last executing test programs:

3m53.395743846s ago: executing program 32 (id=2225):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x40002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})

3m49.583831792s ago: executing program 3 (id=2287):
prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000351000/0x2000)=nil)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x48100, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3004006, &(0x7f00000195c0)={[{@user_xattr}, {@max_batch_time={'max_batch_time', 0x3d, 0x101}}, {@resuid}, {@user_xattr}, {@user_xattr}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@debug}, {@noinit_itable}, {@nomblk_io_submit}, {@nodelalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}]}, 0x1, 0x56d, &(0x7f0000000540)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIsVdOJlLt9YfE7yYl6LDgd7P0mZlNF1Gk861Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoinhTOelJm6VJk3Vpm5rPB872vjknfc+Tc56X982bkAD61kj6Ty7iuYj4Mok4UrdvMLKdIyvHLT2+OZluSSwvf/hHEkn2WO34JPv/YFb5f0T88nnEqdz6dssLizMTxWJhLquPVmavjZYXFk9fmZ2YLkwXro6Nj597fXzsrTff6Fqsr1z865sP7r977osTS1//9PDo3STOx6FsX30cz+BWfWUkRrLXZCjONxx4tguN9ZJkp0+ATRnI8nwo0j7gSAxkWQ/8930WEctAn0rkP/Sp2jigNrfv0jx413j0zsoEaH38gyvvjcS+6tzowFLyxMwone8Od6H9tI2ff793N92ie+9DALR163ZEnBkcXN//JVn/t3lnOjimsQ39H2yf++n459Vm45/c6vgnmox/DjbJ3c1on/+5hw2H7OlCs6vS8d/bTce/q4tWwwNZ7XB1zDeUXL5SLKR92/8i4mQM7U3rG63nnFt6sNxqX/34L93S9mtjwew8Hg7uffI5UxOViWeJud6j2xHPNx3/JqvXP2ly/dPX42KHbRwv3Hux1b728W+t5e8jXm56/ddWtJKN1ydHq/fDaO2uWO/PO8d/bdX+TsefXv8DK/H/nU0JG+MfTurXa8tP38Z3+/4ptNq32ft/T/JRtVzrDG5MVCpzZyP2JO+vf3xs7bm1eu34NP6TJzbu/5rd//sj4uMO479z7McXNh//1krjn9r4/m+4/k9fePDep9+2ar+z6/9atXQye6ST/q/TE3yW1w4AAAAAAAB6TS4iDkWSy6+Wc7l8fuXzHcfiQK5YKldOXS7NX52K6ndlh2MoV1vpPrL2eYjqcutw3ecjxhrq4xFxNCK+GthfrecnS8WpnQ4eAAAAAAAAAAAAAAAAAAAAesTBFt//T/02sNNnB2w5P/kN/att/nfjl56AntQm/1/6ZLtOBNh2xv/Qv+Q/9C/5D/1L/kP/kv/Qv+Q/9C/5DwAAAAAAAAAAAAAAAAAAAAAAAAAAAF118cKFdFteenxzMq1PXV+YnyldPz1VKM/kZ+cn85OluWv56VJpuljIT5Zm2/29Yql07exYzN8YrRTKldHywuKl2dL81cqlK7M/HI4oDG1LVAAAAAAAAAAAAAAAAAAAALC7lBcWZyaKxcKcQrWwN3riNHZRYbA3TqM/CxFb1sRO90wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsObfAAAA//9IKziJ")
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x48, 0x0, 0x0)
clock_nanosleep(0x9, 0x1, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2390024, &(0x7f0000000000))

3m49.531455527s ago: executing program 3 (id=2288):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2000)

3m49.303954848s ago: executing program 3 (id=2290):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000"], &(0x7f0000000040)='GPL\x00', 0xffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001200)={'vxcan0\x00'})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r1=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000700)=r1, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001300)={{0x1}, &(0x7f0000001280), &(0x7f00000012c0)=r0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setreuid(0xffffffffffffffff, 0xee00)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0)

3m48.396006316s ago: executing program 3 (id=2293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
fallocate(0xffffffffffffffff, 0x0, 0x9, 0x2000406)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="a00000001800010a03000000000000000400000089001180"], 0xa0}, 0x1, 0x0, 0x0, 0x200080c1}, 0x80)

3m48.167845458s ago: executing program 3 (id=2296):
mkdir(&(0x7f00000000c0)='./file0\x00', 0x183)
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b26, &(0x7f0000000280)={'wlan1\x00'})
move_mount(r4, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000005c0)={0x0, r0, 0x0, 0x24, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92yn\x00'/36}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0)

3m46.798372219s ago: executing program 3 (id=2312):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="850000000800000004"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='\x00', 0x1}], 0x23}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000001c0)='}', 0x1}], 0x1}}], 0x2, 0x2400c042)

3m43.818383505s ago: executing program 33 (id=2338):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x1)
fchdir(r3)
accept(r0, 0x0, 0x0)

3m42.137394556s ago: executing program 2 (id=2354):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x7, 0x4, 0x100, 0x4, 0x20}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x9, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000180)='./file1\x00', 0x20024c0, &(0x7f0000000500)={[{@nodelalloc}, {@dioread_lock}, {@dioread_nolock}, {@nobh}]}, 0x4, 0x595, &(0x7f0000000800)="$eJzs3T1sG1UcAPD/ne1+BlIkkAB1qACpSFWdpB9QmNoVUalSByQWiBw3quLEUZxAE2VI9wrRAQHqUjYYGEEMDIiFkZUFxIxU0QikpgMY2T4nab6alDpu699PuuTevXP+7935/3x3uosD6FlHGj/SiBci4kIS0b+qLh9Z5ZHWekuL86W7i/OlJOr1i38mkUTEncX5Unv9JPt9MCIWIuL5iPixEHEsXR+3Njs3NlyplKey8sD0+ORAbXbu+OXx4dHyaHni5OtvnD5z6vTQiaHVL7tbX10q7Kyv1367/tG1n9+6ef2rrw8vlD4ZTuJs9GV1q/vxMLW2SSHOrll+qhPBuijpdgN4ILkszxup9Fz0Ry7y94wBq9U3qwAeS/W9EXWgRyXyH3pU+zigcf7bnnbz+OPWudYJSCPuUja1avKtaxOxr3lucuCvJLse0dI43zy0mw3libRwNSIG8/n17/8ke/89uMGH0UA66odzrR21fv+ny+NPbDD+9LWvnf5P7fFvad34txI/t8n4d2GbMf559/fPN41/NeLFDeMny/GTDeKnEfH+NuPfeOe7M5vV1b+IOBobx29L1l4fTrLK1vXhgUuXK+XB1s8NY3x/9PCbW/X/wCbxW9ds9zU/Zjba/pPb7P+3P33z0sIW8V99eev9v9H23x8RH28ZNbc898ydL9/ebK1bV5PbjaOAne7/xrKb9+t45rWzR37d5qoAAAAAAAAAAMAOpM172ZK0GHub5b5I02Kx9Qzvs3EgrVRr08cuVWcmRlr3vB2KQtq+06q/VU4a5aHsftx2+cSa8sn27Ui5/c1ysVStjHS15wAAAAAAAAAAAAAAAAAAAPDoOLj8/H/rfwH8nWs+/7/266qBJ1W+2w0Aukb+Q++6N/+TrrUD2H07+vyv93euIcBuqzv+h94l/6F3yX/oXfIfepf8h94l/6F3yX8AAAAAAAAAAAAAAAAAAAAAAAAAAOiIC+fPN6b63cX5UqM8kp+dGat+cHykXBsrjs+UiqXq1GRxtFodrZSLper4/f5eUq1ODsbEzJWB6XJteqA2O/feeHVmov2douVCx3sEAAAAAAAAAAAAAAAAAAAAj5++5pSkxYhIm/NpWixGPBURh6KQXLpcKQ9GxNMR8UuusLdRHup2owEAAAAAAAAAAAAAAAAAAOAJU5udGxuuVMpTPTKT38nKEbHwcJvR+IsrS/ZkO+E+rypkq20jRC4iHontbOZxn+nioAQAAAAAAAAAAAAAAAAAAD1q5aHf7b7i3842CAAAAAAAAAAAAAAAAAAAAHpS+kcSEY3paP8rfWtr9yRLuebviPjwxsVPrwxPT08NNZbfXl4+/Vm2/EQ32g9sVztP23kMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArKjNzo0NVyrlqQ7OdLuPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ivwAAAP//4krRMA==")

3m41.844025754s ago: executing program 2 (id=2361):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000780)={[{@minixdf}, {@noinit_itable}, {@norecovery}, {@noinit_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@nodiscard}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1")
socket$igmp(0x2, 0x3, 0x2)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0xa0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000600)={0x23e3, 0xf1, 0xd, 0x2})

3m41.725453326s ago: executing program 2 (id=2362):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rXFUbAPDn3ny0ffuRvH37qq1Vo0UIikmTVu3CjaLgoqKgi7qMybSEThtpothSbCpSN4IUdC0uBf8CdyKIuhLc6saVFIp20+oqcu/c206mM6kxk9zY+f1gMufMPTP3eXK/zj1nJoCeNZL9SSJ2RMRPETHUqC5vMNJ4unHt/PQf185PJ7G09OpvSd7u+rXz02XT8n3bi8poGpG+nxQrWW7+7LmTU/V67UxRH1849eb4/NlzT7x9aupE7UTt9OSRI4cPTTz91OSTXckzy+v6vnfn9u998fXLL00fu/zGd19k8e4oljfn0S0jWeK/L+Valz3a7ZVVbGdTOemvMBBWpS8iss01kB//Q9EXtzbeULzwXqXBAesquzZt6bx4cQm4iyVRdQRANcoLfXb/Wz42qOuxKVx9tnEDlOV9o3g0lvRHWrQZaLm/7aaRiDi2+Oen2SPWaRwCAKDZh9OfHO1v2/9L4578+Zf8765iDmU4Iv4bEbsj4n8RsSci/h+Rt703Iu5bYzy393/SK2v8yBVl/b9nirmt5f2/svcXw31FbWee/0ByfLZeO1j8T0ZjYEtWn1hhHV89/+NHnZY19/+yR7b+si9YxHGlv2WAbmZqYSrvlHbB1YsR+/rb5Z/cnAlIImJvROxb3UfvKguzj32+v1OjO+e/gi7MMy19lqW3mOW/GC35l5Lm+cnZ2+Ynx7dGvXZwvNwrbvf9D5de6bT+NeXfBVdrjeem7d/aZDhpnq+dX/06Lv38Qcd7mn+4/6eDyWv5PPNg8do7UwsLZyYiBpOjeX3Z65O33lvWy/bZ/j96oP3xv7t4T5b//RGR7cQPRMSDEfFQEfvDEfFIRBxYIf9vn+u8rMw/0oq2/8WImbbnv5v7f8v2X32h7+Q3X3Za/9/b/ofz0mjxSn7+u4N24WSni9YA1/K/AwAAgH+LNP8OfJKO3Syn6dhY4zv8e+I/aX1ufuHx43NvnZ5pfFd+OAbScqRrqBgPrc/WaxPJYvGJjfHRyWKsuBwvPVSMG3/cty2vj03P1Wcqzh163fYOx3/m176qowPW2ba2r04ObnggQAVa59HT5dULL4eTAdyt/F4betcdjv90o+IANp7rP/Sudsf/hZa6uQC4O7n+Q+9y/EOPSr+uOgKgQq7/0JPW8rv+dSxs3RxhVFPYrBslL0SUhXRTxKOwToWqz0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8VcAAAD//9Jf6+E=")
symlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000740)='./file0\x00')

3m41.2562886s ago: executing program 2 (id=2363):
pipe2$9p(&(0x7f0000000080), 0x800)
mount$9p_fd(0x0, 0x0, &(0x7f0000000b80), 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
r0 = fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f00000005c0)=0x7)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f00000002c0)=0x25)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xfffffffe})
ioctl(r5, 0x8b22, &(0x7f0000000040))
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
rename(0x0, &(0x7f0000000140)='./file1\x00')
link(0x0, &(0x7f0000000400)='./file0/file0\x00')

3m40.247965167s ago: executing program 2 (id=2367):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)

3m40.247457367s ago: executing program 2 (id=2368):
syz_usb_connect$cdc_ecm(0x0, 0x68, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x56, 0x1, 0x1, 0x86, 0x80, 0x4, [{{0x9, 0x4, 0x0, 0xd, 0x3, 0x2, 0x6, 0x0, 0x2, {{0x5}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x4, 0x73, 0x4}, [@mdlm={0x15, 0x24, 0x12, 0x101}, @mdlm_detail={0x6, 0x24, 0x13, 0xf8, "d502"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x9, 0x6, 0xa8}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xa, 0x0, 0x2}}}}}]}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
io_setup(0x8, 0x0)

3m31.722555444s ago: executing program 34 (id=2312):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="850000000800000004"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)='\x00', 0x1}], 0x23}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000001c0)='}', 0x1}], 0x1}}], 0x2, 0x2400c042)

3m26.460823649s ago: executing program 6 (id=2494):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c00000008000400", @ANYRES32], 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x60000854}, 0xc008080)

3m26.416922283s ago: executing program 6 (id=2495):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0)
ioctl$FIBMAP(r2, 0x1, 0x0)

3m26.33610053s ago: executing program 6 (id=2496):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
creat(&(0x7f0000000180)='./file0\x00', 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x2000000000000116}}, 0x40)

3m26.223527001s ago: executing program 6 (id=2498):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000050000000000a74b0001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0xc618, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001200)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f07df33c9f7b986", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200080, &(0x7f00000000c0)={[{@errors_remount}, {@delalloc}, {@bsdgroups}]}, 0x3, 0x56d, &(0x7f0000000c00)="$eJzs3c+PG1cdAPDvzP6w86PdBHqAqpAAhYCieLNOG1W9NLmAUFUJUXFAHNJl11ktseMQe0t3icT2bwAJBCf4EzggcUDqiQM3jkgcEFI5IAWIQFkESEYznt04WVtxYq/d7H4+0mR+vHnzfU/O+D0/e+cFcGSdjYjtiJiPiHciYqE4nhRLXOku2Xn3791Z2bl3ZyWJTuftvyd5enYsevJkThTXLEfE178S8e1kf9zW5taN5Xq9drvYX2w3bi22NrcurDeW12prtZvV6uWlyxdfu/RqdWx1PdP45d0vr7/5jd/8+lMf/n77S9/PinWySOutxzh1qz63FyczGxFvHkSwKZgp1vP7Ul7qn+HKwZaHJ5NGxMci4rP5/b8QM/n/TgDgMOt0fhqdhd59AOCwyz7/nywnaSUi0rToBFS6Y3gvxPG03my1z19vbtxc7Y6VnYq59Pp6vXbxdOmP381Pnkuy/aU8LU/P96uP7F+KiNMR8aPSsXy/stKsr06nywMAR96J/Duwov2PiH+V0rRSGSprn2/1AIBnRnkKOQGA6eptxUtTLAcAMDk+xQPA0TNE+1982b994GUBACbD538AOHq0/wBw9Dxp++83ggDwTPvaW29lS2eneP716rubG3PNdy+s1lo3Ko2NlcpK8/atylqzuZY/s6fxUOZjPdtFn6DebN5aeiU23lts11rtxdbm1rVGc+Nm+1r+XO9rtbmJ1g4A6Of0mQ/+kETE9uvH8iV65nLQVsPhlk67AMDUzDzYrJ140sw6CPBMe7rZvv4z9nIAkzdUE553En534GUBpqPvw7zLfTcf9pMnCOJ3xvCRcu6Tw4//75/jGXiWGf+Ho2vmqXK9MfZyAJP3dOP/wGHQ6SSPzvk/v5cEABxKI/yEr/ODcXVCgKl63GTeY/n+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6ZkxHxnUjSSj4XeJr9m1YqEc9FxKmYS66v12sXI+L5OBMRc6Vsf2nahQYARpT+NSnm/zq38PLJR1Pnk3+X8nVEfO9nb//4veV2+/ZSdvwfe8dLu9OHVR/kG2FeQQBgOJ3SkCfm7Xe1WPd8kL9/787K7nJQhezn7tX4XzEV8crOvTv50k2ZjexgRDnvSxz/ZxKzRZ5yRLwYETNjiL/9fkR8ol/9k3xs5FQx82lv/ChiPzfR+OlD8dM8rbvOOl8fH0NZ4Kj54GpEXOl3/6VxNl/3v//L+TvU6O5e7V5s971vpyf+bBFppk/87J4/O2yMV3771X0HOwvdtPcjXpztFz/Zi58MiP/ykPH/9NKnf/jGgLTOzyPORf/4vbEW241bi63NrQvrjeW12lo5qtXLS5cvvnbp1epiPka9uDtSvd/fXj///KCyZfU/PiB+uW/95/fyfn7I+v/iv+986zMPdkuPxv/i5/q//i/0jd+VtYlfeDhMZ1D85eO/Gjh9dxZ/dUD9H/f6nx+m8hHx4V+2Voc8FQCYgNbm1o3ler12e6SNNHY647jOvo2siMOdvNtdHC3on+MgavGUG3MjV2daG7N7fcXxXvmb2RUnXJ107LUYaeP+pGJN7z0JmIwHN/20SwIAAAAAAAAAAAAAAAwyiT9dmnYdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOLz+HwAA//+WydIx")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)

3m26.191618214s ago: executing program 6 (id=2499):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="0000000027bd7000fcdbdf25802080e1fd01ff087d629545000016800000028000000200272524232f00000000000000d2cd83dce92694270911fd99007e1125b83e45c3f25bc9fcd8512a408dc52052461a91b4482e9c5d3cd915514dfe071417e467e1006b8faaa3651b988ac65239fd9f8404a1c05b42b43089604695596a03660f5add141f37e327f4c92ac8d92c432b807bfcc862d015253b4b024e5994e94da2bcb83934a651f49931dc67e59b3887140f3c3f233b29e61b68f811ba39"], 0x38}}, 0x4042004)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000200), &(0x7f0000000280)=r3}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x34, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x8f, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)
getpid()
getrusage(0xfffffffffffffffe, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="24000000390007010000000000000000027c0000040000000c0001800600060086dd"], 0x24}}, 0x0)

3m25.559785825s ago: executing program 6 (id=2501):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x85, 0x74120, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0x2}, 0x10000, 0x10003, 0x80000001, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
eventfd2(0x5, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f00000002c0)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x12, &(0x7f0000000280)=ANY=[], 0x0)

3m25.558688245s ago: executing program 35 (id=2501):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x85, 0x74120, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0x2}, 0x10000, 0x10003, 0x80000001, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
eventfd2(0x5, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f00000002c0)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x12, &(0x7f0000000280)=ANY=[], 0x0)

3m25.004138568s ago: executing program 36 (id=2368):
syz_usb_connect$cdc_ecm(0x0, 0x68, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x56, 0x1, 0x1, 0x86, 0x80, 0x4, [{{0x9, 0x4, 0x0, 0xd, 0x3, 0x2, 0x6, 0x0, 0x2, {{0x5}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x4, 0x73, 0x4}, [@mdlm={0x15, 0x24, 0x12, 0x101}, @mdlm_detail={0x6, 0x24, 0x13, 0xf8, "d502"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x9, 0x6, 0xa8}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xa, 0x0, 0x2}}}}}]}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
io_setup(0x8, 0x0)

1m0.466512384s ago: executing program 9 (id=5315):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x6002, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000340)='cpu\t<0&&\t')

1m0.449413445s ago: executing program 0 (id=5316):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES32=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x40000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0}, 0x18)
syz_open_procfs(0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], &(0x7f0000000000)=""/144, 0x3e, 0x90, 0x1}, 0x28)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x1c, 0x2}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0})

1m0.382178032s ago: executing program 9 (id=5318):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="160000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000570000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000600)='kmem_cache_free\x00', r1}, 0x18)
syz_emit_ethernet(0xaf, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa8100000086dd60f7d8ff00753c0020010000000000000000000000000000ff0200000000000000000000000000010004c910", @ANYRES32], 0x0)

