loop6: detected capacity change from 0 to 2048
[  653.925176][ T2757] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842e01c, mo2=0082]
[  653.936754][ T2757] System zones: 0-7
[  653.946354][ T2757] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  653.963675][ T2765] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7585'.
[  653.975712][ T2765] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7585'.
[  654.029893][ T2769] loop4: detected capacity change from 0 to 764
[  654.041986][ T2769] rock: directory entry would overflow storage
[  654.048353][ T2769] rock: sig=0x4654, size=5, remaining=4
[  654.065189][ T2771] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7588'.
[  654.077416][ T2769] random: crng reseeded on system resumption
[  654.089363][ T2769] Restarting kernel threads ...
[  654.096331][ T2769] Done restarting kernel threads.
[  654.141418][ T2777] loop0: detected capacity change from 0 to 512
[  654.148399][ T2777] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  654.161118][ T2777] EXT4-fs (loop0): 1 truncate cleaned up
[  654.168226][ T2777] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  654.215887][ T2744] x_tables: duplicate underflow at hook 3
[  654.342966][ T2794] netlink: 32 bytes leftover after parsing attributes in process `syz.5.7593'.
[  654.405516][ T2798] loop7: detected capacity change from 0 to 2048
[  654.467008][ T2798]  loop7: p1 < > p4
[  654.480824][ T2798] loop7: p4 size 8388608 extends beyond EOD, truncated
[  654.491860][ T2806] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7598'.
[  654.502061][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.513292][   T29] kauditd_printk_skb: 803 callbacks suppressed
[  654.513312][   T29] audit: type=1326 audit(1753884052.932:37495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.516291][ T2806] loop9: detected capacity change from 0 to 7
[  654.519581][   T29] audit: type=1326 audit(1753884052.932:37496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.543684][ T2806] Buffer I/O error on dev loop9, logical block 0, async page read
[  654.549255][   T29] audit: type=1326 audit(1753884052.932:37497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.604355][   T29] audit: type=1326 audit(1753884052.932:37498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.604896][ T2806] Buffer I/O error on dev loop9, logical block 0, async page read
[  654.627960][   T29] audit: type=1326 audit(1753884052.932:37499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.635790][ T2806]  loop9: unable to read partition table
[  654.639990][ T2806] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  654.639990][ T2806] 
) failed (rc=-5)
[  654.659350][   T29] audit: type=1326 audit(1753884052.932:37500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.702174][   T29] audit: type=1326 audit(1753884052.932:37501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.725900][   T29] audit: type=1326 audit(1753884052.932:37502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.749628][   T29] audit: type=1326 audit(1753884052.932:37503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.759548][ T2816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7600'.
[  654.773194][   T29] audit: type=1326 audit(1753884052.932:37504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2807 comm="syz.4.7599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4c26c7e9a9 code=0x7ffc0000
[  654.806084][ T2819] loop4: detected capacity change from 0 to 512
[  654.843786][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.865193][ T2819] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7599: Failed to acquire dquot type 1
[  654.907851][ T2819] EXT4-fs (loop4): 1 truncate cleaned up
[  654.917549][ T2819] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  654.930662][ T2830] loop6: detected capacity change from 0 to 764
[  654.945304][ T2819] ext4 filesystem being mounted at /417/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  654.979094][ T2830] rock: directory entry would overflow storage
[  654.985460][ T2830] rock: sig=0x4654, size=5, remaining=4
[  655.014634][ T2830] random: crng reseeded on system resumption
[  655.038521][ T2819] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7599: Failed to acquire dquot type 1
[  655.064173][ T2830] Restarting kernel threads ...
[  655.070211][ T2830] Done restarting kernel threads.
[  655.124778][ T2843] loop7: detected capacity change from 0 to 512
[  655.146280][ T2843] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7606: Failed to acquire dquot type 1
[  655.165613][ T2843] EXT4-fs (loop7): 1 truncate cleaned up
[  655.171783][ T2843] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  655.185172][ T2843] ext4 filesystem being mounted at /333/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  655.308702][ T2854] loop5: detected capacity change from 0 to 2048
[  655.319169][ T2843] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7606: Failed to acquire dquot type 1
[  655.364820][ T2854]  loop5: p1 < > p4
[  655.378393][ T2854] loop5: p4 size 8388608 extends beyond EOD, truncated
[  655.389799][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  655.637223][ T2884] loop4: detected capacity change from 0 to 764
[  655.653398][ T2884] rock: directory entry would overflow storage
[  655.659719][ T2884] rock: sig=0x4654, size=5, remaining=4
[  655.682528][ T2884] random: crng reseeded on system resumption
[  655.688799][ T2706] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  655.717051][ T2884] Restarting kernel threads ...
[  655.728296][ T2884] Done restarting kernel threads.
[  655.831148][ T2897] loop0: detected capacity change from 0 to 512
[  655.838097][ T2897] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  655.854510][ T2898] tipc: New replicast peer: 255.255.255.83
[  655.860496][ T2898] tipc: Enabled bearer <udp:�>, priority 10
[  655.873330][ T2897] EXT4-fs (loop0): 1 truncate cleaned up
[  655.879510][ T2897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  655.961043][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  655.963591][ T2850] x_tables: duplicate underflow at hook 3
[  656.021794][ T2904] loop6: detected capacity change from 0 to 8192
[  656.030263][ T2904] syz.6.7628: attempt to access beyond end of device
[  656.030263][ T2904] loop6: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  656.049820][ T2904] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  656.057776][ T2904] FAT-fs (loop6): Filesystem has been set read-only
[  656.066583][ T2904] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  656.100358][ T2904] FAT-fs (loop6): error, invalid access to FAT (entry 0x0000e1b1)
[  656.266401][ T2930] loop5: detected capacity change from 0 to 764
[  656.274023][ T2930] rock: directory entry would overflow storage
[  656.280226][ T2930] rock: sig=0x4654, size=5, remaining=4
[  656.290699][ T2930] random: crng reseeded on system resumption
[  656.308136][ T2930] Restarting kernel threads ...
[  656.323986][ T2930] Done restarting kernel threads.
[  656.385090][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  656.410215][ T2940] loop0: detected capacity change from 0 to 512
[  656.417858][ T2941] tipc: New replicast peer: 255.255.255.83
[  656.420658][ T2940] EXT4-fs: Ignoring removed nomblk_io_submit option
[  656.424115][ T2941] tipc: Enabled bearer <udp:�>, priority 10
[  656.437116][ T2940] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  656.445209][ T2940] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  656.453852][ T2940] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80)
[  656.463997][ T2940] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features
[  656.473116][ T2940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  656.488586][ T2940] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.7642: dx entry: limit 65535 != root limit 120
[  656.500762][ T2940] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.7642: Corrupt directory, running e2fsck is recommended
[  656.538699][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  656.564218][ T2947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.564316][ T2948] 9pnet_fd: Insufficient options for proto=fd
[  656.573191][ T2947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.659738][ T2958] loop0: detected capacity change from 0 to 8192
[  656.671791][ T2958] syz.0.7648: attempt to access beyond end of device
[  656.671791][ T2958] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  656.686526][ T2958] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  656.694549][ T2958] FAT-fs (loop0): Filesystem has been set read-only
[  656.701924][ T2958] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  656.711901][ T2958] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[  656.755805][ T2968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.764612][ T2968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.923033][ T2976] loop7: detected capacity change from 0 to 764
[  656.930231][ T2976] rock: directory entry would overflow storage
[  656.936557][ T2976] rock: sig=0x4654, size=5, remaining=4
[  656.944992][ T2976] random: crng reseeded on system resumption
[  656.955552][ T2976] Restarting kernel threads ...
[  656.960599][ T2976] Done restarting kernel threads.
[  657.098442][ T2983] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  657.375517][ T3022] loop7: detected capacity change from 0 to 764
[  657.383628][ T3022] rock: directory entry would overflow storage
[  657.389883][ T3022] rock: sig=0x4654, size=5, remaining=4
[  657.406624][ T3022] random: crng reseeded on system resumption
[  657.425210][ T3022] Restarting kernel threads ...
[  657.438001][ T3022] Done restarting kernel threads.
[  657.519430][ T3037] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  657.738875][ T3055] __nla_validate_parse: 7 callbacks suppressed
[  657.738894][ T3055] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7678'.
[  657.806782][ T3057] netlink: 'syz.6.7679': attribute type 27 has an invalid length.