1m0.338379156s ago: executing program 9 (id=5319):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700000004000000800000000100000028000000e7c492598c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0], 0x50)
r2 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r2, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x6083, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_read_part_table(0x5b8, &(0x7f0000000b80)="$eJzs0j1Is1cUAOCboKahFUWEFuxQ0Lo0WoiDDmawEoOLiljp4Cw41EFwcJCU6OzP2kHRKoiL2FnoIiqIQpwkW4tzQXFxektqFENb6KCf6Pc8w3u59z3n/nBO4E2Lhz+jKIqFEKLEv/yO3Q8//Uf297vZgRBG+kbHyqETIYTsl589TXzcdb8yH67MBxPp4sZp/81u41nrxfGnX//8RXm1LhzEH0+LPdcbeb/2MkcNC4szuaW5zNRlbv6qa7Ij27KcnV7t3uzNj3/e+0P8Pq7cV7Uf4Py2Ys/2eTR8vVbfWe709EklLqWb36VK/ZMP9V9vLpQKd0PtO7PJVFPpML9SqfttLCSrEl+iGQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI/aXuaoYWFxJrc0l5m6zM1fdU12ZFuWs9Or3Zu9+fHfHuMO4k+zJkIINS9yfluxZ/s8Gr5eq++sPS7epU8qcanYP1K/+/VZbsBr+iZU13+9uVAq3A2178x+m2oqHeZXKnW/jaLXvioAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8EZkBwa/GukbHQshFiZCCP3xxq3yepSojtu/H+oe5oOJdHHjtP9mt/Gs9eK47ZeRRAhPU378Y6shWb3F37k15c8nIfyeeLk38f/9FQAA//+nyYS+")
socket$key(0xf, 0x3, 0x2)

1m0.141979075s ago: executing program 9 (id=5321):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000e80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x8)
fchdir(r3)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="0f000000040000000400000019"], 0x50)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
sendmsg$inet(r6, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r10 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00'}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
mknodat$loop(r10, &(0x7f0000000000)='./file1\x00', 0x2000, 0x0)

59.292333016s ago: executing program 0 (id=5326):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x7}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='mm_collapse_huge_page_swapin\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000", @ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=<r5=>r2, 0x35, 0x0, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000014c0)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="30000000eb4b1e9991d601000000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES64=r6], 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000680)=ANY=[], 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={r4, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x4f, &(0x7f0000000380), 0x0, 0x10, &(0x7f0000000600), &(0x7f0000000740), 0x8, 0xd1, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
getsockopt$PNPIPE_IFINDEX(r5, 0x113, 0x2, &(0x7f00000004c0)=<r7=>0x0, &(0x7f0000000a40)=0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000a00)={@ifindex=r7, 0xffffffffffffffff, 0x21, 0x8, 0x0, @void, @value=r1, @void, @void, r6}, 0x20)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r8, 0x0, 0xd1, &(0x7f0000000000)=0xb, 0x4)
getsockopt$MRT(r8, 0x0, 0xd0, 0x0, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@ifindex, 0xffffffffffffffff, 0x33, 0x8, 0x0, @void, @value, @void, @void, r6}, 0x20)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)={@cgroup=r10, r0, 0x5, 0x0, r0, @void, @value=r0, @void, @void, r6}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
getpriority(0x1, 0x0)
r11 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r11, 0x4c82)
r12 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r12, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xe52}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x433}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6000000}, 0x800)

59.244313881s ago: executing program 9 (id=5328):
mkdir(&(0x7f0000000000)='./file0\x00', 0x16e)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x1)

59.15014218s ago: executing program 9 (id=5330):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xfff, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x2}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000180001002bbd700000000000020000040000fd09001100000600150002000000140016"], 0x38}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="b8", 0x1}], 0x1}}], 0x1, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r4 = socket(0x11, 0x2, 0x800001)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000240)="f2f64405eeca36ed9c5e40488000", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @local}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x18)
r8 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r8, 0x29, 0xc8, &(0x7f0000000340), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

58.575325245s ago: executing program 0 (id=5335):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6gre0\x00', 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES32=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x40000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0}, 0x18)
syz_open_procfs(0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], &(0x7f0000000000)=""/144, 0x3e, 0x90, 0x1}, 0x28)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x1c, 0x2}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0})

56.216832871s ago: executing program 0 (id=5360):
r0 = socket(0x10, 0x803, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x961}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf", @ANYRES32=r4, @ANYBLOB="1748000040000200280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r4], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

56.143314168s ago: executing program 0 (id=5363):
mkdir(&(0x7f0000000000)='./file0\x00', 0x16e)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x1)

56.112940801s ago: executing program 0 (id=5364):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x21, 0x0, 0x2)
sendmsg$inet(r1, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000000000000100100000b00000014000000000000001001000001"], 0x28}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x80)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x835, 0x0)

44.01803933s ago: executing program 37 (id=5330):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0xfff, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x2}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000180001002bbd700000000000020000040000fd09001100000600150002000000140016"], 0x38}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)="b8", 0x1}], 0x1}}], 0x1, 0x0)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r4 = socket(0x11, 0x2, 0x800001)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000240)="f2f64405eeca36ed9c5e40488000", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @local}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x18)
r8 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r8, 0x29, 0xc8, &(0x7f0000000340), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

41.089959851s ago: executing program 38 (id=5364):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x21, 0x0, 0x2)
sendmsg$inet(r1, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000000000000100100000b00000014000000000000001001000001"], 0x28}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x80)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x835, 0x0)

3.388595726s ago: executing program 8 (id=6322):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x4, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@alu={0x7, 0x0, 0x3, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00}, 0x94)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442e05d9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x19, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f00000001c0)={[{@usrquota}, {@nombcache}, {@minixdf}, {@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0xbbbd}}]}, 0x1, 0x51c, &(0x7f0000000580)="$eJzs3c9vI1cdAPCvvXHiZNNNWnoABO3SFha0WifxtlHVA5QjQpUQPYK0DYk3imLHUeyUJuwhPXNFohIneuQP4NwTB25cENy4lAMSPyJQg8Rh0IwnqTdrb6wmsdP485FG897MrL/f5+y8t/Oy9gtgbN2OiIOImIyIdyJiLj9eyLd4s7Ol131y+Gj16PDRaiGS5O1/FrLz6bHo+jOpm/lrliPihx9G/KTwZNzW3v7mSr1e28nrC+3G9kJrb//eRmNlvbZe26pWl5eWF1+//1r1wtr6YmMyL3314z8cfOtnaVqz+ZHudlykTtNLJ3FSExHx/csINgI38vZMjjoRPpNiRDwXES9l9/9c3Mh+mgDAdZYkc5HMddcBgOuumM2BFYqVfC5gNorFSqUzh/d8zBTrzVb77sPm7tZaZ65sPkrFhxv12mI+VzgfpUJaX8rKn9arp+r3I+LZiPjF1HRWr6w262uj/IcPAIyxm6fG//9MdcZ/AOCaK486AQBg6PqM/wfDzgMAGB7P/wAwfoz/ADB+ytl3OEyPOg0AYIg8/wPA+DH+A8BY+cFbb6VbcpR///Xau3u7m813763VWpuVxu5qZbW5s11ZbzbXs+/saZz1evVmc3vp1dh9b/7b2632Qmtv/0GjubvVfpB9r/eDWim7yicLAGCUnn3xoz8X0hH5jelsi661HEojzQy4bMVRJwCMzI0+ZeD6s9oXjK9zPOObHoBroscSvY8pR48PCCVJklxeSsAlu/Ml8/8wrrrm//0vYBgz5vxhfJn/h/GVJIVB1/yPQS8EAK42c/xAn9//P5fvf5P/cuDHa6ev+OAyswIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICr7Xj930q+FvhsFIuVSsQzETEfpcLDjXptMSJuRcSfpkpTaX1pxDkDAOdV/FshX//rztwrs4+deuHmSXEyIn76q7d/+d5Ku73zx4jJwr+mjo+3P8iPV4efPQBwtuNxOtt3Pch/cvho9XgbZj5//25ElDvxjw4n4+gk/kRMZPtylCJi5t+FvN5R6Jq7OI+D9yPii73aX4jZbA6ks/Lp6fhp7GcuLn4yFXFG/OJj8YvZuc4+fS++cAG5wLj5KO1/3ux1/xfjdrbvff+Xsx7q/PL+L32p1aOsD/w0/nH/d6NP/3d70Biv/u57ndL0k+fej/jyRMRx7KOu/uc4fqFP/FcGjP+Xr7zwUr9zya8j7kTv+N2xFtqN7YXW3v69jcbKem29tlWtLi8tL75+/7XqQjZHvdB/NPjHG3dv9TuXtn+mT/zyGe3/+oDt//B/7/zoa0+J/82Xe8UvxvNPiZ+Oid8YMP7KzG/L/c6l8df6tP+sn//dAeN//Nf9J5YNBwBGp7W3v7lSr9d2nla4dRRx1jWfy0IMdvHv8zfrSuQ81oXoeuy6Cvl0F74zrFiTfW7Gn7/ceWOmIrr/YifJZ4rVr8e4iFk34Co4uekj4r+jTgYAAAAAAAAAAAAAAOhpGJ9YGnUbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuL7+HwAA//8yDcV8")
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
set_mempolicy(0x2, &(0x7f00000002c0)=0x4, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'dummy0\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x4b, 0xe, "433f000000a69e5ebb7bf7b55562"}})
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)

3.299023974s ago: executing program 8 (id=6327):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r3], 0x4)

3.182986055s ago: executing program 8 (id=6331):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x5, 0xb1130, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x101280, 0x26f, 0x100000c, 0x3, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
writev(r3, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
recvfrom$inet(r2, 0x0, 0xfffffffffffffefc, 0x10000, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d6a98e3943f6892078bb952854743fe4dddd2e7c0ce70a4ac7d", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4008090)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
mmap(&(0x7f00001b1000/0x3000)=nil, 0x3000, 0x2, 0x28011, r4, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000380)={'gretap0\x00', &(0x7f0000000200)={'erspan0\x00', 0x0, 0x80, 0x40, 0xfffffff9, 0x5, {{0x5, 0x4, 0x3, 0x3e, 0x14, 0x64, 0x0, 0x1, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x14}, @dev={0xac, 0x14, 0x14, 0x41}}}}})
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x6, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40085503, &(0x7f0000000200)=0x6)

2.998571003s ago: executing program 4 (id=6333):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), 0x0, 0x835, 0x0)

2.978969414s ago: executing program 4 (id=6335):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000000c0)={[{@lazytime}, {@errors_remount}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280)={[{@usrquota}, {@nodelalloc}]}, 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP")
syz_open_procfs$namespace(0x0, &(0x7f0000000640)='ns/ipc\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000005c0)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000080)={r2, 0x3, 0xffffffffffffffff, 0x5})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000140))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59)
pwrite64(r4, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)
ioctl$EXT4_IOC_MIGRATE(r4, 0x6609)
io_uring_register$IORING_REGISTER_NAPI(r3, 0x1b, &(0x7f0000000000)={0x9, 0x60}, 0x1)

2.81187936s ago: executing program 1 (id=6339):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x75, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$packet(0x11, 0xa, 0x300)
socket$kcm(0x2, 0xa, 0x73)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYRES32=r1], &(0x7f00000002c0)='syzkaller\x00', 0x40, 0x0, 0x0, 0x41100}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x79, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xa4}]}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf5", 0x92}], 0x1}}], 0x1, 0x2090)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/4096, 0x1000, 0x1, 0x0}, &(0x7f0000000180)=0x40)
sendto$inet(r5, &(0x7f0000000580)="17", 0x12571144d43d7ee5, 0x10008095, 0x0, 0x0)

2.544006626s ago: executing program 4 (id=6343):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x8}}, 0x20)
ioctl$sock_ifreq(0xffffffffffffffff, 0x894a, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x2e, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x1c, 0x1, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0xea1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), 0xffffffffffffffff, 0x1}}, 0x18)

2.109151088s ago: executing program 4 (id=6350):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
lsetxattr$security_capability(0x0, &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x9, 0xfffffff7}, {0xde7, 0x8002}]}, 0x14, 0x0)

2.070010551s ago: executing program 4 (id=6352):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r1, 0x400448df, &(0x7f0000000340))
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9000}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$inet(0x2, 0x2, 0x6)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)
connect$inet6(r0, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)

1.912047667s ago: executing program 1 (id=6354):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x8, &(0x7f00000000c0)={[{@lazytime}, {@errors_remount}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ")
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280)={[{@usrquota}, {@nodelalloc}]}, 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP")
syz_open_procfs$namespace(0x0, &(0x7f0000000640)='ns/ipc\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000005c0)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000080)={r2, 0x3, 0xffffffffffffffff, 0x5})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000140))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59)
pwrite64(r4, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)
ioctl$EXT4_IOC_MIGRATE(r4, 0x6609)
io_uring_register$IORING_REGISTER_NAPI(r3, 0x1b, &(0x7f0000000000)={0x9, 0x60}, 0x1)

1.846609023s ago: executing program 1 (id=6355):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffa, 0x9, 0x0, 'queue0\x00', 0xffff})
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x2, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f0000000800)='GPL\x00', 0x2, 0xfffffffffffffd48, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$incfs(0xffffffffffffffff, &(0x7f0000000280)='.log\x00', 0x101000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r3, &(0x7f00000004c0)=[{&(0x7f0000000580)=""/152, 0x98}], 0x1)

1.801534737s ago: executing program 7 (id=6356):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), 0x0, 0x835, 0x0)

1.77866099s ago: executing program 7 (id=6357):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000010c0))
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fedbdf250200000008000100"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r3], 0x4)

1.25248879s ago: executing program 7 (id=6358):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000007c0)=@generic={&(0x7f0000000780)='./file0\x00'}, 0x18)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000800)=ANY=[@ANYBLOB="280000001800010000000000000000000200000008000000e00000020c00088008000c00", @ANYRES32, @ANYBLOB="f4dabe6127608925095ce4ac4633ba56d04b8cdf742c7b28368ac9bed0d68497aa73604bd0b220f1c1b99ecc39d2ed21ce752c8b5ff1b75f82fb2ba39d8a371ef903d35a9533aa949f4ef133f66660c97fd60200db25bd15f27f311be545c7363b6bba11454a598a60cc2c2ee025d488e3f827394e655e25eede416dba1a87e0d761802cd856ce0e0506335e2ae97922695698f6af24d9680823b3143c90dca84c21e7ccef6135b2b79e48a25d254d544b5295706e8d17f7a216ef083e0c1fc50c1422d2f6042e50e3ddeaacabf6b76b34759463dd318010091355280c280270434449d72b65d9bc08edb763eeffd36375a6c127766554f5465c7d6fd4d0c1b143e27bacf1e43e39c9ce139b28bbd29a166a1d064a17017c0a6687b7b8b0897ab6e2ee82e153e868848849e36506022cc3b524879e1172e91d0fa7c57dda6241a47cd5e88485765bfe7489e204fdddbd9d5963faee886647a9b0b98d4afd12f9c3bad508daf1e1"], 0x28}}, 0x0)
stat(0x0, &(0x7f0000000200))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0], &(0x7f00000000c0)=0x10, 0x0)

1.230971582s ago: executing program 7 (id=6360):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
inotify_init()
inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x24040010}, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000040)=0x4, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0)
write$binfmt_aout(r4, &(0x7f00000003c0)=ANY=[], 0xff2e)
syz_open_pts(r4, 0x0)

1.228771433s ago: executing program 5 (id=6361):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
ioctl$sock_ifreq(0xffffffffffffffff, 0x894a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x1c, 0x1, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0xea1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), r1, 0x1}}, 0x18)

1.175998327s ago: executing program 5 (id=6362):
recvmmsg(0xffffffffffffffff, &(0x7f0000006bc0)=[{{0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000002c80)=""/4096, 0x1000}], 0x1}, 0x94}], 0x1, 0x10000, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000340), 0x2000011a)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c561e117436c379000000000000000058000b4824ca945f6400d40f6a0325010ebc000000000000008000f0fffeffd809005300fff5dd00000010000100070c060000000000224e0000", 0x58}], 0x1)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000003980)}}, {{&(0x7f0000000000)={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000040)="cd09c468713e46961029f891744168055d8fd2fe9b44c9bf5f33ec0aed69a6397081d8cc97173a7dd3a7", 0x2a}, {&(0x7f0000000100)="50a2997fb0ab2ae0e3bc09dce460ea", 0xf}, {&(0x7f00000003c0)="8da2e719d93377148e19e40365d4c6a7ce9e4786302c30c32ccae49dc0d2e42f2085ef70f39aef35eb41b1069ce6ca99538cc8e6366514012ea0a9a4e673e29df3ebd84f6293f25920bc7b3c1f5f8ef417d2d7f03aeba5b801ee2fdf1b3bb8573bba237146d30208b74b1953776a926766700d5144f3ec93d28c44deb976b14d35d857edce43f8e22df330416b3fdbf441c9a4bca83ead447c2ed1ddb4aca147f5c416c2c134c9e64d6b730deea9ca98725f1ce7b20681e9d6749526b56fccff096866d1de67600081a72f4fe46fe0ddd0bdb0142f89617b823049a534c0cbe5c273bcf2930d6ea95469d1ea1f8915400d29087f7a647566046e0e9b887cfb6333704c65fa87bd1e42fb09624ae3d69e0bf7322ca7239d510f828d789b0bf5977c27bec51494e72acea2033707b9ffab269fdff9f1a40da39ad288158927e22a9ba83d69463638ce7573047770e97807df6c76cf7f9873681168f7e4a034cc868d3f35bcff46a7583e7e820ce88dc47f615d0585be48eef1b9974af23b721015e4a94cedef5bd2d6494118852417e8033967979c7d8140353ef3dd635b3d89618463f9b8531a7677ee55727aa288954f1f04ec72a5698ff0f532fefaa8df806d2fee5c45efd1f8d7cd4e7969bf48b6ac198004999df9192ab3c7bad0f3c2266aa05dc453f1741f71f95d3e01534101f1fb1273ba091ff79184cdb254b3bd272e05845390d8373f9427049d61d294bb8e1e5b8ddad4ee7c4d6824d70642074d006b15bb9a9de6693461397b1feddc74faf50cfabd61595ea789028f0d24705f391ba778ac9009de8b76411f3324d9c97ca94c54674929f241aa59d3ee8f4b1f05a9c6855003f7ac0282f66b5cb866dc9b24d4c566e8300ad322231b43dfccbce50450cdf81fae7ed9336b9ee6d9050c64a2ad8f8252035c0176f3e6fff907b5dbee11b7fa3070da60f1ba30fcc2ea31a0345b5434a3f8d377651e348eb65adfd00942753345a872463b0f8575643b47e6dd3c40a038dc65cb63122d32df7096eb85706ed2dc95db461ee409250fceb66833451a6d929fb99ba0cb3af3aef588f7b611d535efd20545fcf7daa0fd7d56998e226b059659201608bc2b53d19e93c5f6842d6b4235effdf59873bc7623e41ebe1b29eb23fe61ec64abdeb0e0b9c1366eb1ff8dcacf02b3105becaf9639b06c632327f210056fe3f985dda7b01f3dfcecf6b14eef0747353db4bc1ed265ea2bfddcf32d73a149bc85106f0768adfe59c2e39adafbcf5ad876265a22fcde77e385e44abf9d2d5118abbb80270dbc2fa80ddf16d6b98ad2d2757a6a57e8720e944765e13792a4d9ecc8e99ed1308f71bfe06a18547b4b5011f5e82b1d1b7ad9412d0fc7347c34992bde8602c1e775512c902a2930fb0bb2af0c7c985149c773d0531d0dec531cca1a3afb47646399303bcb2dfd6d880817a8f01246dc7b4344a7fba2847a9f7ec3fa77faf283807eeb8688eb675bd78e30ee648126ea9b874bac46fb1dca645b60a3c5af68667e9c8d857c826f1b60436f5b49a3ac32f1e2aabc49e26c08acc2608781c2b0a06dbd68b6f1b6b4002a509a96e797e7b03b6bad5b5879d0863d6c54b05915bbfe2520665540b9779014ddd5aaf5012f5ce3dda8f465bca1fb335a77e4db06337e925b17938bfd90dac87cb8c85acbeea400d738d9f4614760ffabcc7c2b4869faa30878b85bcdb6e52e3fa75be2344657380d2a9594a5d00084851e7335112b0ae9d760de91fb08e7e2fa0dcc977c6ddbc6f4d9f3d920ac7c34580d28a3f37c9158ffa362e20a173e5d2e7cbcd56bf70a4f943a64971f62a0655b807cc625a1fc365b144eea71d6ca2211c5ff09fd7056bfc764c9c2c88ba0373d5a940091b4055a3272d11db4cefa6040a17e87ced578343505c1ca96ef01bb19de0f2784965b277ad961ce1e185bdbb1085d7f5c63ae1ec357f7d85cbc4a5a4a66a25313eab84fce30a4df85e512bb2d694a49ccd131210a3e247169a49b8f75ca3a56d3b10f16a51417a565496ccb360d8740c8b5cab843c87ab7b2f0a0e03860b24e38739fc43dd424cfa6b0376747e10a31e8673c608d3375944efb2a8777fb2d6b513baf053766ec792e80ccd0df5e95998f3427e961bbe5c2dbbba5153412b88817a47b97f69ce6d3f0f66506062a82a20d4a64036794ebc8c342aae2361b45a5743d2899c0541aceaf73ddebb66d7565f242bc77109c425db1a652ffbc3da3850cbe57cb10f3f5f3ecf987ace9ec671198e3fecdce02c6ef2ba022172a5adc79cf3338116571d0eec804780ad2c1cf226d60129f6c22d5045399b7d99eac7f5771dfe32c0a49dfe240b893d98b38cb2479fd863f9b7b779ffd504a6d1bd02ffab13350cdaf8fbba7e08504defed113de0205a3f2c0625df9116ef52e2cbd8f4af068238821fab9316bb31af17ace484935e8ae0a72992c9ea02deda3bcf73a1fece78c5cc6e2732f0bdf0f075c22f02e9aae1e8cae2bcca91a2ab32647c3399bcc0ec68300f446e252b68422cefd6d8476bca552cfd091471b50f511d38356cb0b08ed6d7b1fefb87ea970e98a91fe79ebcb7535c356e8c09fb0f8620a29a28790fc2c94d7ee2e3d6599884c0c89d420f2e7854ca404cd15a0692ddfb9128f5a8d293cfd7131e4d10769fd5194e7304770da82cd4bca08f0506869d38a4f88f5c369976db3ba0c47da1ebcc99e9db67dc7c79faa91d30ca86ee1efd03320395dd87f58b8b26c992b6ef8b08a0f9958fecf2a6885d2705a5197e1401ebd0ef997745e2d1dcb22307b126c49a737893cebad9e87e6df18d316edb50d65581d225b34ee387d3b1679b283b3e81b0d064007f01d08969beb53ddd4a76e85d19779c3e0aac4c4a0c6d131f287f5e934cf04015197c70a4b7babf8d2f396bc82814ca6f71680e326f49f38f852b83cf2ddb43e3248687aa1f0b33eb3a830e8e4b7fc50b59bd1ac9cb0d016406b80d7c1a0c231bbb8e68d4fbdb00af90baebd5fc511ebc46d7f7ce88bd7be0b0670330a3cb49da4f22da3915cf9a813b14c336cd98ca485997343216598b8642e542040ffb47b3880e1a709f517beed2c1d78064123c23b1f92af9e86c6f9a1f58ed9bd9a31d240d64d27bb795bc4cc900fdae5ec122831083ccdf6a35f22550feb13e08c3166f887fd9940a0268415c946e854b6e1adcb90cb9130bffa14ce808e989d23419b59ba2ed3f9b3b67702ce2104ec3d01f23a40ebb72656923463d9856d56e5757cc9849c8526fdbfe2a0e8b621a7c319f56a741fe80505ac16acede5118bcbca828fa621f37c53934065e5f674342dfda125bea42e5d1420bf1dc3af8d0bd4e697fed42780d86859eb41f391c89bfa3b8f40823be782959f03c07d2e7dbbcc4988a76ac04e4c7ad3f20e001843b66007c0a59260a8c381147752849bd6c56a537870facf3799092538695c915f49e38744786514b89537337c5876782902db6216aac16c37b36c9b6762ced547eb4df4bffc7dd3be58a04a632ec9e1a3c115338302b4d68897ff94b08bbfe275626982f5d08ff4b0534de800a3d192e4850b34a9756a3b5c643d6768f6be51c2b8d781191bb172e13f92de256fb259309d443bd11da2c6be2880a82915a4f7427c4f7deadaf7a168a75779d24fe990edabe4afc694f15bfe01d91b99cbb9523d2ead26fe70c7235d0af50517f34d01047b7434eebe2e55401ab1f2f4668c4881258498c642c298c846a99a4c7236ddc598a0fc8d26078c87622d8e72f75739b1fe0773409e284de643ecb2cb45c63d0a216b9e39080e0d019977bfc820826c7f8dc2ba081341a76be86a2066a3ea3452ff0c1542fd5ef2647546422c880733d7ef13c72784293d54c28b2aa66dd202df83a0ea99b22920651a51495d147afd4e7d4ebab81d75f7f7ed30b8f9dee0df237516e4ba75b136fea66b0bd52dc04a9926a9ce6fc9081adae32b36095e84980f5ceaa9c1f068d92e5a9b57aab57e8d3e1cb06d6cd95970bd6287a2fd3901b7d8cfadb67571d790e209cedb8e9b95d1e5a48c927a5760838cbdfcedea1a5a52f06170497fb99e9a1d10c06d07e51451ed417c676f2faae67b96ace655cdecf99f669a00624ade48bec6068c3b3528588489b195660245f0928c0f433a5fdc68c57cc98902e6bf1bc93ad72c17b13b3b71381e0cc4f8ad3d6b16b936dd8bd00f78547459b9dc3bc280d44255615935b2cf4d3b9b55c4384574fa154a02a9b684eea4389b6e91447889cf957d39a78515b83f8a61902c12d1e3e62ec99be1af51c3b9d0c72ab3ecad9101136821566f3f2807fd5b5c1f8a6acc36dae8", 0xc00}, {&(0x7f0000000140)="b562d7a99412479244c094ec56f6b464c0238b129d716ed58a37c5904db851cac532c2c114f46e5ee246ba472c070dc6c006d0090e991d399d5f0e37", 0x3c}], 0x4}}, {{0x0, 0x0, &(0x7f00000014c0)=[{0x0}, {&(0x7f00000002c0)="4e12c4e98d70292d61879b6a86b523a7ec2d4d17b60c02eb7d7b001138e55d8991c004effff9f258f8d05c375747cf2fbfecd270cfd8d7471570e369670f85b9dd025f2742ff61bee71314e92a700cf960690e6a3b2a6cf6b14a5da683c9e5edeff61a62545d6a617ba38a663b40cc4df2e2977cc5443e2a8ffb616c21ed91252b0a45c39a3e1172c9d6dac193fab172f2cf1123c8b2b45717766f", 0x9b}], 0x2, &(0x7f0000001500)=[@rthdrdstopts={{0x20, 0x29, 0x37, {0x2f, 0x0, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x1}]}}}, @rthdr={{0x78, 0x29, 0x39, {0x3c, 0xc, 0x0, 0x6b, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @broadcast}, @loopback]}}}], 0x98}}, {{&(0x7f00000015c0)={0xa, 0x4e23, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c, &(0x7f00000026c0)}}], 0x4, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000280)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
open(&(0x7f00009e1000)='./file0\x00', 0x4f00, 0x3)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

978.670257ms ago: executing program 1 (id=6363):
setreuid(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0xb, &(0x7f0000000080)=0x97f, 0x4)
getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x5c)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='5', 0x1, 0x8080, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r4 = io_uring_setup(0x4fed, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f3})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
io_uring_enter(r4, 0x2219, 0x7724, 0x16, 0x0, 0x13)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={<r6=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f00000006c0)={r6, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xfff0, 0x1}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000280), 0x0}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001000))
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x5452, &(0x7f0000000400)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdf\x85\xaac{\x8c\x8ffp`-\xcd\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\t\xed\x13q2\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\xcb\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca\x04\x00\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x03\x00\x00\x00\x00\x00\x00\x00\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\xf3\xcf\x17\xf5\x86%\x7f\xec\xb2\xc5E\x00\xb2e\xa8\xf1<\xb2\xc82\xbf=o\x00\x00\x00\x00E\x00\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x922A\x95\x8e\xbc\xc8<s,\xb023Z{\x9f\xc2\x94+e?\x87\x95\x8e\r\t\x0er\x92\xe2\t\xc4S\xd4\xd2\x87.&`\x95\'=0\r\xd2n\xf5\xcd\x9b\x15Oo\xd8Nj0\xe2\xe5A\xb2\xc3\xf7\xc8\xe7 \"+\xd6\x9e\x18\xec\xb7H\xf9\vd\xebE\x9dtI\xe5\xb5\x8e3\x19<\xdeS\xf4\xe6\xba\x0er\xfc]\xcbd@\xe8R#(u\xe1\x9b\xb7\xd5\x82\xab;\xdb\xa2\x9e\xe8W;\x86\x89\x99\xa1\x99\x1b\xbd\xaf\x11\xcf\x1d\xb5n\xe3&\x1b Z|\x18\n/\xe4\x83\xb5\xdd\xed\xd8\xba\xe8\x8d{@\xd1\x00\x00\x00\x00\x00')
write$cgroup_devices(r7, &(0x7f00000005c0)=ANY=[], 0xfffffeff)

382.763324ms ago: executing program 7 (id=6364):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
fchdir(0xffffffffffffffff)
write$tun(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x29, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_format(r3, &(0x7f0000000800)='-1\x00', 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, 0x0, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffd, @mcast2={0xff, 0x5}, 0x1ff}, 0x1c)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r7, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$PPPIOCGFLAGS1(r7, 0x8004745a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x18010, &(0x7f0000000000)={[{@minixdf}, {@dioread_nolock}]}, 0x3, 0x738, &(0x7f0000000780)="$eJzs3V9rW2UYAPDnnDambtVWUPEPyMSh4li61snYlduV3gwHA2+30malNl1qk8wl7GK78lZEURBBv4P3itd+AL+Cgn9GvZhXkZN/29qki1vbQPP7wUne55wTnvddxvtA30PeAMbWsewljXgxIi4mETOd80lE5FqtyYhz7fu27txcyo4kms1LfyWte7I47vtM5mhE3IqIFyLi51zEiXRn3kq9sbZYKhU3O/FcdX1jrlJvnFxdX1wprhSvnT19euH0mXfOnt27sb71wYfPF7qdnP/thyTOxXQnvH8ce6mdLpf9Ez7gvf1INkLJqDvAI5mMiInO+3MxExOtFgBwmDXzEU0AYMwk6j8AjJnu3wG6a3v7tQ42yB/nI2KqX/7JzprZVGsd8shW8sDKRBIRswfZUQ6lW7cj4srssZ3//5Ida7b/16m96CD76qds/jnXb/5Je/NP9Jl/prrPTjymwfPfvfwTA+a/i0PmeP/lWnlg/tsRLyWTffInvfzJgPxXhsz/493lfwdda34f8fr2+jMRDzxRkOz6fMjc1dVS8VT7tX+OY7WbH+02/iN961/SeoZlt/FvDDn+6c9f/eXWLvnffG337z+J+PN8Z42+K6uJnw2Z/9Pcu18OupblX+6O/9vj9115+Pf/3ZD5z7zycWPIWwEAAAAAAAAAAAAAAAAAAAAAAAAAAOBQSCNiOpK00GunaaHQ3sP72TiSlsqV6omr5dq15WjtlT0bubT7U8sz7TjJ4vnO7/F344VWe6sXvx0Rz0TEF/knW3FhqVxaHvXgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDj6Lb9///Jt/f/BwAOualRdwAAOHDqPwCMH/UfAMaP+g8A40f9B4Dxo/4DwPh5hPqf349+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2Ll64kB3NrTs3l7J4+Xq9tla+fnK5WFkrrNeWCkvlzY3CSrm8UioWlsrr2z+fbItL5fLGwkLUbsxVi5XqXKXeuLxerl2rXl5dX1wpXi7mDmxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADC86daRpIWISFvtNC0UIp6KiNnIJVdXS8VTEfF0RPyaz+WzeH7UnQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPVapN9YWS6XipoaGhkavMeqZCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7evU2/R90TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABil9PckIrLjjZnj09uvPpHczbfeI+KTby59dWOxWt2cz87/3Ttf/bpzfmEU/QcAHqZbp7t1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6qdQba4ulUnGzUk8i4m6zrX2md+nxGqMeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe+e/AAAA//829Mx2")

365.128165ms ago: executing program 5 (id=6365):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000040)=@v2={0x2000000, [{0x9, 0xfffffff7}, {0xde7, 0x8002}]}, 0x14, 0x0)

316.3937ms ago: executing program 5 (id=6366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)

315.86707ms ago: executing program 5 (id=6367):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), 0x0, 0x835, 0x0)

306.761551ms ago: executing program 7 (id=6368):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2, 0x1}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38}, 0x20)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
open(0x0, 0x60840, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000840)='map_files\x00')
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
getdents64(r1, &(0x7f0000002f40)=""/4098, 0x1002)
r2 = inotify_init()
ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000040)={0x2, 0x3, @remote}, 0x10)
syz_usb_connect(0x2, 0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100004803ac20c2154600786c01020301090224"], 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, r5)
sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r5, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x30, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000880}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x300}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_DELAY_DIST={0x6, 0x2, "9f2b"}, @TCA_NETEM_LOSS={0xfffffffffffffe4d}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r8, 0x2007ffb)

297.392052ms ago: executing program 5 (id=6369):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000010c0)='thread_noise\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, 0x0, &(0x7f0000000600))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
timerfd_create(0x8, 0x0)
write(r2, &(0x7f00000001c0)="f1", 0x1)
sendfile(r2, r0, 0x0, 0x40001)
sendfile(r2, r1, 0x0, 0x7ffff000)

144.671107ms ago: executing program 8 (id=6370):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000010c0))
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010028bd7000fedbdf250200000008000100"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r3], 0x4)

82.282572ms ago: executing program 1 (id=6371):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
creat(&(0x7f00000002c0)='./file0\x00', 0x1)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)

81.908332ms ago: executing program 8 (id=6372):
r0 = socket(0x10, 0x803, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r3, @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

76.191073ms ago: executing program 1 (id=6373):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffa, 0x9, 0x0, 'queue0\x00', 0xffff})
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x2, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f0000000800)='GPL\x00', 0x2, 0xfffffffffffffd48, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$incfs(0xffffffffffffffff, &(0x7f0000000280)='.log\x00', 0x101000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r1}, &(0x7f0000000500), &(0x7f0000000540)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r4, &(0x7f00000004c0)=[{&(0x7f0000000580)=""/152, 0x98}], 0x1)