[  657.842658][ T3057] bridge0: port 3(dummy0) entered disabled state
[  657.849190][ T3057] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.856438][ T3057] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.868989][ T3058] loop6: detected capacity change from 0 to 512
[  657.922209][ T3057] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  657.935087][ T3057] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  657.954787][ T3063] loop7: detected capacity change from 0 to 8192
[  657.958927][ T3057] tipc: Resetting bearer <ib:vlan0>
[  657.964757][ T3063] syz.7.7681: attempt to access beyond end of device
[  657.964757][ T3063] loop7: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  657.980677][ T3063] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  657.988743][ T3063] FAT-fs (loop7): Filesystem has been set read-only
[  657.995943][ T3063] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  658.004163][ T3063] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1)
[  658.022415][ T3057] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  658.031474][ T3057] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  658.040689][ T3057] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  658.050187][ T3057] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  658.124345][ T3071] loop4: detected capacity change from 0 to 512
[  658.157545][ T3073] loop6: detected capacity change from 0 to 764
[  658.165644][ T3071] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7684: Failed to acquire dquot type 1
[  658.180827][ T3073] rock: directory entry would overflow storage
[  658.187119][ T3073] rock: sig=0x4654, size=5, remaining=4
[  658.203856][ T3071] EXT4-fs (loop4): 1 truncate cleaned up
[  658.213260][ T3071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  658.226277][ T3071] ext4 filesystem being mounted at /430/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  658.244692][ T3073] random: crng reseeded on system resumption
[  658.247635][ T3071] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7684: Failed to acquire dquot type 1
[  658.260558][ T3073] Restarting kernel threads ...
[  658.269530][ T3073] Done restarting kernel threads.
[  658.288581][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  658.361884][ T3096] syzkaller1: entered promiscuous mode
[  658.367470][ T3096] syzkaller1: entered allmulticast mode
[  658.421246][ T3105] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7693'.
[  658.439933][ T3105] loop9: detected capacity change from 0 to 7
[  658.457361][ T3105] Buffer I/O error on dev loop9, logical block 0, async page read
[  658.475584][ T3105] Buffer I/O error on dev loop9, logical block 0, async page read
[  658.483696][ T3105]  loop9: unable to read partition table
[  658.498425][ T3105] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  658.498425][ T3105] 
) failed (rc=-5)
[  658.610879][ T3121] loop6: detected capacity change from 0 to 512
[  658.649144][ T3121] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7699: Failed to acquire dquot type 1
[  658.684909][ T3121] EXT4-fs (loop6): 1 truncate cleaned up
[  658.690952][ T3121] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  658.703819][ T3121] ext4 filesystem being mounted at /584/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  658.722350][ T3121] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7699: Failed to acquire dquot type 1
[  658.784726][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  658.905160][ T3143] loop6: detected capacity change from 0 to 512
[  658.927274][ T3143] EXT4-fs: Ignoring removed nomblk_io_submit option
[  658.954929][ T3143] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  658.963095][ T3143] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  658.997533][ T3143] EXT4-fs (loop6): couldn't mount RDWR because of unsupported optional features (80)
[  659.007149][ T3143] EXT4-fs (loop6): Skipping orphan cleanup due to unknown ROCOMPAT features
[  659.060011][ T3143] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  659.107198][ T3143] EXT4-fs warning (device loop6): dx_probe:861: inode #2: comm syz.6.7705: dx entry: limit 65535 != root limit 120
[  659.110368][ T3150] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  659.119383][ T3143] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7705: Corrupt directory, running e2fsck is recommended
[  659.151225][ T3151] loop4: detected capacity change from 0 to 512
[  659.168771][ T3151] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  659.193302][ T3151] EXT4-fs (loop4): 1 truncate cleaned up
[  659.200466][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  659.215990][ T3151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  659.273558][ T3159] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7710'.
[  659.306476][ T3159] loop9: detected capacity change from 0 to 7
[  659.306615][ T3159] Buffer I/O error on dev loop9, logical block 0, async page read
[  659.336444][ T3164] loop0: detected capacity change from 0 to 512
[  659.339742][ T3159] Buffer I/O error on dev loop9, logical block 0, async page read
[  659.351207][ T3159]  loop9: unable to read partition table
[  659.357139][ T3159] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  659.357139][ T3159] 
) failed (rc=-5)
[  659.363497][ T3088] x_tables: duplicate underflow at hook 3
[  659.397848][ T3164] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7709: Failed to acquire dquot type 1
[  659.438742][ T3164] EXT4-fs (loop0): 1 truncate cleaned up
[  659.450731][ T3164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  659.505466][ T3164] ext4 filesystem being mounted at /459/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  659.696472][   T29] kauditd_printk_skb: 858 callbacks suppressed
[  659.696490][   T29] audit: type=1326 audit(1753884058.122:38345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.727353][   T29] audit: type=1326 audit(1753884058.122:38346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.779932][ T3180] tipc: Disabling bearer <ib:vlan0>
[  659.852348][   T29] audit: type=1326 audit(1753884058.182:38347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.876100][   T29] audit: type=1326 audit(1753884058.182:38348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.899738][   T29] audit: type=1326 audit(1753884058.182:38349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.923487][   T29] audit: type=1326 audit(1753884058.212:38350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.947121][   T29] audit: type=1326 audit(1753884058.212:38351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.970703][   T29] audit: type=1326 audit(1753884058.212:38352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  659.971853][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  659.994494][   T29] audit: type=1326 audit(1753884058.212:38353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  660.008432][ T3186] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7718'.