56.507375ms ago: executing program 8 (id=6374):
io_uring_setup(0x3442, &(0x7f00000001c0)={0x0, 0xddae, 0x8, 0x2, 0x31a})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSETMODE(r1, 0x4b3a, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000300)=0x1, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='net_dev_start_xmit\x00', r3, 0x0, 0xffffffffffffffff}, 0xfffffffffffffff4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4004080)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x24040010}, 0x0)
close(r4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x404c885)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0x81, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000180)="ca", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001280)="1b1c01", 0x3}, {&(0x7f0000000000)="3f21b953a3743d9c07bc5962176d3ef79e3dbf2069a78d8225ea834a4aece31f5658a13d9f0339a1b4dccf127af25ea5078fcdad0573f35d6713a56b1c3a5340514e516567c1fc15e38ad62dd30a8139e725792f667bfd86dbe670ddb2c3ad99438a4e348f75a7e40a232f042d2e2452aaeac40b04f83ad7727be9050e7fe82ca83d8c7114ec23a9a694ead8b9c9ad7eddb99ea84fb9443baa165806d79654776a506841cc67fd0d62d7c22c0a2452ced4f0dac02844791a13fc8b1bb6d67b2f3c375ca20726ac18ae2bf061", 0xcc}, {&(0x7f0000000380)="71b795e487d30cad53e80fbbfda021aa5cccbea60f044d38e5f48118719d73dccc6cd826a83a5c616a6b626eb24b2b5e23995356c8047a1a5ac27c03bf4ec5b984b816d979c613a515d24c250e8504bff55928477b1fc2958b", 0x59}, {&(0x7f0000000480)="8157e50d17d692ca9f4b7ee5e4720fe8b9f817b67805c1dc28495e163e4c70a75a212751781252313ce3dd6a1ec8a7b28cabf14383dd1068062f6449afabe99194b01ecb1b159931181fd7512648a9c0a598b88993c68de565b27a4fcc557209da6995005881b7b7292ac1c774dcfeba1d8483833eb423bce0cabc2f1363f225386ef7b25b2a5e1846d0343bb9d720f2fa005c9aadda32d87c6090a221724a2bdfad70e2220ced49cfcb6f4f3bb5c0b5e2ff23f3c89f5257c6cc71abb7319735090d1d9fa66bfbddf9fda617ea730ec34903aa100c7d1f22a9ce532a24d443e1a3c84773297a3577bb5e3ae531661bafaa9615", 0xf3}, {&(0x7f00000012c0)="e758bb2e0bfbe9ab3464ac849be8f25c1530e77a006882a73dff56289eea3db5178195c6ea1980abc7f239ac66836f7853bbc81d6a351f43396e531e17f49099cba5d5b1217971db220ac9f9e9e9e1c19d30d1aebde66e992e33db80943d2273b6d6d11b5878060318bb3b97f75e9023933aead9a6d8b7dffade2515bdd551a6d21c1eea26d6abfeb22b8e2805bc6b632d53235bc8420af9d4d0d7fc1b91f5e57992a7bc771846dd07251f2825af45989e3edc749b68159d5c4f395e959d8a5f985f5ebcee18f5cf9f996fabaca1d1813dfba68010ac55ce8a9d0d9f61950af7d33da960fbb479c2363ace6e5678e4fc57df4bee486d3d20605f98794476b061d6d77ee10b53935d567c1c7fef868831a36e2bc8dc5fe4f9663204cd2ff7b5b103243534b3e65d04bfae9cc9046a5716dcc0bcf1285484e21a793d640b8a1dc3cf1bbf4237c4f79b46f9bd18d89baca773446ce857364cbe00308fceb9de420a0818509343488a488db08bc18dab13b43d55214f013deb15ebd2b3524e6f6451ffbc8449efe524278754ff4d6636e7a3d80efffc55459f53b13fd77f6c889a7bcb348287a577eef38a6881f6c737a68e1791b17f0d9e60ef9dacbdd8b1b875d27d04f156c467bd88a636b9cf5eee1e4217c289208362f4f48abd1df22eea55f43e1dc562af240f48f3c30b0451bcbf680f1a0ede9bb48c9ab4303a2a08035316d5d440dc9169e0884c3f0c095c66829daba6a2ed3146085413387b3f73b825da89693b9d7394917b2f703f226dd563b08efd22db4b9e596bc709b246da11e87639868e0f1c4d29c7c4bd4284d73404523b8a7afa28692a134af18fd2e8745994ff2e7377e440e28122adb42ab7ac3b583aef9351fbc6efc847e3d829accb612b36d21c0c6881e8b207247e1ad6bee8b70cc8daee7f0f285e96da731641f6cfb349adc02176c720c15d7a39c0684d4937ac9de33f6d13101d2766e81533e9aa5c65e8ac0af713a178abd844b43741db090d67dd982e7b47b866cb4b76a4b094f05e36acaff62f61a72018e522af9a4e834861798da5b91de318cbbf279647a238fbb7d686f6e19293bfd4595fda4e9bf155b149db44a7063cd7859da2a6e6c61afc0a6291062616a8ed82e328e0443963d52fe94b49c8621b183c10a0b778cd36ee385d1e90c5608fa5967708bfbe0e3f568474d67d5a6e8a275d3786fb8796db2ab96c854dbcc6819067707f5970a6fd022bf64fd7c83948b3277be3226c5d3f7d7024473758caaf77e4addd9404e23debf3c44561ec64022c44898aa4f381b7d2cc0b12b377aa6f5753f24bb2ee9e42f8b6961758c38621f1ec49f29fab585150fd302687f85c9dceb22876c1479ee8b28637ad47e2288d4a5f2a93249b93dbc592b1cd7d53a3ce0d6618b1ac8c546cff5e3202f4958212e6f79751ab49151ab8cae81e0593ada84c99c1865e3cd6b9c9ad36e32557d12f407dad0b184f2118f646080d43022fac729054fc90c428dddd852ae6f4fb1aa0650a751213363978809b92996f591055df2441625d76e1dd50fd16f9d31c6015c0e0c0800c13d5e3149661063f5de2baca346693ed7d254181cca79dcc5610dab90ca6e4377f4b2f673ec869e3684468b9f349e8b9851dec3ca04c70e591c392b8292b87ee7c7b1bc37902e1928bb428c06ec961bea845bc414cc6347bdd8af560e726dbc00c829d716b2e7a583a44a8cfa617009edb039341e34e2ced77c0a481a7dcd4422272d5bbcf939f2e309530b1c97900510c529fa49f8130dca6b239a8807d5aa87c3f9e1abf7fa9ca1557df8d20b8009ff480c2b89b09553216b0d50e34aff47009993ba175b72ef7c7d07c078532e44df3582e80d3de37888abb9678be07f9ac25b487138a35201555a23bb84a2d24ac62ba81d9fa2938528d3d28209e4cd7a900aedc9427830ddb65b01fea19409bcea7042a945d72a6ad469ab94068d70c7ab398224be45eaec3e2fefd5c9d35872871e2215f5189123146835ca5c994016086bc0b259abedc35462069282f32ea46fdbcd1a03850803b0015dc86f8f5c4e955846f76add214f0425f1a5cd1667f4c660985c967bb05429283f8d04a8a3a6cfb1b8103652b8685b82637882f8471d9245f5dc88014f48c9333c1753b531df3d2c4246cafb234a78715098d9bcc2f4847bf3754b0d7d76c503749ccd71257acf746d0bfe9c2914d8fb37f8836ab703c0ff24bc2d923ff1120541bdb3218567fe0cf1ec132a15b8b2c58c8fc916fb4850191b4e5468c2ab698688932509cd86ec27d724bc1182ecb003589c2e225ab1480b9788acb0ba865ac94f19d982458eaf0c0fb709d6bb5a8dcf30d4a956467d0a39175a875ca52a9de836308d2b048be62e963bcf2eaf96b429b6281e62bf27742630d093c9391f9955ce149e9b03efd1ce0d168023e8fde1ebbdf10ec8be3420f96053c1e4a9e6a001c192703b69eff979670c392d19f6d87fa3cec193243c08ae857214fd61017494bde61b3b773ee544023d7cb61a77f40bcf4303e9c12c6398f067132e32d12327c76f1b4768c3bcbe430a3822a2f11b1f907efe4d7b033b08a88b40e15af090e333526640bed92aee4ae1a55785130a65005e555336962d28073be42627e023d6501497aeb1830c59fab7364ef57400d77f5a9ea513bcdef85350d55174b447cd544bd72d796b4adbc5bed41fa026f35299c76cf7c714c421f41cf4fd4f44064726bcb518e118c852aa4ffde96e0a84b193cae36f75dab78e3c25de52a3c87a86bbc01cdbed5f2261ef8348c496ef7aab546fb89847fe50246752edba8ecd678d8fb47e7f80696da31e2ea9bcc0e8169fe79b65c8ade0fe1b8f6c14da403e5f1e3a005801b93ca7c950df2df2c0b5738b2730e939efd70aa25e15b274b9da7951c42ec260285674aa905b34347d470714cd8485733c3f34550ae985f886dc194aac951791e44ac4e318eeedf949a682f45bc65aad6e511f20cac2e2f4a04e56368c5413872273c27f6ec23707609051847f39c16a9345ff0fdf35c4b3c5ca7775644ccbb42fd3314c0451ecfe765daf8fb5d7b68e313a5a7f97f3411410b23c45104cf8f25fc521b61e07370aa6020992c6ffd3b0614121e3a0feb8c084d7810d54c8d4b0e651f28ea2f847613f63dbc312d9f2678d256ab9ea8c43f35ae1b8c9b53de1fe26f6fa6fdb712999151c8c9852290ac4fc9a92750da58b4ee75ed04cc074b67a44841f84475e8ab470f4581546587307292d62e899f49857125a1b319fc5dbed19c19517b8ee39ab729bc63752d2e78094494fe50e623fee2b2d58c8a73dbfef5335a8ab5144069fef5f4bcd196e384bddece94a652ddc4f0abe4b30ea6701c1ec4395115e37790d6ca45a1579903dd4b3960cb2d681f079e893b818f38a713a2e5ff4420a076867a4e0da07e4629a46c75aebe9d7453347ff1730e2e22c2875676c28a5514d5ad6271b273ca365902f888ced28f1f22d6efad9d859a76e9e85436d9b2caad74dbe3485bf0057e36de87dc54a55ef8859bc158731301efa076bd2d7f12078ceabf42a5e4442912225b912eb28ee7cc06e78dd1b53b3550741fbedc4fd3cc50b8ef9596c107417b3d42c450c124bba15a13e8ceb8b03d5533450564b9f427be2b92f468cf57fa1486e23db79f60c6aa698b868da1945ebd14277ea01fc6e13a81f00d641bd30541cf66dd051413807761e46ce4e7d85cd617fe18875b64a1983109d048e396271d3a0f1a8f6e5f32710ac22e7e5f62e344c00663b3840ad1e1ac66dc0efa885ad790dbd6962a50f3b800fef43ce3b76ad0bf48e818c3df4d8b54e8cfe721b9ca93cc986c6768ce3684431fb247d51b390b6fcc2935b0c5beb38f98e0f4c5e478378c931db327d6a627f9b0388bc0b235d23a78dcbaf114ea7dc76d019c506f717c58838962d579923c9d2ccb66693549f8a24858e34a136e5b3db147ad6be2aa328c7a33d1fb89e3b8dcc03c0da79653cec64ca8e479ab543f176e0a268beadedc7cab185c10579debfe61410ff46baad9346851ac5e9d18d944fbdd4e5727b6ef6964f028c870a039ef6f66fb69e8db51a974af1efd58896922a8f4b1653b3de4078991eeb6e503ea1ea32f71fbfd9385dc0cab34e0eaed160bc1eceae1d48f11bcc94bf8b1d5f0f5df8e18b19a85fc36d6850e3120e0643322fff4e9f8b44e4d547c27b7ad69312a4f4593b39b2f603bafeb5ca5b97eb2ae141ae9f8e92db43de9ba068a00dd2eddbb2d221c76551c204a2f781df847771cad74fe452c3ff85e76a6ed8a798e893db1475e74aa7e913403aef94ced2a8d67ea009d7eda346ba2fb9bd127b6d93290312c5ee4330558941be0b10c83c5375894c00997feac148aac4d29fc8ad7a3dadbd9c77d398cda7e5339d9976e18e488ab410725541d7ecd35c697033b456a1ec0d1cc938a8d782a0e284040fc94c0592885062702aa6419936ec57043b8fae47d0b76ac62a39070290dee4ae3dda32f7d130bffc9f611196719c34b94a79457a2914f8e7e4092a4383b696bbe931072e5edf23485a0c7cc9cb38b2245a157c5188ee3dbc1558a654b6c04821b4e0263341f8d774ac24d9a4ac97acb04ecf0bc714298495acc7174444c6d8a95d2beda43973b1ca4d02cadfb20c5a36deb00771ba2b0e2fd960fb7a65ebfb169c619de26812e7f2e75125ecc6f16621a23aed1869c487399133fda6f25d081ec748dc229112124c9ac3de5273994d8e329ec3009cc4bc949337f4f0289081a1174556b47dc7518edab083302dd9cae11005582b476a7715b9d1620158daae117a9a1a8cf087f377534bf04a441f93bc9df4d9d196493adbe56782a653c533e1c98f712528731029740800d1c4169ffa280c9a191be23006b73cf4682b9c621e8ac80d8537fe0a6b53430fc08296331db5fcc00e24be85b1d60f170414cd2887bce0a7a6e0c404916ff3a91efdd5bba671f39200664918974dd4729a6f5fe5bb5f202fb7e5d2c7a1eeadd2e3e90441f6086c79e695c49d6a2a10702330952e683d11f2376108ba9964be36434ce166c1b9bf16923b934caaf8eb0c1492914cfe0ccd2c3eb709431a04e51289576b0d15e1a5149ef4b2d9779e6cc87149f568c205b469aa4081178084192f5f5f01381a89ab206b2a6501f967edf0be1fb2989d99e673f8252f481a5c64011bbe7b460bb493ad2d52eedb33dcec8dbe5554e7c010138e15d23fc915ad3e025788e38dd16bf72d3ec1a056b8e71bfd347f6d9d718870974e398e4771de941040c19bd026753cb40aa20126a332d5f3e2449695fc69bb8f585e872eb06817a85de06bc154176b28785e5b9a2eca770639ede273e970b4fb73312635b7f86f6af436a4192024a4aa58dcdebabbbb08f1669a8fb03b270f9ac8b5c91ce76696ea4b6be2b9787da9737b15aec4cff21b12fd0395032bb1dff2689b1317e8cfc28fa8bc4f519bcd089430684b9effd11c39574030145a31df595e02b68d268a693c8a8da42c37820d3623c55ea0f0e18f93954b5a27d48c178d887e1257e95a9ddab7af85d43ad886feedbcbc58e95e4a1b0368c68a1d4480b63e4f653b6607ab3f014792e31a5ee3241ada9ec45c5d922e3ae81a94a516b2bbaaf6132f21696a4c1b0e3a5ead86d09beeb8a0a3f14330a5792b7fad4ab08fb9b492a58889ff33204801d84333f1438d25a189631417eacdfc13245d8ae3988050fb7e751e36db58da508ddcabf61ade0755612cfcf4fcc78680a8c2a3f82239d", 0x1000}], 0x5}}], 0x2, 0x4000001)
r8 = dup(r0)
syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r8)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000140), 0x103800, 0x0)
fchown(0xffffffffffffffff, 0x0, 0xee01)
socket$can_bcm(0x1d, 0x2, 0x2)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r9, 0x0, &(0x7f0000000180)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)

0s ago: executing program 4 (id=6375):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)

kernel console output (not intermixed with test programs):

ng state
[  375.868701][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.903661][T19004] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  375.914056][T19004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  375.959212][T19153] debugfs: 'ptm0' already exists in 'caif_serial'
[  375.976408][T19121] chnl_net:caif_netlink_parms(): no params data found
[  375.985815][T19153] loop7: detected capacity change from 0 to 512
[  376.010344][T19153] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.033314][T19153] ext4 filesystem being mounted at /553/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  376.046131][T19153] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5519: directory missing '.'
[  376.058884][T19121] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.065963][T19121] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.073433][T19121] bridge_slave_0: entered allmulticast mode
[  376.080126][T19121] bridge_slave_0: entered promiscuous mode
[  376.089634][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.103807][T19170] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5523'.
[  376.113385][T19121] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.120471][T19121] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.127834][T19121] bridge_slave_1: entered allmulticast mode
[  376.134714][T19121] bridge_slave_1: entered promiscuous mode
[  376.164849][T19004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.175333][T19121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  376.186628][T19178] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5525'.
[  376.197055][T19121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.229197][T19183] loop7: detected capacity change from 0 to 512
[  376.237622][T19183] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.241280][T19121] team0: Port device team_slave_0 added
[  376.250281][T19183] ext4 filesystem being mounted at /555/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  376.273253][T19176] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5524: directory missing '.'
[  376.286932][T19121] team0: Port device team_slave_1 added
[  376.320582][T19121] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.327572][T19121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  376.353574][T19121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.365388][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.385012][T19121] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.391984][T19121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  376.418081][T19121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.449260][T19195] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5527'.
[  376.458233][T19195] netlink: 32 bytes leftover after parsing attributes in process `syz.7.5527'.
[  376.467330][T19195] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5527'.
[  376.485873][T19200] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  376.497764][T19121] hsr_slave_0: entered promiscuous mode
[  376.505186][T19121] hsr_slave_1: entered promiscuous mode
[  376.511568][T19121] debugfs: 'hsr0' already exists in 'hsr'
[  376.517308][T19121] Cannot create hsr debugfs directory
[  376.523018][T19204] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  376.558630][T19207] debugfs: 'ptm0' already exists in 'caif_serial'
[  376.582462][T19004] veth0_vlan: entered promiscuous mode
[  376.588179][T19207] loop7: detected capacity change from 0 to 512
[  376.607579][T19207] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.609187][T19004] veth1_vlan: entered promiscuous mode
[  376.634955][T19207] ext4 filesystem being mounted at /558/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  376.665155][T19207] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5531: directory missing '.'
[  376.668575][T19004] veth0_macvtap: entered promiscuous mode
[  376.695387][T19004] veth1_macvtap: entered promiscuous mode
[  376.725968][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.727806][T19004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.756446][T19004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  376.772047][   T31] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.787715][   T31] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.796997][   T31] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  376.807985][   T31] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.006319][T19249] veth0: entered promiscuous mode
[  377.011415][T19249] veth0: entered allmulticast mode
[  377.039666][T19121] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  377.066265][T19121] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  377.084452][T19121] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  377.122999][T19121] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  377.210912][T19281] FAULT_INJECTION: forcing a failure.
[  377.210912][T19281] name failslab, interval 1, probability 0, space 0, times 0
[  377.230716][T19121] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.240369][T19121] 8021q: adding VLAN 0 to HW filter on device team0
[  377.244135][T16636] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.247695][T19281] CPU: 0 UID: 0 PID: 19281 Comm: syz.8.5555 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  377.247727][T19281] Tainted: [W]=WARN
[  377.247734][T19281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  377.247758][T19281] Call Trace:
[  377.247765][T19281]  <TASK>
[  377.247774][T19281]  __dump_stack+0x1d/0x30
[  377.247803][T19281]  dump_stack_lvl+0xe8/0x140
[  377.247834][T19281]  dump_stack+0x15/0x1b
[  377.247857][T19281]  should_fail_ex+0x265/0x280
[  377.247893][T19281]  should_failslab+0x8c/0xb0
[  377.247919][T19281]  __kvmalloc_node_noprof+0x149/0x6b0
[  377.247949][T19281]  ? alloc_fdtable+0x115/0x1d0
[  377.248014][T19281]  alloc_fdtable+0x115/0x1d0
[  377.248038][T19281]  dup_fd+0x492/0x510
[  377.248063][T19281]  copy_files+0x98/0xf0
[  377.248086][T19281]  copy_process+0xc17/0x1ef0
[  377.248183][T19281]  kernel_clone+0x16c/0x5c0
[  377.248210][T19281]  __x64_sys_clone+0xe6/0x120
[  377.248242][T19281]  x64_sys_call+0x12d0/0x3000
[  377.248271][T19281]  do_syscall_64+0xd8/0x2c0
[  377.248345][T19281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.248370][T19281] RIP: 0033:0x7fdb53e6f749
[  377.248387][T19281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.248409][T19281] RSP: 002b:00007fdb528d6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  377.248431][T19281] RAX: ffffffffffffffda RBX: 00007fdb540c5fa0 RCX: 00007fdb53e6f749
[  377.248478][T19281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000026801000
[  377.248492][T19281] RBP: 00007fdb528d7090 R08: 0000000000000000 R09: 0000000000000000
[  377.248507][T19281] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  377.248521][T19281] R13: 00007fdb540c6038 R14: 00007fdb540c5fa0 R15: 00007ffc5fb17a48
[  377.248572][T19281]  </TASK>
[  377.423157][T19290] loop7: detected capacity change from 0 to 512
[  377.431011][T16636] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.439428][T19290] EXT4-fs: Ignoring removed nobh option
[  377.491232][T19290] journal_path: Non-blockdev passed as './bus'
[  377.497431][T19290] EXT4-fs: error: could not find journal device path
[  377.525287][T16608] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.532401][T16608] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.564998][T19121] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  377.575598][T19121] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  377.662465][T19301] debugfs: 'ptm0' already exists in 'caif_serial'
[  377.718480][T19121] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.929037][T19344] loop7: detected capacity change from 0 to 764
[  377.931093][T19121] veth0_vlan: entered promiscuous mode
[  377.951242][T19344] rock: directory entry would overflow storage
[  377.952741][T19345] vlan1: entered allmulticast mode
[  377.957426][T19344] rock: sig=0x4f50, size=4, remaining=3
[  377.957463][T19344] iso9660: Corrupted directory entry in block 6 of inode 1792
[  377.987240][T19121] veth1_vlan: entered promiscuous mode
[  378.012191][T19121] veth0_macvtap: entered promiscuous mode
[  378.022055][T19121] veth1_macvtap: entered promiscuous mode
[  378.042722][T19351] loop7: detected capacity change from 0 to 2048
[  378.052203][T19353] debugfs: 'ptm0' already exists in 'caif_serial'
[  378.054897][T19121] batman_adv: batadv0: Interface activated: batadv_slave_0
[  378.079171][T19121] batman_adv: batadv0: Interface activated: batadv_slave_1
[  378.099880][T16621] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  378.130160][T19360] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  378.139460][T16621] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.150689][T19360] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  378.161397][T16621] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.174119][T19366] debugfs: 'ptm0' already exists in 'caif_serial'
[  378.183921][T16621] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.205602][T19366] loop7: detected capacity change from 0 to 512
[  378.229705][T19366] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.242871][T19366] ext4 filesystem being mounted at /571/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  378.263932][T19366] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5579: directory missing '.'
[  378.335768][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.462128][T19396] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  378.491588][   T29] kauditd_printk_skb: 385 callbacks suppressed
[  378.491604][   T29] audit: type=1400 audit(1766167783.509:27127): avc:  denied  { setopt } for  pid=19389 comm="syz.7.5584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  378.524205][   T29] audit: type=1400 audit(1766167783.539:27128): avc:  denied  { connect } for  pid=19389 comm="syz.7.5584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  378.544046][   T29] audit: type=1400 audit(1766167783.539:27129): avc:  denied  { name_connect } for  pid=19389 comm="syz.7.5584" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  378.570652][T19380] lo speed is unknown, defaulting to 1000
[  378.648417][T19403] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  378.662724][   T29] audit: type=1326 audit(1766167783.679:27130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.686678][   T29] audit: type=1326 audit(1766167783.679:27131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.695893][T19380] chnl_net:caif_netlink_parms(): no params data found
[  378.710325][   T29] audit: type=1326 audit(1766167783.679:27132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.740856][   T29] audit: type=1326 audit(1766167783.679:27133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.764533][   T29] audit: type=1326 audit(1766167783.679:27134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.788162][   T29] audit: type=1326 audit(1766167783.679:27135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.811744][   T29] audit: type=1326 audit(1766167783.679:27136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19404 comm="syz.4.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  378.839633][T19403] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.852701][T19403] ext4 filesystem being mounted at /575/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  378.884279][T19380] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.891640][T19380] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.898322][T19403] EXT4-fs error (device loop7): ext4_lookup:1785: inode #12: comm syz.7.5587: iget: bad i_size value: 2533274857506816
[  378.899586][T19380] bridge_slave_0: entered allmulticast mode
[  378.917828][T19380] bridge_slave_0: entered promiscuous mode
[  378.925033][T19380] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.927458][T19403] EXT4-fs error (device loop7): ext4_lookup:1785: inode #12: comm syz.7.5587: iget: bad i_size value: 2533274857506816
[  378.932118][T19380] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.932327][T19380] bridge_slave_1: entered allmulticast mode
[  378.958439][T19380] bridge_slave_1: entered promiscuous mode
[  378.958455][T19403] EXT4-fs error (device loop7): ext4_lookup:1785: inode #12: comm syz.7.5587: iget: bad i_size value: 2533274857506816
[  378.992775][T19403] EXT4-fs error (device loop7): ext4_lookup:1785: inode #12: comm syz.7.5587: iget: bad i_size value: 2533274857506816
[  379.008794][T19403] EXT4-fs error (device loop7): ext4_lookup:1785: inode #12: comm syz.7.5587: iget: bad i_size value: 2533274857506816
[  379.012294][T19380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.030473][T19409] lo speed is unknown, defaulting to 1000
[  379.056243][T19380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.066134][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.095024][T19417] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  379.110300][T19380] team0: Port device team_slave_0 added
[  379.126020][T19380] team0: Port device team_slave_1 added
[  379.139406][T19421] 9p: Bad value for 'wfdno'
[  379.164917][T19380] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.172044][T19380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.198238][T19380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.213088][T19380] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.220171][T19380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.246135][T19380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  379.282253][T19380] hsr_slave_0: entered promiscuous mode
[  379.288327][T19380] hsr_slave_1: entered promiscuous mode
[  379.294300][T19380] debugfs: 'hsr0' already exists in 'hsr'
[  379.300124][T19380] Cannot create hsr debugfs directory
[  379.374549][T19380] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.432444][T19380] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.504256][T19380] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.534692][T19439] __nla_validate_parse: 7 callbacks suppressed
[  379.534712][T19439] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5597'.
[  379.553033][T19380] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.661942][T19380] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  379.670321][T19380] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  379.679148][T19380] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  379.688023][T19380] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  379.736800][T19380] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.754027][T19380] 8021q: adding VLAN 0 to HW filter on device team0
[  379.774021][T19452] set_capacity_and_notify: 2 callbacks suppressed
[  379.774040][T19452] loop5: detected capacity change from 0 to 512
[  379.793782][T16622] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.800863][T16622] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.831083][T19452] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  379.847353][T19452] EXT4-fs (loop5): mount failed
[  379.853341][T19380] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  379.863840][T19380] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  379.878036][T16622] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.885105][T16622] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.984806][T19380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.014773][   T31] bridge_slave_1: left allmulticast mode
[  380.020624][   T31] bridge_slave_1: left promiscuous mode
[  380.026340][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.056146][   T31] bridge_slave_0: left promiscuous mode
[  380.062038][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.175293][T19466] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5601'.
[  380.229848][T19468] loop7: detected capacity change from 0 to 764
[  380.239781][T19468] rock: directory entry would overflow storage
[  380.245954][T19468] rock: sig=0x4f50, size=4, remaining=3
[  380.251569][T19468] iso9660: Corrupted directory entry in block 6 of inode 1792
[  380.271010][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  380.281491][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  380.291151][   T31] bond0 (unregistering): Released all slaves
[  380.355915][T16608] netdevsim netdevsim7 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0
[  380.365066][T19380] veth0_vlan: entered promiscuous mode
[  380.370974][T16608] netdevsim netdevsim7 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0
[  380.383442][   T31] hsr_slave_0: left promiscuous mode
[  380.389911][   T31] hsr_slave_1: left promiscuous mode
[  380.398204][   T31] veth1_macvtap: left promiscuous mode
[  380.404864][   T31] veth0_macvtap: left promiscuous mode
[  380.410526][   T31] veth1_vlan: left promiscuous mode
[  380.416662][   T31] veth0_vlan: left promiscuous mode
[  380.465302][T19480] FAULT_INJECTION: forcing a failure.
[  380.465302][T19480] name failslab, interval 1, probability 0, space 0, times 0
[  380.478075][T19480] CPU: 1 UID: 0 PID: 19480 Comm: syz.5.5603 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  380.478115][T19480] Tainted: [W]=WARN
[  380.478123][T19480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  380.478138][T19480] Call Trace:
[  380.478146][T19480]  <TASK>
[  380.478157][T19480]  __dump_stack+0x1d/0x30
[  380.478184][T19480]  dump_stack_lvl+0xe8/0x140
[  380.478245][T19480]  dump_stack+0x15/0x1b
[  380.478269][T19480]  should_fail_ex+0x265/0x280
[  380.478298][T19480]  should_failslab+0x8c/0xb0
[  380.478323][T19480]  __kmalloc_noprof+0xb9/0x5a0
[  380.478366][T19480]  ? security_task_alloc+0x4d/0x120
[  380.478428][T19480]  ? mutex_init_generic+0x4c/0x60
[  380.478478][T19480]  security_task_alloc+0x4d/0x120
[  380.478538][T19480]  copy_process+0xbb3/0x1ef0
[  380.478568][T19480]  kernel_clone+0x16c/0x5c0
[  380.478591][T19480]  ? vfs_write+0x7e8/0x960
[  380.478680][T19480]  __x64_sys_clone+0xe6/0x120
[  380.478709][T19480]  x64_sys_call+0x12d0/0x3000
[  380.478735][T19480]  do_syscall_64+0xd8/0x2c0
[  380.478823][T19480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.478849][T19480] RIP: 0033:0x7fbb25dcf749
[  380.478864][T19480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.478884][T19480] RSP: 002b:00007fbb24836fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  380.478911][T19480] RAX: ffffffffffffffda RBX: 00007fbb26025fa0 RCX: 00007fbb25dcf749
[  380.479009][T19480] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000004000
[  380.479025][T19480] RBP: 00007fbb24837090 R08: 0000000000000000 R09: 0000000000000000
[  380.479041][T19480] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  380.479057][T19480] R13: 00007fbb26026038 R14: 00007fbb26025fa0 R15: 00007ffeec7316a8
[  380.479080][T19480]  </TASK>
[  380.769524][T19489] loop4: detected capacity change from 0 to 2048
[  380.784683][T16608] netdevsim netdevsim7 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0
[  380.796047][T19380] veth1_vlan: entered promiscuous mode
[  380.800045][T19485] siw: device registration error -23
[  380.817165][T16608] netdevsim netdevsim7 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0
[  380.829551][T19489] EXT4-fs (loop4): failed to initialize system zone (-117)
[  380.840552][T19489] EXT4-fs (loop4): mount failed
[  380.842891][T19380] veth0_macvtap: entered promiscuous mode
[  380.862957][T19380] veth1_macvtap: entered promiscuous mode
[  380.874467][T19380] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.886728][T19380] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.897927][T11213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.907451][T19494] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  380.916626][T11213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.926020][T19494] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  380.933725][T11213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.961445][T11213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.983279][T19496] loop4: detected capacity change from 0 to 2048
[  381.062161][T19508] debugfs: 'ptm0' already exists in 'caif_serial'
[  381.075758][T19508] loop4: detected capacity change from 0 to 512
[  381.084073][T19508] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.096774][T19508] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  381.109586][T19508] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.5614: directory missing '.'
[  381.215731][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.274306][T19518] loop7: detected capacity change from 0 to 8192
[  381.369181][T19541] netlink: 105116 bytes leftover after parsing attributes in process `syz.8.5624'.
[  381.405645][T19543] loop7: detected capacity change from 0 to 2048
[  381.495171][T19552] loop4: detected capacity change from 0 to 256
[  381.506031][T19552] FAT-fs (loop4): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  381.514749][T19549] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5627'.
[  381.526454][T19519] loop5: detected capacity change from 0 to 256
[  381.533924][T19519] vfat: Unknown parameter '/dev/input/event#'
[  381.661707][T19572] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  381.669705][T19572] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  381.697601][T19575] loop7: detected capacity change from 0 to 512
[  381.714635][T19575] EXT4-fs warning (device loop7): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  381.729535][T19575] EXT4-fs (loop7): mount failed
[  381.742076][T19575] EXT4-fs: Ignoring removed i_version option
[  381.748120][T19575] ext4: Unknown parameter 'nouser_xattr'
[  381.756024][T19575] FAULT_INJECTION: forcing a failure.
[  381.756024][T19575] name failslab, interval 1, probability 0, space 0, times 0
[  381.768843][T19575] CPU: 0 UID: 0 PID: 19575 Comm:  Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  381.768881][T19575] Tainted: [W]=WARN
[  381.768889][T19575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  381.769002][T19575] Call Trace:
[  381.769010][T19575]  <TASK>
[  381.769018][T19575]  __dump_stack+0x1d/0x30
[  381.769106][T19575]  dump_stack_lvl+0xe8/0x140
[  381.769133][T19575]  dump_stack+0x15/0x1b
[  381.769158][T19575]  should_fail_ex+0x265/0x280
[  381.769188][T19575]  should_failslab+0x8c/0xb0
[  381.769284][T19575]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  381.769314][T19575]  ? __alloc_skb+0x324/0x4d0
[  381.769397][T19575]  __alloc_skb+0x324/0x4d0
[  381.769432][T19575]  ? __alloc_skb+0x24d/0x4d0
[  381.769460][T19575]  netlink_dump+0x10d/0x8a0
[  381.769543][T19575]  ? __schedule+0x85f/0xcd0
[  381.769578][T19575]  __netlink_dump_start+0x43e/0x520
[  381.769692][T19575]  ? __pfx_rtnl_dump_all+0x10/0x10
[  381.769715][T19575]  rtnetlink_rcv_msg+0x552/0x6d0
[  381.769736][T19575]  ? __pfx_rtnl_dump_all+0x10/0x10
[  381.769762][T19575]  ? __pfx_rtnl_dumpit+0x10/0x10
[  381.769857][T19575]  ? __pfx_rtnl_dump_all+0x10/0x10
[  381.769883][T19575]  netlink_rcv_skb+0x123/0x220
[  381.769935][T19575]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  381.769963][T19575]  rtnetlink_rcv+0x1c/0x30
[  381.770056][T19575]  netlink_unicast+0x5c0/0x690
[  381.770092][T19575]  netlink_sendmsg+0x58b/0x6b0
[  381.770133][T19575]  ? __pfx_netlink_sendmsg+0x10/0x10
[  381.770314][T19575]  __sock_sendmsg+0x145/0x180
[  381.770338][T19575]  sock_write_iter+0x1a7/0x1f0
[  381.770381][T19575]  ? __pfx_sock_write_iter+0x10/0x10
[  381.770472][T19575]  vfs_write+0x52a/0x960
[  381.770508][T19575]  ksys_write+0xda/0x1a0
[  381.770583][T19575]  __x64_sys_write+0x40/0x50
[  381.770603][T19575]  x64_sys_call+0x2847/0x3000
[  381.770628][T19575]  do_syscall_64+0xd8/0x2c0
[  381.770724][T19575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.770750][T19575] RIP: 0033:0x7f292aecf749
[  381.770769][T19575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  381.770789][T19575] RSP: 002b:00007f292992f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  381.770843][T19575] RAX: ffffffffffffffda RBX: 00007f292b125fa0 RCX: 00007f292aecf749
[  381.770858][T19575] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000005
[  381.770874][T19575] RBP: 00007f292992f090 R08: 0000000000000000 R09: 0000000000000000
[  381.770887][T19575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  381.770901][T19575] R13: 00007f292b126038 R14: 00007f292b125fa0 R15: 00007fffaa63edb8
[  381.770923][T19575]  </TASK>
[  382.136847][T19587] debugfs: 'ptm0' already exists in 'caif_serial'
[  382.213700][T19580] EXT4-fs: Ignoring removed i_version option
[  382.239696][T19580] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  382.292391][T19580] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  382.325321][T19602] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  382.350546][T19602] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  382.358413][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.380065][T19603] netlink: 260 bytes leftover after parsing attributes in process `syz.1.5643'.
[  382.436996][T19609] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  382.445778][T19609] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  382.490469][T19609] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4215: comm syz.7.5648: Allocating blocks 41-42 which overlap fs metadata
[  382.563554][T19609] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.5648: Failed to acquire dquot type 1
[  382.575203][T19609] EXT4-fs error (device loop7): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  382.592763][T19609] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #12: comm syz.7.5648: corrupted inode contents
[  382.605255][T19609] EXT4-fs error (device loop7): ext4_dirty_inode:6502: inode #12: comm syz.7.5648: mark_inode_dirty error
[  382.627679][T19609] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #12: comm syz.7.5648: corrupted inode contents
[  382.642752][T19609] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #12: comm syz.7.5648: mark_inode_dirty error
[  382.655350][T19609] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #12: comm syz.7.5648: corrupted inode contents
[  382.677807][T19609] EXT4-fs error (device loop7) in ext4_orphan_del:303: Corrupt filesystem
[  382.686779][T19609] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #12: comm syz.7.5648: corrupted inode contents
[  382.700379][T19609] EXT4-fs error (device loop7): ext4_truncate:4635: inode #12: comm syz.7.5648: mark_inode_dirty error
[  382.724106][T19609] EXT4-fs error (device loop7) in ext4_process_orphan:345: Corrupt filesystem
[  382.733901][T19609] EXT4-fs (loop7): 1 truncate cleaned up
[  382.743669][T19609] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.774111][T19624] random: crng reseeded on system resumption
[  382.874449][T19609] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  382.887031][T19627] SELinux:  Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped).
[  382.951331][T10512] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.167728][T19637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5659'.