[  660.027209][   T29] audit: type=1326 audit(1753884058.212:38354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3177 comm="syz.7.7715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1507e9a9 code=0x7ffc0000
[  660.128390][ T3164] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.7709: Failed to acquire dquot type 1
[  660.191176][ T3186] loop9: detected capacity change from 0 to 7
[  660.208521][ T3186] Buffer I/O error on dev loop9, logical block 0, async page read
[  660.219286][ T3186] Buffer I/O error on dev loop9, logical block 0, async page read
[  660.227269][ T3186]  loop9: unable to read partition table
[  660.234041][ T3186] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  660.234041][ T3186] 
) failed (rc=-5)
[  660.272820][ T3202] random: crng reseeded on system resumption
[  660.325781][ T3210] loop6: detected capacity change from 0 to 764
[  660.334541][ T3210] rock: directory entry would overflow storage
[  660.340762][ T3210] rock: sig=0x4654, size=5, remaining=4
[  660.387586][ T3210] random: crng reseeded on system resumption
[  660.406974][ T3210] Restarting kernel threads ...
[  660.434630][ T3210] Done restarting kernel threads.
[  660.477066][T29984] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  660.580465][ T3221] bridge0: entered promiscuous mode
[  660.587090][ T3221] bridge0: port 4(macsec1) entered blocking state
[  660.593754][ T3221] bridge0: port 4(macsec1) entered disabled state
[  660.601376][ T3221] macsec1: entered allmulticast mode
[  660.606744][ T3221] bridge0: entered allmulticast mode
[  660.622497][ T3221] macsec1: left allmulticast mode
[  660.627623][ T3221] bridge0: left allmulticast mode
[  660.634105][ T3221] bridge0: left promiscuous mode
[  660.673672][ T3226] FAULT_INJECTION: forcing a failure.
[  660.673672][ T3226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  660.686809][ T3226] CPU: 1 UID: 0 PID: 3226 Comm: syz.6.7732 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  660.686836][ T3226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  660.686848][ T3226] Call Trace:
[  660.686853][ T3226]  <TASK>
[  660.686860][ T3226]  __dump_stack+0x1d/0x30
[  660.686879][ T3226]  dump_stack_lvl+0xe8/0x140
[  660.686940][ T3226]  dump_stack+0x15/0x1b
[  660.686955][ T3226]  should_fail_ex+0x265/0x280
[  660.686988][ T3226]  should_fail+0xb/0x20
[  660.687075][ T3226]  should_fail_usercopy+0x1a/0x20
[  660.687120][ T3226]  _copy_from_user+0x1c/0xb0
[  660.687141][ T3226]  __copy_msghdr+0x244/0x300
[  660.687226][ T3226]  ___sys_sendmsg+0x109/0x1d0
[  660.687266][ T3226]  __sys_sendmmsg+0x178/0x300
[  660.687309][ T3226]  __x64_sys_sendmmsg+0x57/0x70
[  660.687390][ T3226]  x64_sys_call+0x1c4a/0x2ff0
[  660.687410][ T3226]  do_syscall_64+0xd2/0x200
[  660.687472][ T3226]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  660.687546][ T3226]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  660.687572][ T3226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.687592][ T3226] RIP: 0033:0x7f8da696e9a9
[  660.687606][ T3226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.687622][ T3226] RSP: 002b:00007f8da4fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  660.687639][ T3226] RAX: ffffffffffffffda RBX: 00007f8da6b95fa0 RCX: 00007f8da696e9a9
[  660.687681][ T3226] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000003
[  660.687693][ T3226] RBP: 00007f8da4fd7090 R08: 0000000000000000 R09: 0000000000000000
[  660.687704][ T3226] R10: 0000000004000084 R11: 0000000000000246 R12: 0000000000000001
[  660.687715][ T3226] R13: 0000000000000000 R14: 00007f8da6b95fa0 R15: 00007fff06a1b838
[  660.687733][ T3226]  </TASK>
[  661.054421][ T3237] loop6: detected capacity change from 0 to 512
[  661.073901][ T3237] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7735: Failed to acquire dquot type 1
[  661.085919][ T3237] EXT4-fs (loop6): 1 truncate cleaned up
[  661.092313][ T3237] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  661.108682][ T3237] ext4 filesystem being mounted at /599/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  661.126009][ T3237] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7735: Failed to acquire dquot type 1
[  661.173634][T27080] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.278415][ T3247] loop7: detected capacity change from 0 to 512
[  661.315643][ T3247] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7738: Failed to acquire dquot type 1
[  661.335814][ T3247] EXT4-fs (loop7): 1 truncate cleaned up
[  661.341992][ T3247] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  661.356388][ T3247] ext4 filesystem being mounted at /363/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  661.466414][  T780] dummy0: left allmulticast mode
[  661.486580][  T780] dummy0: left promiscuous mode
[  661.491689][  T780] bridge0: port 3(dummy0) entered disabled state
[  661.492114][ T3264] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7738: Failed to acquire dquot type 1
[  661.515852][ T3262] loop4: detected capacity change from 0 to 764
[  661.516087][  T780] bridge_slave_1: left allmulticast mode
[  661.528104][  T780] bridge_slave_1: left promiscuous mode
[  661.533949][ T3262] rock: directory entry would overflow storage
[  661.534116][  T780] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.540196][ T3262] rock: sig=0x4654, size=5, remaining=4
[  661.560184][ T3267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7743'.
[  661.571717][  T780] bridge_slave_0: left allmulticast mode
[  661.577462][  T780] bridge_slave_0: left promiscuous mode
[  661.583221][  T780] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.597864][ T3262] random: crng reseeded on system resumption
[  661.611574][ T3262] Restarting kernel threads ...
[  661.616795][ T3262] Done restarting kernel threads.
[  661.655910][  T780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  661.667592][  T780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  661.682164][  T780] bond0 (unregistering): Released all slaves
[  661.781365][  T780] tipc: Disabling bearer <udp:� >
[  661.786553][  T780] tipc: Disabling bearer <udp:�>
[  661.791683][  T780] tipc: Left network mode
[  661.824338][  T780] hsr_slave_0: left promiscuous mode
[  661.830291][  T780] hsr_slave_1: left promiscuous mode
[  661.837547][  T780] batman_adv: batadv0: Removing interface: batadv_slave_0
[  661.838221][ T3282] loop4: detected capacity change from 0 to 512
[  661.852002][  T780] batman_adv: batadv0: Removing interface: batadv_slave_1
[  661.863771][ T3282] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7747: Failed to acquire dquot type 1
[  661.875923][ T3282] EXT4-fs (loop4): 1 truncate cleaned up
[  661.882045][ T3282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  661.895046][ T3282] ext4 filesystem being mounted at /436/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  661.907836][  T780] team0 (unregistering): Port device team_slave_1 removed
[  661.908092][ T3282] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7747: Failed to acquire dquot type 1
[  661.926985][  T780] team0 (unregistering): Port device team_slave_0 removed
[  661.947014][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.976474][ T3245] chnl_net:caif_netlink_parms(): no params data found
[  662.069907][ T3245] bridge0: port 1(bridge_slave_0) entered blocking state
[  662.077161][ T3245] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.084766][ T3245] bridge_slave_0: entered allmulticast mode
[  662.091295][ T3245] bridge_slave_0: entered promiscuous mode
[  662.098383][ T3245] bridge0: port 2(bridge_slave_1) entered blocking state
[  662.105654][ T3245] bridge0: port 2(bridge_slave_1) entered disabled state
[  662.113340][ T3245] bridge_slave_1: entered allmulticast mode
[  662.120059][ T3245] bridge_slave_1: entered promiscuous mode
[  662.136993][ T3301] loop4: detected capacity change from 0 to 512
[  662.145130][ T3301] EXT4-fs: Ignoring removed nobh option
[  662.153642][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  662.159541][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #3: comm syz.4.7751: corrupted inode contents
[  662.177554][ T3245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  662.183097][ T3301] EXT4-fs error (device loop4): ext4_dirty_inode:6454: inode #3: comm syz.4.7751: mark_inode_dirty error
[  662.190078][ T3245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  662.209698][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #3: comm syz.4.7751: corrupted inode contents
[  662.223532][ T3301] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.7751: mark_inode_dirty error
[  662.236229][ T3301] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.7751: Failed to acquire dquot type 0
[  662.237445][ T3245] team0: Port device team_slave_0 added
[  662.250130][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #16: comm syz.4.7751: corrupted inode contents
[  662.254903][ T3245] team0: Port device team_slave_1 added
[  662.275168][ T3301] EXT4-fs error (device loop4): ext4_dirty_inode:6454: inode #16: comm syz.4.7751: mark_inode_dirty error
[  662.288902][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #16: comm syz.4.7751: corrupted inode contents
[  662.301038][ T3301] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.7751: mark_inode_dirty error
[  662.313894][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #16: comm syz.4.7751: corrupted inode contents
[  662.326990][ T3245] batman_adv: batadv0: Adding interface: batadv_slave_0
[  662.334082][ T3245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.334725][ T3301] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  662.360062][ T3245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  662.380528][ T3245] batman_adv: batadv0: Adding interface: batadv_slave_1
[  662.382372][ T3301] EXT4-fs error (device loop4): ext4_do_update_inode:5563: inode #16: comm syz.4.7751: corrupted inode contents
[  662.387551][ T3245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.400849][ T3301] EXT4-fs error (device loop4): ext4_truncate:4592: inode #16: comm syz.4.7751: mark_inode_dirty error
[  662.425319][ T3245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  662.438991][ T3301] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  662.458140][ T3301] EXT4-fs (loop4): 1 truncate cleaned up
[  662.464483][ T3301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  662.490862][ T3314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7755'.