[  383.193221][T19640] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  383.230677][T19640] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  383.293114][T19642] FAT-fs (loop5): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  383.543048][   T29] kauditd_printk_skb: 437 callbacks suppressed
[  383.543063][   T29] audit: type=1326 audit(1766167788.559:27569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.577891][   T29] audit: type=1326 audit(1766167788.569:27570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.601471][   T29] audit: type=1326 audit(1766167788.599:27571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.625124][   T29] audit: type=1326 audit(1766167788.599:27572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.651693][   T29] audit: type=1326 audit(1766167788.629:27573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.675375][   T29] audit: type=1326 audit(1766167788.629:27574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.699095][   T29] audit: type=1326 audit(1766167788.629:27575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19665 comm="syz.1.5670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dd49f749 code=0x7ffc0000
[  383.745161][T19669] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5669'.
[  383.813950][T19670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5671'.
[  383.823137][T19670] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5671'.
[  383.832308][T19670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5671'.
[  383.847864][   T29] audit: type=1400 audit(1766167788.789:27576): avc:  denied  { create } for  pid=19661 comm="syz.8.5668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  383.868363][   T29] audit: type=1400 audit(1766167788.789:27577): avc:  denied  { execute } for  pid=19661 comm="syz.8.5668" path="/100/cpuacct.usage_percpu" dev="tmpfs" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  383.892518][   T29] audit: type=1400 audit(1766167788.799:27578): avc:  denied  { firmware_load } for  pid=19661 comm="syz.8.5668" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  384.231388][T19683] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  384.266863][T19679] EXT4-fs (loop5): failed to initialize system zone (-117)
[  384.474219][T19679] EXT4-fs (loop5): mount failed
[  385.005818][T19719] __nla_validate_parse: 2 callbacks suppressed
[  385.005835][T19719] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5683'.
[  385.057508][T19707] lo speed is unknown, defaulting to 1000
[  385.090287][T19724] net_ratelimit: 10 callbacks suppressed
[  385.090311][T19724] openvswitch: netlink: EtherType 0 is less than min 600
[  385.276332][T19707] chnl_net:caif_netlink_parms(): no params data found
[  385.320480][T19735] set_capacity_and_notify: 5 callbacks suppressed
[  385.320499][T19735] loop4: detected capacity change from 0 to 764
[  385.422347][T19707] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.429499][T19707] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.451377][T19707] bridge_slave_0: entered allmulticast mode
[  385.472184][T19707] bridge_slave_0: entered promiscuous mode
[  385.491942][T19707] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.499071][T19707] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.521323][T19707] bridge_slave_1: entered allmulticast mode
[  385.547422][T19707] bridge_slave_1: entered promiscuous mode
[  385.568479][T19748] loop4: detected capacity change from 0 to 512
[  385.591703][T19748] EXT4-fs: Ignoring removed nobh option
[  385.606966][T19748] journal_path: Non-blockdev passed as './bus'
[  385.613286][T19748] EXT4-fs: error: could not find journal device path
[  385.626950][ T2970] kernel read not supported for file /271/sessionid (pid: 2970 comm: kworker/0:2)
[  385.646248][T19707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.659371][T19707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.694759][T19707] team0: Port device team_slave_0 added
[  385.702710][T19707] team0: Port device team_slave_1 added
[  385.731916][T19707] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.738898][T19707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.764838][T19707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.782766][T19759] debugfs: 'ptm0' already exists in 'caif_serial'
[  385.797135][T19759] loop4: detected capacity change from 0 to 512
[  385.804037][T19707] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.811052][T19707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.836995][T19707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.856990][T19759] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  385.886108][T19759] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  385.907976][T19707] hsr_slave_0: entered promiscuous mode
[  385.914270][T19707] hsr_slave_1: entered promiscuous mode
[  385.914408][T19759] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.5698: directory missing '.'
[  385.920423][T19707] debugfs: 'hsr0' already exists in 'hsr'
[  385.936824][T19707] Cannot create hsr debugfs directory
[  386.044318][T19775] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  386.061558][T19772] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5701'.
[  386.061821][T19775] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  386.084855][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.140871][T19707] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.151226][T19707] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  386.181854][T19783] loop4: detected capacity change from 0 to 512
[  386.191240][T19783] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.204434][T19783] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  386.221511][T19707] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.222232][T19778] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.5703: directory missing '.'
[  386.231908][T19707] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  386.312770][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.336966][T19789] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.379547][T19707] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.389902][T19707] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  386.408973][T19792] netlink: 'syz.8.5706': attribute type 10 has an invalid length.
[  386.416819][T19792] netlink: 40 bytes leftover after parsing attributes in process `syz.8.5706'.
[  386.438412][T19792] team0: Failed to send port change of device geneve1 via netlink (err -105)
[  386.447919][T19792] team0: Failed to send options change via netlink (err -105)
[  386.455478][T19792] team0: Port device geneve1 added
[  386.484766][T19789] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.507576][T19707] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.517921][T19707] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  386.571764][T19789] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.608711][T19707] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  386.626579][T19707] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  386.647878][T19789] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.660990][T19707] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  386.670865][T19707] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  386.708880][T16631] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.731572][T19707] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.742734][ T7384] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.760156][T16631] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.769119][T16631] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.789211][T19707] 8021q: adding VLAN 0 to HW filter on device team0
[  386.810666][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.817737][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.819671][T19807] debugfs: 'ptm0' already exists in 'caif_serial'
[  386.855878][ T7384] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.862972][ T7384] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.875921][T19807] loop5: detected capacity change from 0 to 512
[  386.888188][T19807] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.902989][T19807] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  386.941693][T19807] EXT4-fs warning (device loop5): ext4_empty_dir:3087: inode #12: comm syz.5.5710: directory missing '.'
[  387.007756][T19808] lo speed is unknown, defaulting to 1000
[  387.022528][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.040965][T19707] 8021q: adding VLAN 0 to HW filter on device batadv0
[  387.084892][T19826] netlink: 83992 bytes leftover after parsing attributes in process `syz.8.5715'.
[  387.097200][T19830] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5713'.
[  387.106177][T19826] netlink: zone id is out of range
[  387.111428][T19826] netlink: zone id is out of range
[  387.117202][T19826] netlink: zone id is out of range
[  387.122491][T19826] netlink: zone id is out of range
[  387.132371][T19830] loop5: detected capacity change from 0 to 764
[  387.139376][T19826] netlink: zone id is out of range
[  387.144510][T19826] netlink: zone id is out of range
[  387.156996][T19830] rock: directory entry would overflow storage
[  387.163273][T19830] rock: sig=0x4f50, size=4, remaining=3
[  387.168998][T19830] iso9660: Corrupted directory entry in block 6 of inode 1792
[  387.183500][T19826] netlink: zone id is out of range
[  387.189860][T19826] netlink: zone id is out of range
[  387.200797][T19826] netlink: zone id is out of range
[  387.262211][T19840] debugfs: 'ptm0' already exists in 'caif_serial'
[  387.299587][T19840] loop5: detected capacity change from 0 to 512
[  387.328756][T19840] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.347487][T19840] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  387.362728][T19840] EXT4-fs warning (device loop5): ext4_empty_dir:3087: inode #12: comm syz.5.5717: directory missing '.'
[  387.378368][T19707] veth0_vlan: entered promiscuous mode
[  387.390132][T19707] veth1_vlan: entered promiscuous mode
[  387.407067][T19707] veth0_macvtap: entered promiscuous mode
[  387.420956][T19707] veth1_macvtap: entered promiscuous mode
[  387.427666][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.447812][T19707] batman_adv: batadv0: Interface activated: batadv_slave_0
[  387.565235][T19707] batman_adv: batadv0: Interface activated: batadv_slave_1
[  387.576552][T16631] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  387.589906][T16631] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  387.609113][T16631] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  387.626252][T16631] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  387.680383][T19860] loop4: detected capacity change from 0 to 2048
[  387.700567][T19860] EXT4-fs (loop4): failed to initialize system zone (-117)
[  387.718069][T19860] EXT4-fs (loop4): mount failed
[  387.758249][T19881] loop4: detected capacity change from 0 to 512
[  387.775579][T19881] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.799500][T19881] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  387.822486][T19885] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5727'.
[  387.984144][T19892] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.5726: corrupted inode contents
[  388.062551][T19892] EXT4-fs (loop4): Remounting filesystem read-only
[  388.082609][T19892] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  388.192555][T19900] debugfs: 'ptm0' already exists in 'caif_serial'
[  388.405226][T19908] debugfs: 'ptm0' already exists in 'caif_serial'
[  388.480295][T19916] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5737'.
[  388.489301][T19916] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5737'.
[  388.498292][T19916] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5737'.
[  388.507585][T19916] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5737'.
[  388.529896][T19919] 9p: Bad value for 'wfdno'
[  388.549373][   T29] kauditd_printk_skb: 796 callbacks suppressed
[  388.549389][   T29] audit: type=1326 audit(1766167793.569:28375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19874 comm="syz.7.5724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  388.608578][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.615781][T19925] loop5: detected capacity change from 0 to 1024
[  388.617954][   T29] audit: type=1400 audit(1766167793.569:28376): avc:  denied  { create } for  pid=19920 comm="syz.5.5739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  388.644469][   T29] audit: type=1326 audit(1766167793.599:28377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19874 comm="syz.7.5724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7feaf4d8f749 code=0x7ffc0000
[  388.668243][   T29] audit: type=1326 audit(1766167793.599:28378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19874 comm="syz.7.5724" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7feaf4d8f749 code=0x7ffc0000
[  388.691943][   T29] audit: type=1400 audit(1766167793.619:28379): avc:  denied  { unmount } for  pid=19004 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  388.723094][T19925] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  388.736729][T16634] bridge_slave_1: left allmulticast mode
[  388.742963][T16634] bridge_slave_1: left promiscuous mode
[  388.743043][T19925] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  388.748811][T16634] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.769657][T19931] netlink: 'syz.4.5741': attribute type 10 has an invalid length.
[  388.770602][T19925] EXT4-fs error (device loop5): ext4_map_blocks:825: inode #15: comm syz.5.5739: lblock 0 mapped to illegal pblock 0 (length 6)
[  388.781275][   T29] audit: type=1400 audit(1766167793.789:28380): avc:  denied  { create } for  pid=19928 comm="syz.7.5742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  388.791458][T19925] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  388.822752][T19925] EXT4-fs (loop5): This should not happen!! Data will be lost
[  388.822752][T19925] 
[  388.834038][T16634] bridge_slave_0: left allmulticast mode
[  388.834853][   T29] audit: type=1400 audit(1766167793.839:28381): avc:  denied  { bind } for  pid=19928 comm="syz.7.5742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  388.839723][T16634] bridge_slave_0: left promiscuous mode
[  388.859272][   T29] audit: type=1400 audit(1766167793.839:28382): avc:  denied  { name_bind } for  pid=19928 comm="syz.7.5742" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  388.864945][T16634] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.885804][   T29] audit: type=1400 audit(1766167793.839:28383): avc:  denied  { node_bind } for  pid=19928 comm="syz.7.5742" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  388.914540][T19932] EXT4-fs error (device loop5): ext4_map_blocks:783: inode #15: comm syz.5.5739: lblock 0 mapped to illegal pblock 0 (length 1)
[  388.932035][T19932] EXT4-fs error (device loop5): ext4_ext_remove_space:2955: inode #15: comm syz.5.5739: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  388.940187][   T29] audit: type=1400 audit(1766167793.949:28384): avc:  denied  { write } for  pid=19920 comm="syz.5.5739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  388.956851][T19932] EXT4-fs error (device loop5) in ext4_setattr:6035: Corrupt filesystem
[  389.017369][T16634] bridge0 (unregistering): left allmulticast mode
[  389.131014][T19937] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  389.200823][T16634] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  389.210397][T16634] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  389.220289][T16634] bond0 (unregistering): Released all slaves
[  389.232547][T19931] team0: Port device geneve1 added
[  389.262523][T19939] debugfs: 'ptm1' already exists in 'caif_serial'
[  389.281768][T19939] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  389.294802][T16634] hsr_slave_0: left promiscuous mode
[  389.294925][T19939] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  389.310455][T16634] hsr_slave_1: left promiscuous mode
[  389.326460][T16634] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.327814][T19939] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.5745: directory missing '.'
[  389.344750][T16634] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.353237][T16634] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.372956][T16634] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.381977][T16634] batman_adv: batadv0: Interface deactivated: dummy0
[  389.388767][T16634] batman_adv: batadv0: Removing interface: dummy0
[  389.405012][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.416087][T16634] veth1_macvtap: left promiscuous mode
[  389.423583][T16634] veth0_macvtap: left promiscuous mode
[  389.432153][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  389.533195][ T1039] infiniband syz1: ib_query_port failed (-19)
[  389.631830][T19967] debugfs: 'ptm1' already exists in 'caif_serial'
[  389.902868][T19961] EXT4-fs: Ignoring removed mblk_io_submit option
[  389.922019][T19961] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  389.981766][T20010] ISOFS: unable to read i-node block
[  389.995558][T20010] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  390.016176][T20008] netlink: 'syz.7.5769': attribute type 1 has an invalid length.
[  390.210932][T20025] netlink: 'syz.7.5776': attribute type 10 has an invalid length.
[  390.218804][T20025] __nla_validate_parse: 3 callbacks suppressed
[  390.218820][T20025] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5776'.
[  390.260889][T20025] team0: Failed to send options change via netlink (err -105)
[  390.268442][T20025] team0: Port device geneve1 added
[  390.330281][T20029] set_capacity_and_notify: 5 callbacks suppressed
[  390.330371][T20029] loop7: detected capacity change from 0 to 2048
[  390.483916][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.500850][T20037] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.548045][T20040] netlink: 'syz.7.5780': attribute type 10 has an invalid length.
[  390.556018][T20040] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5780'.
[  390.556356][T20039] loop4: detected capacity change from 0 to 8192
[  390.574205][T20037] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.590699][T20040] team0: Failed to send port change of device geneve1 via netlink (err -105)
[  390.622181][T20037] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.653610][T20048] FAULT_INJECTION: forcing a failure.
[  390.653610][T20048] name failslab, interval 1, probability 0, space 0, times 0
[  390.661802][T20050] loop4: detected capacity change from 0 to 512
[  390.666235][T20048] CPU: 1 UID: 0 PID: 20048 Comm: syz.8.5785 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  390.666309][T20048] Tainted: [W]=WARN
[  390.666318][T20048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  390.666332][T20048] Call Trace:
[  390.666340][T20048]  <TASK>
[  390.666350][T20048]  __dump_stack+0x1d/0x30
[  390.666431][T20048]  dump_stack_lvl+0xe8/0x140
[  390.666457][T20048]  dump_stack+0x15/0x1b
[  390.666480][T20048]  should_fail_ex+0x265/0x280
[  390.666559][T20048]  should_failslab+0x8c/0xb0
[  390.666585][T20048]  kmem_cache_alloc_noprof+0x69/0x4b0
[  390.666612][T20048]  ? dst_alloc+0xbd/0x100
[  390.666644][T20048]  dst_alloc+0xbd/0x100
[  390.666676][T20048]  ip_route_input_rcu+0x15a6/0x1b10
[  390.666751][T20048]  ip_route_input_noref+0x5f/0x90
[  390.666785][T20048]  ip_rcv_finish_core+0x315/0xb60
[  390.666946][T20048]  ? iptable_mangle_hook+0x119/0x260
[  390.667020][T20048]  ip_rcv_finish+0x100/0x1c0
[  390.667043][T20048]  ip_rcv+0x62/0x140
[  390.667103][T20048]  ? __pfx_ip_rcv_finish+0x10/0x10
[  390.667127][T20048]  ? __pfx_ip_rcv+0x10/0x10
[  390.667146][T20048]  __netif_receive_skb+0xff/0x270
[  390.667186][T20048]  ? tun_rx_batched+0xc7/0x430
[  390.667272][T20048]  netif_receive_skb+0x4b/0x2e0
[  390.667307][T20048]  ? should_failslab+0x8c/0xb0
[  390.667351][T20048]  ? tun_rx_batched+0xc7/0x430
[  390.667376][T20048]  tun_rx_batched+0xfc/0x430
[  390.667401][T20048]  ? eth_type_trans+0x215/0x3d0
[  390.667472][T20048]  tun_get_user+0x1ed0/0x2670
[  390.667564][T20048]  ? ref_tracker_alloc+0x1f2/0x2f0
[  390.667596][T20048]  tun_chr_write_iter+0x15e/0x210
[  390.667623][T20048]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  390.667674][T20048]  vfs_write+0x52a/0x960
[  390.667703][T20048]  ksys_write+0xda/0x1a0
[  390.667727][T20048]  __x64_sys_write+0x40/0x50
[  390.667750][T20048]  x64_sys_call+0x2847/0x3000
[  390.667851][T20048]  do_syscall_64+0xd8/0x2c0
[  390.667913][T20048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.667938][T20048] RIP: 0033:0x7fdb53e6e1ff
[  390.667955][T20048] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  390.667977][T20048] RSP: 002b:00007fdb528d7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  390.667998][T20048] RAX: ffffffffffffffda RBX: 00007fdb540c5fa0 RCX: 00007fdb53e6e1ff
[  390.668019][T20048] RDX: 000000000000004e RSI: 0000200000000580 RDI: 00000000000000c8
[  390.668033][T20048] RBP: 00007fdb528d7090 R08: 0000000000000000 R09: 0000000000000000
[  390.668051][T20048] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  390.668066][T20048] R13: 00007fdb540c6038 R14: 00007fdb540c5fa0 R15: 00007ffc5fb17a48
[  390.668087][T20048]  </TASK>
[  390.942503][T20037] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.944176][T20050] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.966490][T20050] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  391.029079][T20054] loop5: detected capacity change from 0 to 2048
[  391.044419][T20062] netlink: 'syz.8.5791': attribute type 33 has an invalid length.
[  391.047474][T20060] debugfs: 'ptm0' already exists in 'caif_serial'
[  391.052335][T20062] netlink: 152 bytes leftover after parsing attributes in process `syz.8.5791'.
[  391.091167][   T31] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.106835][T20062] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  391.114938][   T31] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.153015][   T31] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.153787][T20066] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.5786: corrupted inode contents
[  391.176087][   T31] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.197602][T20068] debugfs: 'ptm0' already exists in 'caif_serial'
[  391.215593][T20066] EXT4-fs (loop4): Remounting filesystem read-only
[  391.234321][T20068] loop5: detected capacity change from 0 to 512
[  391.242952][T20066] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  391.260266][T20068] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.284034][T20068] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  391.299889][T20080] loop7: detected capacity change from 0 to 512
[  391.300332][T20068] EXT4-fs warning (device loop5): ext4_empty_dir:3087: inode #12: comm syz.5.5792: directory missing '.'
[  391.324899][T20082] debugfs: 'ptm1' already exists in 'caif_serial'
[  391.340637][T20080] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  391.364322][T20080] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  391.428074][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.449041][T20091] loop5: detected capacity change from 0 to 512
[  391.455507][T20091] EXT4-fs: Ignoring removed nobh option
[  391.461299][T20091] journal_path: Non-blockdev passed as './bus'
[  391.467566][T20091] EXT4-fs: error: could not find journal device path
[  391.523922][T20096] loop5: detected capacity change from 0 to 2048
[  391.524580][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.532540][T20095] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5802'.
[  391.677947][T20103] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #18: comm syz.7.5797: corrupted inode contents
[  391.722204][T20103] EXT4-fs (loop7): Remounting filesystem read-only
[  391.748776][T20103] EXT4-fs warning (device loop7): ext4_evict_inode:273: xattr delete (err -30)
[  391.876885][T20127] debugfs: 'ptm0' already exists in 'caif_serial'
[  391.912801][T20129] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5812'.
[  391.921813][T20129] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5812'.
[  391.930845][T20129] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5812'.
[  391.990111][T20114] loop5: detected capacity change from 0 to 512
[  391.998869][T20129] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5812'.
[  392.009018][T20114] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  392.017743][T20114] EXT4-fs (loop5): orphan cleanup on readonly fs
[  392.041449][T20114] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.5807: corrupted inode contents
[  392.056320][T20136] loop4: detected capacity change from 0 to 512
[  392.063198][T20114] EXT4-fs (loop5): Remounting filesystem read-only
[  392.071025][T20114] EXT4-fs (loop5): 1 truncate cleaned up
[  392.076753][T16616] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  392.087367][T16616] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  392.098772][T16616] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  392.109719][T20114] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  392.128736][T20136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.158788][T20136] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  392.164852][T20139] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5815'.
[  392.184668][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.217958][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.291060][T20152] netlink: 'syz.7.5819': attribute type 10 has an invalid length.
[  392.298952][T20152] netlink: 40 bytes leftover after parsing attributes in process `syz.7.5819'.
[  392.410280][T20164] debugfs: 'ptm0' already exists in 'caif_serial'
[  392.461417][T20164] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.484754][T20167] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.5814: corrupted inode contents
[  392.497697][T20164] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  392.519071][T20167] EXT4-fs (loop4): Remounting filesystem read-only
[  392.527004][T20173] netlink: 'syz.8.5827': attribute type 10 has an invalid length.
[  392.535729][T20167] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  392.550044][T20164] EXT4-fs warning (device loop5): ext4_empty_dir:3087: inode #12: comm syz.5.5822: directory missing '.'
[  392.612900][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.672392][T20183] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.687650][T20183] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  392.709181][T20179] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5829: directory missing '.'
[  392.769272][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.788355][T20197] FAULT_INJECTION: forcing a failure.
[  392.788355][T20197] name failslab, interval 1, probability 0, space 0, times 0
[  392.801095][T20197] CPU: 1 UID: 0 PID: 20197 Comm: syz.8.5836 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  392.801133][T20197] Tainted: [W]=WARN
[  392.801141][T20197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  392.801156][T20197] Call Trace:
[  392.801164][T20197]  <TASK>
[  392.801224][T20197]  __dump_stack+0x1d/0x30
[  392.801254][T20197]  dump_stack_lvl+0xe8/0x140
[  392.801354][T20197]  dump_stack+0x15/0x1b
[  392.801376][T20197]  should_fail_ex+0x265/0x280
[  392.801404][T20197]  should_failslab+0x8c/0xb0
[  392.801428][T20197]  kmem_cache_alloc_noprof+0x69/0x4b0
[  392.801470][T20197]  ? audit_log_start+0x342/0x720
[  392.801496][T20197]  audit_log_start+0x342/0x720
[  392.801520][T20197]  ? kstrtouint+0x76/0xc0
[  392.801545][T20197]  audit_seccomp+0x48/0x100
[  392.801584][T20197]  ? __seccomp_filter+0x832/0x1260
[  392.801619][T20197]  __seccomp_filter+0x843/0x1260
[  392.801692][T20197]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  392.801725][T20197]  ? vfs_write+0x7e8/0x960
[  392.801747][T20197]  ? __rcu_read_unlock+0x4f/0x70
[  392.801770][T20197]  ? __fget_files+0x184/0x1c0
[  392.801805][T20197]  __secure_computing+0x82/0x150
[  392.801840][T20197]  syscall_trace_enter+0xcf/0x1e0
[  392.801867][T20197]  do_syscall_64+0xb2/0x2c0
[  392.801950][T20197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.802050][T20197] RIP: 0033:0x7fdb53e6f749
[  392.802169][T20197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.802191][T20197] RSP: 002b:00007fdb528d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000088
[  392.802214][T20197] RAX: ffffffffffffffda RBX: 00007fdb540c5fa0 RCX: 00007fdb53e6f749
[  392.802230][T20197] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  392.802245][T20197] RBP: 00007fdb528d7090 R08: 0000000000000000 R09: 0000000000000000
[  392.802260][T20197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.802286][T20197] R13: 00007fdb540c6038 R14: 00007fdb540c5fa0 R15: 00007ffc5fb17a48
[  392.802308][T20197]  </TASK>
[  392.835990][T20204] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  392.982466][T20211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.992291][T20207] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  392.994049][T20211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  393.020081][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.059889][T20211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  393.069077][T20214] FAULT_INJECTION: forcing a failure.
[  393.069077][T20214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.082233][T20214] CPU: 1 UID: 0 PID: 20214 Comm: syz.5.5842 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  393.082267][T20214] Tainted: [W]=WARN
[  393.082287][T20214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  393.082303][T20214] Call Trace:
[  393.082310][T20214]  <TASK>
[  393.082319][T20214]  __dump_stack+0x1d/0x30
[  393.082347][T20214]  dump_stack_lvl+0xe8/0x140
[  393.082432][T20214]  dump_stack+0x15/0x1b
[  393.082513][T20214]  should_fail_ex+0x265/0x280
[  393.082543][T20214]  should_fail+0xb/0x20
[  393.082567][T20214]  should_fail_usercopy+0x1a/0x20
[  393.082652][T20214]  strncpy_from_user+0x27/0x260
[  393.082694][T20214]  getname_flags+0xae/0x3b0
[  393.082723][T20214]  user_path_at+0x28/0x130
[  393.082764][T20214]  __se_sys_fspick+0xaa/0x240
[  393.082799][T20214]  __x64_sys_fspick+0x43/0x50
[  393.082837][T20214]  x64_sys_call+0x2bf9/0x3000
[  393.082866][T20214]  do_syscall_64+0xd8/0x2c0
[  393.083005][T20214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.083032][T20214] RIP: 0033:0x7fbb25dcf749
[  393.083089][T20214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.083111][T20214] RSP: 002b:00007fbb24837038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[  393.083207][T20214] RAX: ffffffffffffffda RBX: 00007fbb26025fa0 RCX: 00007fbb25dcf749
[  393.083223][T20214] RDX: 0000000000000001 RSI: 0000200000000540 RDI: ffffffffffffffff
[  393.083308][T20214] RBP: 00007fbb24837090 R08: 0000000000000000 R09: 0000000000000000
[  393.083323][T20214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.083339][T20214] R13: 00007fbb26026038 R14: 00007fbb26025fa0 R15: 00007ffeec7316a8
[  393.083361][T20214]  </TASK>
[  393.263867][T20211] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  393.440934][T20242] pimreg: entered allmulticast mode
[  393.448751][T20242] pimreg: left allmulticast mode
[  393.466233][T20246] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  393.481516][T20246] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  393.586268][   T29] kauditd_printk_skb: 549 callbacks suppressed
[  393.586286][   T29] audit: type=1326 audit(1766167798.599:28926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.616256][   T29] audit: type=1326 audit(1766167798.599:28927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.641170][   T29] audit: type=1326 audit(1766167798.599:28928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.664705][   T29] audit: type=1326 audit(1766167798.599:28929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.688435][   T29] audit: type=1326 audit(1766167798.599:28930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.712078][   T29] audit: type=1326 audit(1766167798.599:28931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.735575][   T29] audit: type=1326 audit(1766167798.599:28932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.759250][   T29] audit: type=1326 audit(1766167798.599:28933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.782900][   T29] audit: type=1326 audit(1766167798.599:28934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.806495][   T29] audit: type=1326 audit(1766167798.599:28935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20253 comm="syz.5.5855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb25dcf749 code=0x7ffc0000
[  393.846192][T16634] Bluetooth: hci0: Frame reassembly failed (-84)
[  394.112406][T20282] FAT-fs (loop7): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  394.280341][T20288] lo speed is unknown, defaulting to 1000
[  394.502915][T20322] erspan0: entered promiscuous mode
[  394.545803][T20326] debugfs: 'ptm1' already exists in 'caif_serial'
[  394.767131][T20347] FAULT_INJECTION: forcing a failure.
[  394.767131][T20347] name failslab, interval 1, probability 0, space 0, times 0
[  394.779817][T20347] CPU: 1 UID: 0 PID: 20347 Comm: syz.1.5894 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  394.779851][T20347] Tainted: [W]=WARN
[  394.779859][T20347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  394.779874][T20347] Call Trace:
[  394.779900][T20347]  <TASK>
[  394.779908][T20347]  __dump_stack+0x1d/0x30
[  394.779937][T20347]  dump_stack_lvl+0xe8/0x140
[  394.779961][T20347]  dump_stack+0x15/0x1b
[  394.780046][T20347]  should_fail_ex+0x265/0x280
[  394.780101][T20347]  ? __pfx_sock_alloc_inode+0x10/0x10
[  394.780156][T20347]  should_failslab+0x8c/0xb0
[  394.780180][T20347]  kmem_cache_alloc_lru_noprof+0x6d/0x4c0
[  394.780264][T20347]  ? sock_alloc_inode+0x34/0xa0
[  394.780290][T20347]  ? __pfx_sock_alloc_inode+0x10/0x10
[  394.780314][T20347]  sock_alloc_inode+0x34/0xa0
[  394.780338][T20347]  alloc_inode+0x40/0x170
[  394.780370][T20347]  __sock_create+0x120/0x580
[  394.780490][T20347]  __sys_socketpair+0x170/0x430
[  394.780518][T20347]  ? ksys_write+0x192/0x1a0
[  394.780610][T20347]  __x64_sys_socketpair+0x52/0x60
[  394.780636][T20347]  x64_sys_call+0x2df3/0x3000
[  394.780716][T20347]  do_syscall_64+0xd8/0x2c0
[  394.780756][T20347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.780783][T20347] RIP: 0033:0x7fa5dd49f749
[  394.780802][T20347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.780823][T20347] RSP: 002b:00007fa5dbf07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  394.780907][T20347] RAX: ffffffffffffffda RBX: 00007fa5dd6f5fa0 RCX: 00007fa5dd49f749
[  394.780920][T20347] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[  394.780933][T20347] RBP: 00007fa5dbf07090 R08: 0000000000000000 R09: 0000000000000000
[  394.780976][T20347] R10: 00002000000029c0 R11: 0000000000000246 R12: 0000000000000001
[  394.780990][T20347] R13: 00007fa5dd6f6038 R14: 00007fa5dd6f5fa0 R15: 00007ffd63bff088
[  394.781012][T20347]  </TASK>
[  394.781022][T20347] net_ratelimit: 395 callbacks suppressed
[  394.781034][T20347] socket: no more sockets
[  395.222042][T20380] pim6reg: entered allmulticast mode
[  395.227668][T20382] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  395.237699][T20380] pim6reg: left allmulticast mode
[  395.245833][T20382] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  395.265953][T20386] FAULT_INJECTION: forcing a failure.
[  395.265953][T20386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.279087][T20386] CPU: 0 UID: 0 PID: 20386 Comm: syz.8.5912 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  395.279167][T20386] Tainted: [W]=WARN
[  395.279175][T20386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  395.279189][T20386] Call Trace:
[  395.279197][T20386]  <TASK>
[  395.279206][T20386]  __dump_stack+0x1d/0x30
[  395.279235][T20386]  dump_stack_lvl+0xe8/0x140
[  395.279283][T20386]  dump_stack+0x15/0x1b
[  395.279308][T20386]  should_fail_ex+0x265/0x280
[  395.279337][T20386]  should_fail+0xb/0x20
[  395.279368][T20386]  should_fail_usercopy+0x1a/0x20
[  395.279408][T20386]  strncpy_from_user+0x27/0x260
[  395.279494][T20386]  __se_sys_memfd_create+0x206/0x6b0
[  395.279534][T20386]  __x64_sys_memfd_create+0x31/0x40
[  395.279574][T20386]  x64_sys_call+0x28cb/0x3000
[  395.279610][T20386]  do_syscall_64+0xd8/0x2c0
[  395.279653][T20386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.279680][T20386] RIP: 0033:0x7fdb53e6f749
[  395.279698][T20386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.279780][T20386] RSP: 002b:00007fdb528d6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  395.279868][T20386] RAX: ffffffffffffffda RBX: 0000000000000466 RCX: 00007fdb53e6f749
[  395.279883][T20386] RDX: 00007fdb528d6ef0 RSI: 0000000000000000 RDI: 00007fdb53ef4960
[  395.279899][T20386] RBP: 0000200000000ac0 R08: 00007fdb528d6bb7 R09: 00007fdb528d6e40
[  395.279913][T20386] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000000c0
[  395.279928][T20386] R13: 00007fdb528d6ef0 R14: 00007fdb528d6eb0 R15: 0000200000000600
[  395.279949][T20386]  </TASK>
[  395.353355][T20387] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  395.516394][T20399] __nla_validate_parse: 12 callbacks suppressed
[  395.516412][T20399] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5917'.
[  395.522345][T20397] debugfs: 'ptm1' already exists in 'caif_serial'
[  395.614549][T20406] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5920'.
[  395.623631][T20406] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5920'.
[  395.628198][T20370] set_capacity_and_notify: 13 callbacks suppressed
[  395.628225][T20370] loop4: detected capacity change from 0 to 1024
[  395.632617][T20406] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5920'.
[  395.648688][T20406] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5920'.
[  395.660209][T20370] EXT4-fs: Ignoring removed mblk_io_submit option
[  395.671383][T20404] loop7: detected capacity change from 0 to 8192
[  395.751461][T20370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.769249][T20416] loop7: detected capacity change from 0 to 512
[  395.779914][T20416] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.795257][T20416] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  395.816018][T20416] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.5923: directory missing '.'
[  395.817475][T20420] openvswitch: netlink: Missing key (keys=40, expected=80)
[  395.852622][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.862092][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  395.868376][T20422] netlink: 60 bytes leftover after parsing attributes in process `syz.8.5927'.
[  395.878013][T20422] unsupported nlmsg_type 40
[  395.896647][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.946586][T20431] loop5: detected capacity change from 0 to 512
[  395.966897][T16631] Bluetooth: hci0: Frame reassembly failed (-84)
[  395.980403][T20431] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.982311][T20432] loop4: detected capacity change from 0 to 512
[  396.008680][T20431] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  396.020467][T20435] loop7: detected capacity change from 0 to 8192
[  396.031201][T20432] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.048709][T20432] ext4 filesystem being mounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  396.060250][T20432] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.5930: directory missing '.'
[  396.093945][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.111690][T20447] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  396.119388][T20447] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  396.185606][T20448] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #18: comm syz.5.5931: corrupted inode contents
[  396.197789][T20448] EXT4-fs (loop5): Remounting filesystem read-only
[  396.204403][T20448] EXT4-fs warning (device loop5): ext4_evict_inode:273: xattr delete (err -30)
[  396.292198][T20458] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5940'.
[  396.661485][T20472] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  396.781787][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.859318][T20476] loop5: detected capacity change from 0 to 8192
[  396.944827][T20482] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  396.952571][T20482] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  397.129408][T20494] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5953'.
[  397.246040][T20498] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  397.422867][T20506] loop5: detected capacity change from 0 to 2048
[  397.443145][T20506] EXT4-fs (loop5): failed to initialize system zone (-117)
[  397.454336][T20506] EXT4-fs (loop5): mount failed
[  397.614073][T20528] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5964'.
[  397.671045][T20534] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5966'.
[  397.814122][T20548] vhci_hcd vhci_hcd.2: invalid port number 96
[  397.820300][T20548] vhci_hcd vhci_hcd.2: default hub control req: 0300 vfffa i0060 l0
[  397.873787][T20552] loop5: detected capacity change from 0 to 512
[  398.019875][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  398.025983][ T8851] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  398.222668][T20546] lo speed is unknown, defaulting to 1000
[  398.672653][T16616] Bluetooth: hci0: Frame reassembly failed (-84)
[  398.797535][T20552] loop5: detected capacity change from 0 to 1024
[  398.817475][T20552] EXT4-fs: Ignoring removed mblk_io_submit option
[  398.864796][T20552] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  398.867459][   T29] kauditd_printk_skb: 755 callbacks suppressed
[  398.867475][   T29] audit: type=1400 audit(1766167803.879:29691): avc:  denied  { setopt } for  pid=20578 comm="syz.7.5986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  398.904238][T20584] netlink: 'syz.7.5986': attribute type 2 has an invalid length.
[  398.933181][   T29] audit: type=1400 audit(1766167803.899:29692): avc:  denied  { mount } for  pid=20549 comm="syz.5.5974" name="/" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  398.955066][   T29] audit: type=1400 audit(1766167803.909:29693): avc:  denied  { add_name } for  pid=20549 comm="syz.5.5974" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  398.976039][   T29] audit: type=1400 audit(1766167803.909:29694): avc:  denied  { create } for  pid=20549 comm="syz.5.5974" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  398.996616][   T29] audit: type=1400 audit(1766167803.919:29695): avc:  denied  { write } for  pid=20549 comm="syz.5.5974" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  399.019012][   T29] audit: type=1400 audit(1766167803.919:29696): avc:  denied  { open } for  pid=20549 comm="syz.5.5974" path="/73/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  399.042145][   T29] audit: type=1400 audit(1766167803.939:29697): avc:  denied  { create } for  pid=20549 comm="syz.5.5974" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  399.085119][   T29] audit: type=1326 audit(1766167803.989:29698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20613 comm="syz.8.5991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb53e6f749 code=0x7ffc0000
[  399.108737][   T29] audit: type=1326 audit(1766167803.989:29699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20613 comm="syz.8.5991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb53e6f749 code=0x7ffc0000
[  399.132501][   T29] audit: type=1326 audit(1766167803.989:29700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20613 comm="syz.8.5991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb53e6f749 code=0x7ffc0000
[  399.157897][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.411181][T20654] siw: device registration error -23
[  399.699958][T20669] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  399.756836][T20674] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.769712][T20674] ext4 filesystem being mounted at /69/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  399.782514][T20674] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.6013: directory missing '.'
[  399.873189][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.930777][T20679] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.943553][T20679] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  399.971169][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.216112][T20698] bridge2: entered promiscuous mode
[  400.221388][T20698] bridge2: entered allmulticast mode
[  400.393495][T20707] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  400.430006][T20710] EXT4-fs warning (device loop7): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  400.445163][T20710] EXT4-fs (loop7): mount failed
[  400.457409][T20710] syzkaller0: tun_chr_ioctl cmd 35108
[  400.748713][ T8851] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  400.750975][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  400.811888][T20724] set_capacity_and_notify: 4 callbacks suppressed
[  400.811901][T20724] loop4: detected capacity change from 0 to 512
[  400.830382][T20724] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  400.843049][T20724] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  400.996970][T20727] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.6031: corrupted inode contents
[  401.009151][T20727] EXT4-fs (loop4): Remounting filesystem read-only
[  401.015660][T20727] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  401.217691][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.653541][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.126854][T20766] debugfs: 'ptm0' already exists in 'caif_serial'
[  402.137767][T11224] Bluetooth: hci0: Frame reassembly failed (-84)
[  402.181323][T20772] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.229337][T20773] netlink: 'syz.1.6048': attribute type 10 has an invalid length.
[  402.237175][T20773] __nla_validate_parse: 5 callbacks suppressed
[  402.237189][T20773] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6048'.
[  402.263958][T20773] team0: Port device geneve1 added
[  402.282017][T20772] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.343567][T20772] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.402097][T20772] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.467622][   T31] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  402.490437][   T31] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  402.508515][   T31] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  402.526939][   T31] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  402.668377][T20795] loop4: detected capacity change from 0 to 512
[  402.693258][T20795] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.729108][T20795] ext4 filesystem being mounted at /86/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  402.763506][T20802] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6059'.
[  402.799814][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.864173][T20811] loop7: detected capacity change from 0 to 512
[  402.871997][T20811] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  402.880119][T20811] EXT4-fs (loop7): orphan cleanup on readonly fs
[  402.886889][T20811] EXT4-fs warning (device loop7): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  402.902557][T20811] EXT4-fs (loop7): Cannot turn on quotas: error -22
[  402.909569][T20811] EXT4-fs error (device loop7): ext4_ext_check_inode:523: inode #13: comm syz.7.6063: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  402.927756][T20811] EXT4-fs error (device loop7): ext4_orphan_get:1396: comm syz.7.6063: couldn't read orphan inode 13 (err -117)
[  402.940384][T20811] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  402.957947][T20811] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended
[  402.967554][T20811] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  402.979585][T20811] EXT4-fs warning (device loop7): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  403.010973][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.090974][T20817] loop7: detected capacity change from 0 to 2048
[  403.120200][T20817] EXT4-fs (loop7): failed to initialize system zone (-117)
[  403.137965][T20817] EXT4-fs (loop7): mount failed
[  403.275086][T20831] debugfs: 'ptm2' already exists in 'caif_serial'
[  403.305492][T20833] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6071'.
[  403.447586][T20855] debugfs: 'ptm2' already exists in 'caif_serial'
[  403.660999][T20860] FAULT_INJECTION: forcing a failure.
[  403.660999][T20860] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  403.674374][T20860] CPU: 1 UID: 0 PID: 20860 Comm: syz.1.6084 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  403.674408][T20860] Tainted: [W]=WARN
[  403.674415][T20860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  403.674428][T20860] Call Trace:
[  403.674436][T20860]  <TASK>
[  403.674444][T20860]  __dump_stack+0x1d/0x30
[  403.674470][T20860]  dump_stack_lvl+0xe8/0x140
[  403.674511][T20860]  dump_stack+0x15/0x1b
[  403.674533][T20860]  should_fail_ex+0x265/0x280
[  403.674560][T20860]  should_fail_alloc_page+0xf2/0x100
[  403.674587][T20860]  __alloc_frozen_pages_noprof+0x109/0x360
[  403.674646][T20860]  alloc_pages_mpol+0xb3/0x260
[  403.674679][T20860]  alloc_pages_noprof+0x90/0x130
[  403.674711][T20860]  pte_alloc_one+0x1e/0xd0
[  403.674774][T20860]  __pte_alloc+0x32/0x2c0
[  403.674894][T20860]  handle_mm_fault+0x1c8e/0x2c60
[  403.674935][T20860]  do_user_addr_fault+0x630/0x1080
[  403.675043][T20860]  ? ksys_mmap_pgoff+0xc2/0x310
[  403.675092][T20860]  ? __x64_sys_mmap+0x49/0x70
[  403.675125][T20860]  exc_page_fault+0x62/0xa0
[  403.675199][T20860]  asm_exc_page_fault+0x26/0x30
[  403.675221][T20860] RIP: 0033:0x7fa5dd3609e6
[  403.675237][T20860] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[  403.675274][T20860] RSP: 002b:00007fa5dbf064a0 EFLAGS: 00010246
[  403.675290][T20860] RAX: 0000000000000001 RBX: 00007fa5dbf06540 RCX: 0000000000000101
[  403.675453][T20860] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00007fa5dbf065e0
[  403.675533][T20860] RBP: 0000000000000102 R08: 00007fa5d3ae7000 R09: 0000000000000000
[  403.675546][T20860] R10: 0000000000000000 R11: 00007fa5dbf06550 R12: 0000000000000001
[  403.675559][T20860] R13: 00007fa5dd53fc40 R14: 0000000000000000 R15: 00007fa5dbf065e0
[  403.675578][T20860]  </TASK>
[  403.675592][T20860] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  403.880288][T20862] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6085'.
[  403.912719][   T29] kauditd_printk_skb: 872 callbacks suppressed
[  403.912736][   T29] audit: type=1400 audit(1766167808.929:30572): avc:  denied  { read write } for  pid=20865 comm="syz.1.6087" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  403.944013][   T29] audit: type=1400 audit(1766167808.929:30573): avc:  denied  { open } for  pid=20865 comm="syz.1.6087" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  403.969227][   T29] audit: type=1400 audit(1766167808.989:30574): avc:  denied  { ioctl } for  pid=20865 comm="syz.1.6087" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  404.018972][T20875] netlink: 'syz.4.6090': attribute type 6 has an invalid length.
[  404.027995][   T29] audit: type=1326 audit(1766167809.039:30575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.029965][T20875] netlink: 'syz.4.6090': attribute type 30 has an invalid length.
[  404.051856][   T29] audit: type=1326 audit(1766167809.039:30576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.083208][   T29] audit: type=1326 audit(1766167809.039:30577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.107072][   T29] audit: type=1326 audit(1766167809.039:30578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.130809][   T29] audit: type=1326 audit(1766167809.039:30579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.133332][   T31] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  404.154572][   T29] audit: type=1326 audit(1766167809.039:30580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.154643][   T29] audit: type=1326 audit(1766167809.039:30581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.4.6090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0439c6f749 code=0x7ffc0000
[  404.183942][ T8851] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  404.189464][   T31] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  404.210445][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  404.243465][   T31] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  404.252973][   T31] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  404.290434][T20883] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6093'.
[  404.375822][T20905] loop5: detected capacity change from 0 to 512
[  404.390940][T20905] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.404012][T20905] ext4 filesystem being mounted at /89/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  404.437354][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.478297][T20910] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6103'.
[  404.499352][T20910] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6103'.
[  404.544651][T20920] loop4: detected capacity change from 0 to 128
[  404.553745][T20910] bridge5: entered promiscuous mode
[  404.559006][T20910] bridge5: entered allmulticast mode
[  404.591054][T20929] debugfs: 'ptm0' already exists in 'caif_serial'
[  404.673420][T20939] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6113'.
[  404.762439][T20947] loop5: detected capacity change from 0 to 2048
[  404.780551][T20947] EXT4-fs (loop5): failed to initialize system zone (-117)
[  404.787905][T20947] EXT4-fs (loop5): mount failed
[  404.886629][T20967] loop5: detected capacity change from 0 to 512
[  404.900994][T20967] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.6122: bg 0: block 248: padding at end of block bitmap is not set
[  404.915729][T20967] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.6122: Failed to acquire dquot type 1