[  662.498376][ T3301] ext4 filesystem being mounted at /440/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  662.505673][ T3314] netlink: 32 bytes leftover after parsing attributes in process `syz.0.7755'.
[  662.529578][ T3245] hsr_slave_0: entered promiscuous mode
[  662.535746][ T3245] hsr_slave_1: entered promiscuous mode
[  662.541741][ T3245] debugfs: 'hsr0' already exists in 'hsr'
[  662.547539][ T3245] Cannot create hsr debugfs directory
[  662.575588][T29601] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  662.631635][ T3323] loop5: detected capacity change from 0 to 512
[  662.638408][ T3323] EXT4-fs: Ignoring removed nomblk_io_submit option
[  662.649055][ T3323] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  662.657106][ T3323] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  662.666101][ T3323] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (80)
[  662.675650][ T3323] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[  662.687988][ T3323] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  662.734334][ T3328] loop7: detected capacity change from 0 to 512
[  662.743738][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  662.786859][ T3328] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7761: Failed to acquire dquot type 1
[  662.800888][ T3328] EXT4-fs (loop7): 1 truncate cleaned up
[  662.809035][ T3328] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  662.822744][ T3328] ext4 filesystem being mounted at /368/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  662.954459][  T780] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.034009][  T780] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.047722][ T3354] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7761: Failed to acquire dquot type 1
[  663.083233][ T3355] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  663.118032][ T3355] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  663.179569][ T3360] loop5: detected capacity change from 0 to 512
[  663.186229][ T3360] EXT4-fs: Ignoring removed nomblk_io_submit option
[  663.195230][ T3360] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  663.203234][ T3360] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  663.243119][  T780] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.254677][ T3360] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (80)
[  663.264462][ T3360] EXT4-fs (loop5): Skipping orphan cleanup due to unknown ROCOMPAT features
[  663.278251][ T3245] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  663.285710][ T3360] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  663.306691][ T3245] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  663.334854][  T780] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.346810][ T3245] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  663.355491][  T400] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.383001][ T3245] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  663.453414][  T780] dummy0: left allmulticast mode
[  663.458663][  T780] bridge0: port 3(dummy0) entered disabled state
[  663.466625][  T780] bridge_slave_1: left allmulticast mode
[  663.472502][  T780] bridge_slave_1: left promiscuous mode
[  663.478247][  T780] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.488285][  T780] bridge_slave_0: left allmulticast mode
[  663.494158][  T780] bridge_slave_0: left promiscuous mode
[  663.499935][  T780] bridge0: port 1(bridge_slave_0) entered disabled state
[  663.626292][T30181] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  663.701225][  T780] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  663.716273][ T3382] loop5: detected capacity change from 0 to 512
[  663.726006][  T780] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  663.741783][  T780] bond0 (unregistering): Released all slaves
[  663.755662][ T3382] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.7774: Failed to acquire dquot type 1
[  663.774223][ T3382] EXT4-fs (loop5): 1 truncate cleaned up
[  663.781453][ T3385] netlink: 32 bytes leftover after parsing attributes in process `syz.7.7777'.