[  404.927885][T20967] EXT4-fs (loop5): 1 truncate cleaned up
[  404.933983][T20967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.944230][T20972] debugfs: 'ptm1' already exists in 'caif_serial'
[  404.946781][T20967] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  405.529245][T21000] loop4: detected capacity change from 0 to 4096
[  405.537853][T21000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  405.582727][T21004] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6134'.
[  405.592038][T21004] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6134'.
[  405.649167][T21004] bridge4: entered promiscuous mode
[  405.654505][T21004] bridge4: entered allmulticast mode
[  405.701726][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.733805][T21011] loop7: detected capacity change from 0 to 2048
[  405.750996][T21011] EXT4-fs (loop7): failed to initialize system zone (-117)
[  405.758441][T21011] EXT4-fs (loop7): mount failed
[  405.888895][T21043] SELinux:  Context system_u:object_r:tape_device_t:s0 is not valid (left unmapped).
[  405.901669][T21037] netlink: 'syz.8.6146': attribute type 10 has an invalid length.
[  405.969558][T21054] bridge2: entered promiscuous mode
[  405.974797][T21054] bridge2: entered allmulticast mode
[  406.071244][T21074] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.083517][T21075] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.120015][T21081] netlink: 'syz.1.6159': attribute type 10 has an invalid length.
[  406.140775][T21074] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.203641][T21075] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.231767][T21074] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.262613][T21075] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.292002][T21099] bridge4: entered promiscuous mode
[  406.297291][T21099] bridge4: entered allmulticast mode
[  406.304896][T21074] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.366344][T21075] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.381785][T21116] debugfs: 'ptm0' already exists in 'caif_serial'
[  406.394255][T21116] loop4: detected capacity change from 0 to 512
[  406.402548][T21116] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.415493][T21116] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  406.430393][T21116] EXT4-fs warning (device loop4): ext4_empty_dir:3087: inode #12: comm syz.4.6173: directory missing '.'
[  406.462374][T16616] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.471655][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.476010][T16616] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.494727][T16616] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.512819][T16616] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.776033][T21143] lo speed is unknown, defaulting to 1000
[  406.992753][T21160] bridge_slave_1: left allmulticast mode
[  406.998452][T21160] bridge_slave_1: left promiscuous mode
[  407.004293][T21160] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.012680][T21160] bridge_slave_0: left allmulticast mode
[  407.018496][T21160] bridge_slave_0: left promiscuous mode
[  407.024402][T21160] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.075246][T16616] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  407.094785][T16616] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  407.112145][T16616] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  407.126735][T16616] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  407.139347][T21163] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.199472][T21167] loop7: detected capacity change from 0 to 2048
[  407.207245][T21163] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.221062][T21167] EXT4-fs (loop7): failed to initialize system zone (-117)
[  407.228520][T21167] EXT4-fs (loop7): mount failed
[  407.251220][T21163] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.284064][T21172] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  407.303161][T21172] loop7: detected capacity change from 0 to 1024
[  407.310605][T21172] EXT4-fs: Ignoring removed orlov option
[  407.319354][T21163] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.332007][T21172] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  407.450293][T21180] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  407.720288][T21209] __nla_validate_parse: 18 callbacks suppressed
[  407.720306][T21209] netlink: 24 bytes leftover after parsing attributes in process `syz.8.6204'.
[  408.023294][T21225] lo speed is unknown, defaulting to 1000
[  408.515848][T21258] FAULT_INJECTION: forcing a failure.
[  408.515848][T21258] name failslab, interval 1, probability 0, space 0, times 0
[  408.528673][T21258] CPU: 0 UID: 0 PID: 21258 Comm: syz.4.6219 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  408.528789][T21258] Tainted: [W]=WARN
[  408.528797][T21258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  408.528812][T21258] Call Trace:
[  408.528821][T21258]  <TASK>
[  408.528831][T21258]  __dump_stack+0x1d/0x30
[  408.528861][T21258]  dump_stack_lvl+0xe8/0x140
[  408.528890][T21258]  dump_stack+0x15/0x1b
[  408.528912][T21258]  should_fail_ex+0x265/0x280
[  408.528936][T21258]  should_failslab+0x8c/0xb0
[  408.529036][T21258]  kmem_cache_alloc_noprof+0x69/0x4b0
[  408.529062][T21258]  ? do_fcntl_add_lease+0x48/0x2b0
[  408.529089][T21258]  do_fcntl_add_lease+0x48/0x2b0
[  408.529149][T21258]  fcntl_setlease+0xb7/0xe0
[  408.529209][T21258]  do_fcntl+0x5de/0xf60
[  408.529259][T21258]  __se_sys_fcntl+0xb1/0x120
[  408.529300][T21258]  __x64_sys_fcntl+0x43/0x50
[  408.529407][T21258]  x64_sys_call+0x2d6f/0x3000
[  408.529432][T21258]  do_syscall_64+0xd8/0x2c0
[  408.529474][T21258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.529515][T21258] RIP: 0033:0x7f0439c6f749
[  408.529530][T21258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.529549][T21258] RSP: 002b:00007f04386d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  408.529668][T21258] RAX: ffffffffffffffda RBX: 00007f0439ec5fa0 RCX: 00007f0439c6f749
[  408.529681][T21258] RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000005
[  408.529694][T21258] RBP: 00007f04386d7090 R08: 0000000000000000 R09: 0000000000000000
[  408.529707][T21258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.529720][T21258] R13: 00007f0439ec6038 R14: 00007f0439ec5fa0 R15: 00007fffec19c738
[  408.529742][T21258]  </TASK>
[  408.772149][T21260] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  408.790707][T21258] veth0_to_bridge: entered promiscuous mode
[  408.828746][T21264] loop7: detected capacity change from 0 to 1024
[  408.863433][T21264] EXT4-fs: Ignoring removed orlov option
[  408.945360][T21258] loop4: detected capacity change from 0 to 8192
[  408.953791][   T29] kauditd_printk_skb: 319 callbacks suppressed
[  408.953807][   T29] audit: type=1400 audit(1766167813.969:30899): avc:  denied  { mount } for  pid=21257 comm="syz.4.6219" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  408.982768][T21257] veth0_to_bridge: left promiscuous mode
[  409.040533][   T29] audit: type=1400 audit(1766167814.029:30900): avc:  denied  { unmount } for  pid=19004 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  409.066817][   T29] audit: type=1400 audit(1766167814.089:30901): avc:  denied  { module_request } for  pid=21272 comm="syz.4.6223" kmod="fs-sysv" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  409.106801][   T29] audit: type=1400 audit(1766167814.109:30902): avc:  denied  { ioctl } for  pid=21272 comm="syz.4.6223" path="socket:[77982]" dev="sockfs" ino=77982 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  409.132751][   T29] audit: type=1400 audit(1766167814.109:30903): avc:  denied  { write } for  pid=21272 comm="syz.4.6223" name="ipv6_route" dev="proc" ino=4026532477 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  409.162800][T21276] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6224'.
[  409.211022][T21280] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6226'.
[  409.267700][T21278] loop7: detected capacity change from 0 to 512
[  409.277042][T21282] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6227'.
[  409.287130][T21282] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6227'.
[  409.301102][T21278] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  409.313996][   T29] audit: type=1400 audit(1766167814.339:30904): avc:  denied  { remove_name } for  pid=21277 comm="syz.7.6225" name="file0" dev="loop7" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  409.336964][   T29] audit: type=1400 audit(1766167814.339:30905): avc:  denied  { rmdir } for  pid=21277 comm="syz.7.6225" name="file0" dev="loop7" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  409.359238][T21278] EXT4-fs warning (device loop7): ext4_empty_dir:3087: inode #12: comm syz.7.6225: directory missing '.'
[  409.363148][T21282] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6227'.
[  409.392889][T21282] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6227'.
[  409.458305][T21291] bridge1: entered promiscuous mode
[  409.463583][T21291] bridge1: entered allmulticast mode
[  409.592038][   T29] audit: type=1400 audit(1766167814.609:30906): avc:  denied  { append } for  pid=21299 comm="syz.4.6234" name="mISDNtimer" dev="devtmpfs" ino=248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  409.600434][T21303] loop5: detected capacity change from 0 to 512
[  409.810104][T21308] lo speed is unknown, defaulting to 1000
[  409.941617][T21303] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  409.947297][T21311] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6236'.
[  409.959185][T21303] EXT4-fs warning (device loop5): ext4_empty_dir:3087: inode #12: comm syz.5.6235: directory missing '.'
[  410.032087][   T29] audit: type=1400 audit(1766167815.049:30907): avc:  denied  { tracepoint } for  pid=21314 comm="syz.8.6238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  410.056278][   T29] audit: type=1400 audit(1766167815.069:30908): avc:  denied  { read write } for  pid=21314 comm="syz.8.6238" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  410.188016][T21338] loop4: detected capacity change from 0 to 128
[  410.195361][T21338] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  410.213567][T21338] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  410.237576][  T273] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  410.247919][T21339] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  410.269223][T21343] loop4: detected capacity change from 0 to 512
[  410.270308][T21341] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6249'.
[  410.527420][T21346] random: crng reseeded on system resumption
[  410.753267][T21343] loop4: detected capacity change from 0 to 1024
[  410.794313][T21343] EXT4-fs: Ignoring removed mblk_io_submit option
[  410.843519][T21360] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  411.030505][T21378] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #18: comm syz.7.6253: corrupted inode contents
[  411.042698][T21378] EXT4-fs (loop7): Remounting filesystem read-only
[  411.045727][T21390] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6261'.
[  411.058383][T21378] EXT4-fs warning (device loop7): ext4_evict_inode:273: xattr delete (err -30)
[  411.229924][T21402] EXT4-fs (loop4): failed to initialize system zone (-117)
[  411.237387][T21402] EXT4-fs (loop4): mount failed
[  411.285609][  T273] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  411.298377][  T273] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  411.324885][  T273] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  411.350233][  T273] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.555371][T21427] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[  411.713400][T21430] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  411.982381][T21447] set_capacity_and_notify: 2 callbacks suppressed
[  411.982393][T21447] loop5: detected capacity change from 0 to 2048
[  411.999378][T21447] EXT4-fs (loop5): failed to initialize system zone (-117)
[  412.006602][T21447] EXT4-fs (loop5): mount failed
[  412.379600][T21469] debugfs: 'ptm2' already exists in 'caif_serial'
[  412.569887][T21496] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  412.586620][T21491] bridge0: entered promiscuous mode
[  412.592155][T21491] bridge0: entered allmulticast mode
[  412.623447][T21502] debugfs: 'ptm2' already exists in 'caif_serial'
[  412.732335][T21517] __nla_validate_parse: 5 callbacks suppressed
[  412.732352][T21517] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6313'.
[  412.732779][T21519] FAULT_INJECTION: forcing a failure.
[  412.732779][T21519] name failslab, interval 1, probability 0, space 0, times 0
[  412.738810][T21517] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6313'.
[  412.747587][T21519] CPU: 1 UID: 0 PID: 21519 Comm: syz.8.6314 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  412.747625][T21519] Tainted: [W]=WARN
[  412.747634][T21519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  412.747650][T21519] Call Trace:
[  412.747658][T21519]  <TASK>
[  412.747667][T21519]  __dump_stack+0x1d/0x30
[  412.747696][T21519]  dump_stack_lvl+0xe8/0x140
[  412.747745][T21519]  dump_stack+0x15/0x1b
[  412.747828][T21519]  should_fail_ex+0x265/0x280
[  412.747857][T21519]  should_failslab+0x8c/0xb0
[  412.747957][T21519]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  412.748029][T21519]  ? sidtab_sid2str_get+0xa0/0x130
[  412.748067][T21519]  kmemdup_noprof+0x2b/0x70
[  412.748088][T21519]  sidtab_sid2str_get+0xa0/0x130
[  412.748124][T21519]  security_sid_to_context_core+0x1eb/0x2e0
[  412.748274][T21519]  security_sid_to_context+0x27/0x40
[  412.748307][T21519]  avc_audit_post_callback+0x10f/0x520
[  412.748374][T21519]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  412.748430][T21519]  common_lsm_audit+0x1bb/0x230
[  412.748462][T21519]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  412.748509][T21519]  slow_avc_audit+0x104/0x140
[  412.748578][T21519]  audit_inode_permission+0x110/0x150
[  412.748622][T21519]  selinux_inode_permission+0x710/0x7c0
[  412.748724][T21519]  security_inode_permission+0x6d/0xb0
[  412.748792][T21519]  inode_permission+0x20e/0x3c0
[  412.748822][T21519]  may_open+0x255/0x350
[  412.748858][T21519]  path_openat+0x1d29/0x23b0
[  412.748934][T21519]  ? _parse_integer_limit+0x170/0x190
[  412.748966][T21519]  do_filp_open+0x109/0x230
[  412.749063][T21519]  do_sys_openat2+0xa6/0x150
[  412.749098][T21519]  __x64_sys_openat+0xf2/0x120
[  412.749133][T21519]  x64_sys_call+0x2b07/0x3000
[  412.749203][T21519]  do_syscall_64+0xd8/0x2c0
[  412.749242][T21519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.749267][T21519] RIP: 0033:0x7fdb53e6f749
[  412.749285][T21519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.749366][T21519] RSP: 002b:00007fdb528d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  412.749425][T21519] RAX: ffffffffffffffda RBX: 00007fdb540c5fa0 RCX: 00007fdb53e6f749
[  412.749439][T21519] RDX: 0000000000005400 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  412.749464][T21519] RBP: 00007fdb528d7090 R08: 0000000000000000 R09: 0000000000000000
[  412.749544][T21519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  412.749558][T21519] R13: 00007fdb540c6038 R14: 00007fdb540c5fa0 R15: 00007ffc5fb17a48
[  412.749650][T21519]  </TASK>
[  412.972486][T21529] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6313'.
[  413.111784][T21517] bridge6: entered promiscuous mode
[  413.117029][T21517] bridge6: entered allmulticast mode
[  413.131768][T21545] debugfs: 'ptm0' already exists in 'caif_serial'
[  413.136261][T21542] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6320'.
[  413.185955][T21551] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  413.210539][T21553] FAULT_INJECTION: forcing a failure.
[  413.210539][T21553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.223646][T21553] CPU: 1 UID: 0 PID: 21553 Comm: syz.5.6326 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  413.223727][T21553] Tainted: [W]=WARN
[  413.223735][T21553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  413.223748][T21553] Call Trace:
[  413.223756][T21553]  <TASK>
[  413.223764][T21553]  __dump_stack+0x1d/0x30
[  413.223793][T21553]  dump_stack_lvl+0xe8/0x140
[  413.223821][T21553]  dump_stack+0x15/0x1b
[  413.223846][T21553]  should_fail_ex+0x265/0x280
[  413.223876][T21553]  should_fail+0xb/0x20
[  413.223904][T21553]  should_fail_usercopy+0x1a/0x20
[  413.223987][T21553]  _copy_from_iter+0xcf/0xe70
[  413.224045][T21553]  ? __alloc_skb+0x3bb/0x4d0
[  413.224142][T21553]  ? __alloc_skb+0x24d/0x4d0
[  413.224212][T21553]  netlink_sendmsg+0x471/0x6b0
[  413.224255][T21553]  ? __pfx_netlink_sendmsg+0x10/0x10
[  413.224297][T21553]  __sock_sendmsg+0x145/0x180
[  413.224388][T21553]  ____sys_sendmsg+0x31e/0x4a0
[  413.224426][T21553]  ___sys_sendmsg+0x17b/0x1d0
[  413.224511][T21553]  __x64_sys_sendmsg+0xd4/0x160
[  413.224550][T21553]  x64_sys_call+0x17ba/0x3000
[  413.224660][T21553]  do_syscall_64+0xd8/0x2c0
[  413.224739][T21553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.224840][T21553] RIP: 0033:0x7fbb25dcf749
[  413.224860][T21553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.224884][T21553] RSP: 002b:00007fbb24837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  413.224914][T21553] RAX: ffffffffffffffda RBX: 00007fbb26025fa0 RCX: 00007fbb25dcf749
[  413.224931][T21553] RDX: 0000000004000814 RSI: 0000200000000b00 RDI: 0000000000000003
[  413.224948][T21553] RBP: 00007fbb24837090 R08: 0000000000000000 R09: 0000000000000000
[  413.224964][T21553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.225043][T21553] R13: 00007fbb26026038 R14: 00007fbb26025fa0 R15: 00007ffeec7316a8
[  413.225065][T21553]  </TASK>
[  413.239097][T21549] loop4: detected capacity change from 0 to 2048
[  413.459415][T21549] EXT4-fs (loop4): failed to initialize system zone (-117)
[  413.466663][T21549] EXT4-fs (loop4): mount failed
[  413.513220][T21578] loop5: detected capacity change from 0 to 2048
[  413.516697][T21580] loop4: detected capacity change from 0 to 512
[  413.533972][T21580] EXT4-fs mount: 12 callbacks suppressed
[  413.534090][T21580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  413.553656][T21580] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  413.578037][T21578]  loop5: p2 p3 p7
[  413.639244][T21590] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.6335: corrupted inode contents
[  413.694494][T21590] EXT4-fs (loop4): Remounting filesystem read-only
[  413.708664][T21596] FAULT_INJECTION: forcing a failure.
[  413.708664][T21596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.721782][T21596] CPU: 1 UID: 0 PID: 21596 Comm: syz.5.6340 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  413.721849][T21596] Tainted: [W]=WARN
[  413.721857][T21596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  413.721871][T21596] Call Trace:
[  413.721878][T21596]  <TASK>
[  413.721887][T21596]  __dump_stack+0x1d/0x30
[  413.721917][T21596]  dump_stack_lvl+0xe8/0x140
[  413.721945][T21596]  dump_stack+0x15/0x1b
[  413.722040][T21596]  should_fail_ex+0x265/0x280
[  413.722067][T21596]  should_fail+0xb/0x20
[  413.722093][T21596]  should_fail_usercopy+0x1a/0x20
[  413.722130][T21596]  _copy_to_user+0x20/0xa0
[  413.722203][T21596]  simple_read_from_buffer+0xb5/0x130
[  413.722226][T21596]  proc_fail_nth_read+0x10e/0x150
[  413.722261][T21596]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  413.722297][T21596]  vfs_read+0x1a8/0x770
[  413.722356][T21596]  ? __rcu_read_unlock+0x4f/0x70
[  413.722381][T21596]  ? __fget_files+0x184/0x1c0
[  413.722447][T21596]  ? mutex_lock+0x58/0x90
[  413.722479][T21596]  ksys_read+0xda/0x1a0
[  413.722502][T21596]  __x64_sys_read+0x40/0x50
[  413.722655][T21596]  x64_sys_call+0x2889/0x3000
[  413.722686][T21596]  do_syscall_64+0xd8/0x2c0
[  413.722729][T21596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.722757][T21596] RIP: 0033:0x7fbb25dce15c
[  413.722788][T21596] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  413.722808][T21596] RSP: 002b:00007fbb24837030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  413.722827][T21596] RAX: ffffffffffffffda RBX: 00007fbb26025fa0 RCX: 00007fbb25dce15c
[  413.722841][T21596] RDX: 000000000000000f RSI: 00007fbb248370a0 RDI: 0000000000000005
[  413.722856][T21596] RBP: 00007fbb24837090 R08: 0000000000000000 R09: 0000000000000000
[  413.722872][T21596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.722886][T21596] R13: 00007fbb26026038 R14: 00007fbb26025fa0 R15: 00007ffeec7316a8
[  413.722967][T21596]  </TASK>
[  413.724306][T21590] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  413.946312][T19004] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.959478][   T29] kauditd_printk_skb: 511 callbacks suppressed
[  413.959494][   T29] audit: type=1326 audit(1766167818.979:31420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  413.990179][   T29] audit: type=1400 audit(1766167818.979:31421): avc:  denied  { write } for  pid=21608 comm="syz.5.6344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  414.009893][   T29] audit: type=1326 audit(1766167818.979:31422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.033553][   T29] audit: type=1326 audit(1766167818.979:31423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.057157][   T29] audit: type=1326 audit(1766167818.979:31424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.080755][   T29] audit: type=1326 audit(1766167818.979:31425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.104365][   T29] audit: type=1326 audit(1766167818.979:31426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.128050][   T29] audit: type=1326 audit(1766167818.979:31427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.151724][   T29] audit: type=1326 audit(1766167818.979:31428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.175290][   T29] audit: type=1326 audit(1766167818.979:31429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21573 comm="syz.7.6332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7feaf4dc2005 code=0x7ffc0000
[  414.353354][T21627] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6349'.
[  414.397228][   T31] Bluetooth: hci0: Frame reassembly failed (-84)
[  414.425481][T21641] loop7: detected capacity change from 0 to 1024
[  414.432643][T21641] EXT4-fs: Ignoring removed orlov option
[  414.440233][T21641] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.686920][T19707] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.137826][T21677] loop7: detected capacity change from 0 to 2048
[  416.151016][T21677] EXT4-fs (loop7): failed to initialize system zone (-117)
[  416.158423][T21677] EXT4-fs (loop7): mount failed
[  416.199401][T21689] loop5: detected capacity change from 0 to 1024
[  416.206141][T21689] EXT4-fs: Ignoring removed oldalloc option
[  416.212211][T21689] EXT4-fs: Ignoring removed bh option
[  416.220468][T21689] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.241784][T21692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.250348][T21692] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.265723][T21692] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6368'.
[  416.394332][T21702] netlink: 40 bytes leftover after parsing attributes in process `syz.8.6372'.
[  416.418765][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  416.418984][ T8851] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  416.456053][T16616] Bluetooth: hci0: Frame reassembly failed (-84)
[  416.473078][T21689] ==================================================================
[  416.481190][T21689] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  416.488332][T21689] 
[  416.490657][T21689] write to 0xffff88810639028c of 4 bytes by task 21693 on cpu 0:
[  416.498367][T21689]  xas_set_mark+0x12b/0x140
[  416.502893][T21689]  __folio_start_writeback+0x155/0x340
[  416.508377][T21689]  ext4_bio_write_folio+0x5ad/0x9f0
[  416.513594][T21689]  mpage_process_page_bufs+0x4a1/0x620
[  416.519068][T21689]  mpage_prepare_extent_to_map+0x7a3/0xc20
[  416.524888][T21689]  ext4_do_writepages+0x9f6/0x27e0
[  416.530025][T21689]  ext4_writepages+0x179/0x300
[  416.534799][T21689]  do_writepages+0x1c6/0x310
[  416.539399][T21689]  file_write_and_wait_range+0x156/0x2c0
[  416.545035][T21689]  generic_buffers_fsync_noflush+0x45/0x130
[  416.550939][T21689]  ext4_sync_file+0x1ab/0x690
[  416.555617][T21689]  vfs_fsync_range+0x10d/0x130
[  416.560390][T21689]  ext4_buffered_write_iter+0x34f/0x3c0
[  416.565939][T21689]  ext4_file_write_iter+0x387/0xf60
[  416.571158][T21689]  iter_file_splice_write+0x66b/0xa20
[  416.576537][T21689]  direct_splice_actor+0x156/0x2a0
[  416.581659][T21689]  splice_direct_to_actor+0x312/0x680
[  416.587043][T21689]  do_splice_direct+0xda/0x150
[  416.591814][T21689]  do_sendfile+0x380/0x650
[  416.596242][T21689]  __x64_sys_sendfile64+0x105/0x150
[  416.601447][T21689]  x64_sys_call+0x2db1/0x3000
[  416.606135][T21689]  do_syscall_64+0xd8/0x2c0
[  416.610650][T21689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.616555][T21689] 
[  416.618877][T21689] read to 0xffff88810639028c of 4 bytes by task 21689 on cpu 1:
[  416.626508][T21689]  xas_find_marked+0x5dc/0x620
[  416.631295][T21689]  find_get_entry+0x5d/0x380
[  416.635890][T21689]  filemap_get_folios_tag+0x92/0x210
[  416.641188][T21689]  mpage_prepare_extent_to_map+0x308/0xc20
[  416.647002][T21689]  ext4_do_writepages+0x9f6/0x27e0
[  416.652139][T21689]  ext4_writepages+0x179/0x300
[  416.656917][T21689]  do_writepages+0x1c6/0x310
[  416.661521][T21689]  file_write_and_wait_range+0x156/0x2c0
[  416.667161][T21689]  generic_buffers_fsync_noflush+0x45/0x130
[  416.673069][T21689]  ext4_sync_file+0x1ab/0x690
[  416.677754][T21689]  vfs_fsync_range+0x10d/0x130
[  416.682522][T21689]  ext4_buffered_write_iter+0x34f/0x3c0
[  416.688081][T21689]  ext4_file_write_iter+0x387/0xf60
[  416.693301][T21689]  iter_file_splice_write+0x66b/0xa20
[  416.698678][T21689]  direct_splice_actor+0x156/0x2a0
[  416.703801][T21689]  splice_direct_to_actor+0x312/0x680
[  416.709182][T21689]  do_splice_direct+0xda/0x150
[  416.714383][T21689]  do_sendfile+0x380/0x650
[  416.718817][T21689]  __x64_sys_sendfile64+0x105/0x150
[  416.724024][T21689]  x64_sys_call+0x2db1/0x3000
[  416.728714][T21689]  do_syscall_64+0xd8/0x2c0
[  416.733241][T21689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.739140][T21689] 
[  416.741458][T21689] value changed: 0x0a000021 -> 0x04000021
[  416.747161][T21689] 
[  416.749480][T21689] Reported by Kernel Concurrency Sanitizer on:
[  416.755630][T21689] CPU: 1 UID: 0 PID: 21689 Comm: syz.5.6369 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  416.767011][T21689] Tainted: [W]=WARN
[  416.770812][T21689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  416.780867][T21689] ==================================================================
[  417.108103][T19121] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.498703][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  418.498770][ T8851] Bluetooth: hci0: Opcode 0x1003 failed: -110