[  663.801553][ T3342] chnl_net:caif_netlink_parms(): no params data found
[  663.812737][ T3382] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  663.823625][  T780] tipc: Disabling bearer <udp:� >
[  663.828719][  T780] tipc: Disabling bearer <udp:�>
[  663.833900][  T780] tipc: Left network mode
[  663.916192][ T3376] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.7774: Failed to acquire dquot type 1
[  663.955772][  T780] hsr_slave_0: left promiscuous mode
[  663.961707][  T780] hsr_slave_1: left promiscuous mode
[  663.971009][  T780] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  663.978623][  T780] batman_adv: batadv0: Removing interface: batadv_slave_0
[  664.014137][  T780] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  664.021614][  T780] batman_adv: batadv0: Removing interface: batadv_slave_1
[  664.045366][ T3400] loop7: detected capacity change from 0 to 512
[  664.052490][  T780] veth1_macvtap: left promiscuous mode
[  664.058965][  T780] veth0_macvtap: left promiscuous mode
[  664.066831][  T780] veth1_vlan: left promiscuous mode
[  664.073025][ T3400] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7780: Failed to acquire dquot type 1
[  664.088249][  T780] veth0_vlan: left promiscuous mode
[  664.093481][ T3400] EXT4-fs (loop7): 1 truncate cleaned up
[  664.093918][ T3400] ext4 filesystem being mounted at /371/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  664.112717][ T3404] loop0: detected capacity change from 0 to 512
[  664.119877][ T3404] EXT4-fs: Ignoring removed nomblk_io_submit option
[  664.131201][ T3404] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  664.139469][ T3404] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  664.149917][ T3400] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.7780: Failed to acquire dquot type 1
[  664.152570][ T3404] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80)
[  664.170950][ T3404] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features
[  664.228109][  T780] team0 (unregistering): Port device team_slave_1 removed
[  664.247425][  T780] team0 (unregistering): Port device team_slave_0 removed
[  664.327225][ T3245] 8021q: adding VLAN 0 to HW filter on device bond0
[  664.347895][ T3245] 8021q: adding VLAN 0 to HW filter on device team0
[  664.357055][ T3342] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.364319][ T3342] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.373739][ T3342] bridge_slave_0: entered allmulticast mode
[  664.380414][ T3342] bridge_slave_0: entered promiscuous mode
[  664.403294][ T3437] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.410456][ T3437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  664.422301][ T3437] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.429507][ T3437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  664.448911][ T3342] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.456093][ T3342] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.494446][ T3342] bridge_slave_1: entered allmulticast mode
[  664.511554][ T3342] bridge_slave_1: entered promiscuous mode
[  664.528890][ T3245] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  664.539365][ T3245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  664.586853][ T3342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  664.601236][ T3342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.671475][ T3342] team0: Port device team_slave_0 added
[  664.679005][ T3342] team0: Port device team_slave_1 added
[  664.696949][ T3245] 8021q: adding VLAN 0 to HW filter on device batadv0
[  664.715519][ T3342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  664.722594][ T3342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.748844][ T3342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  664.769597][ T3342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  664.776798][ T3342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.802883][ T3342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  664.832183][ T3342] hsr_slave_0: entered promiscuous mode
[  664.838464][ T3342] hsr_slave_1: entered promiscuous mode
[  664.882850][   T29] kauditd_printk_skb: 552 callbacks suppressed
[  664.882865][   T29] audit: type=1400 audit(1753884063.312:38879): avc:  denied  { mount } for  pid=3430 comm="syz.0.7788" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  664.934978][   T29] audit: type=1326 audit(1753884063.362:38880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  664.998150][   T29] audit: type=1326 audit(1753884063.392:38881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.021753][   T29] audit: type=1326 audit(1753884063.392:38882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.045364][   T29] audit: type=1326 audit(1753884063.392:38883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.069168][   T29] audit: type=1326 audit(1753884063.392:38884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.092706][   T29] audit: type=1326 audit(1753884063.392:38885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.116322][   T29] audit: type=1326 audit(1753884063.392:38886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.139951][   T29] audit: type=1326 audit(1753884063.392:38887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fec9cebd310 code=0x7ffc0000
[  665.163559][   T29] audit: type=1326 audit(1753884063.392:38888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3434 comm="syz.5.7789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9cebe9a9 code=0x7ffc0000
[  665.276203][ T3342] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  665.293378][ T3342] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  665.321554][ T3245] veth0_vlan: entered promiscuous mode
[  665.328126][ T3342] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  665.339713][ T3245] veth1_vlan: entered promiscuous mode
[  665.348134][ T3342] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  665.366487][ T3245] veth0_macvtap: entered promiscuous mode
[  665.376646][ T3245] veth1_macvtap: entered promiscuous mode
[  665.396063][ T3245] batman_adv: batadv0: Interface activated: batadv_slave_0
[  665.410561][ T3245] batman_adv: batadv0: Interface activated: batadv_slave_1
[  665.424419][ T3245] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  665.433339][ T3245] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  665.442116][ T3245] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  665.450883][ T3245] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  665.557975][ T3342] 8021q: adding VLAN 0 to HW filter on device bond0
[  665.585354][ T3342] 8021q: adding VLAN 0 to HW filter on device team0
[  665.595701][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.602992][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  665.634960][ T3342] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  665.645630][ T3342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  665.670083][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.677238][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  665.825899][ T3342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.040431][ T3342] veth0_vlan: entered promiscuous mode
[  666.056430][ T3342] veth1_vlan: entered promiscuous mode
[  666.080019][ T3342] veth0_macvtap: entered promiscuous mode
[  666.109793][ T3342] veth1_macvtap: entered promiscuous mode
[  666.133085][ T3508] loop6: detected capacity change from 0 to 512
[  666.142191][ T3508] EXT4-fs (loop6): orphan cleanup on readonly fs
[  666.149250][ T3508] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.7802: bg 0: block 248: padding at end of block bitmap is not set
[  666.186176][ T3512] netlink: 'syz.7.7803': attribute type 10 has an invalid length.
[  666.194219][ T3512] netlink: 40 bytes leftover after parsing attributes in process `syz.7.7803'.
[  666.207443][ T3342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  666.220722][ T3508] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.7802: Failed to acquire dquot type 1
[  666.236429][ T3342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  666.261850][ T3508] EXT4-fs (loop6): 1 truncate cleaned up
[  666.270920][ T3342] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  666.279843][ T3342] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  666.288718][ T3342] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  666.297809][ T3342] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  666.381300][ T3508] syz.6.7802 (3508) used greatest stack depth: 9560 bytes left
[  666.441950][ T3524] loop5: detected capacity change from 0 to 764
[  666.449384][ T3524] rock: directory entry would overflow storage
[  666.455812][ T3524] rock: sig=0x4654, size=5, remaining=4
[  666.459154][ T3527] SET target dimension over the limit!
[  666.484356][ T3524] random: crng reseeded on system resumption
[  666.502754][ T3524] Restarting kernel threads ...
[  666.509108][ T3528] ==================================================================
[  666.517246][ T3528] BUG: KCSAN: data-race in cgroup_freezer_migrate_task / handle_mm_fault
[  666.525725][ T3528] 
[  666.528075][ T3528] read-write to 0xffff888117d8c748 of 2 bytes by task 3529 on cpu 0:
[  666.536167][ T3528]  handle_mm_fault+0x206f/0x2be0
[  666.541246][ T3528]  do_user_addr_fault+0x636/0x1090
[  666.546423][ T3528]  exc_page_fault+0x62/0xa0
[  666.551232][ T3528]  asm_exc_page_fault+0x26/0x30
[  666.556158][ T3528] 
[  666.558519][ T3528] read to 0xffff888117d8c748 of 2 bytes by task 3528 on cpu 1:
[  666.566092][ T3528]  cgroup_freezer_migrate_task+0xac/0x290
[  666.571859][ T3528]  cgroup_migrate_execute+0x288/0x7f0
[  666.577281][ T3528]  cgroup_apply_control+0x3ab/0x410
[  666.582539][ T3528]  cgroup_subtree_control_write+0x7d5/0xb80
[  666.588572][ T3528]  cgroup_file_write+0x197/0x350
[  666.593568][ T3528]  kernfs_fop_write_iter+0x1be/0x2d0
[  666.598900][ T3528]  vfs_write+0x49d/0x8e0
[  666.603266][ T3528]  ksys_write+0xda/0x1a0
[  666.607748][ T3528]  __x64_sys_write+0x40/0x50
[  666.612380][ T3528]  x64_sys_call+0x27fe/0x2ff0
[  666.617107][ T3528]  do_syscall_64+0xd2/0x200
[  666.621667][ T3528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.627797][ T3528] 
[  666.630142][ T3528] value changed: 0x0061 -> 0x0001
[  666.635199][ T3528] 
[  666.637554][ T3528] Reported by Kernel Concurrency Sanitizer on:
[  666.643849][ T3528] CPU: 1 UID: 0 PID: 3528 Comm: syz.7.7809 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(voluntary) 
[  666.655955][ T3528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  666.666136][ T3528] ==================================================================
[  666.681993][ T3524] Done restarting kernel threads.