last executing test programs:

42.782894438s ago: executing program 0 (id=175):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x103440)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_usb_disconnect(r2)
syz_usb_connect$cdc_ncm(0x3, 0xf3, &(0x7f0000000540)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r2, 0x41015500, &(0x7f0000000500)=0x81000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)

41.508953376s ago: executing program 0 (id=186):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x0)
getdents(r1, &(0x7f0000000280)=""/228, 0xe4)
r2 = eventfd(0xffffff7b)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000140)=r2, 0x1)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000000)=0x5, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
r4 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x4f5c, 0x10100, 0x2, 0x100000}, &(0x7f0000000480)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r8}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
io_uring_enter(r4, 0x567, 0x0, 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002ec0)=@deltfilter={0x24, 0x2d, 0x1, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, {0x13}, {0xa, 0x1}}}, 0x24}}, 0x0)

41.367472617s ago: executing program 0 (id=188):
unshare(0x6c000200) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c8000000", @ANYRES16=<r0=>0xffffffffffffffff, @ANYBLOB="000228bd7000fedbdf25460000000800010070636900110002003030"], 0xc8}, 0x1, 0x0, 0x0, 0x20008001}, 0x4080) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYRESOCT=r2, @ANYRES16=r1, @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES8=r2], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x8) (async)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) (async)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040)=0xfe) (async)
readv(r3, &(0x7f0000000c80)=[{&(0x7f0000001780)=""/4096, 0x1000}], 0x1) (async)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a040000059c000000fa5a1082bed4646945f0a7a75fffcd791cdff18243e0e2ac4ffaff6b8693d79377311c327a5e7a000000"], 0x50) (async)
r5 = epoll_create1(0x80000)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x1ffffffffffffdf4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r6}, 0x10) (async)
setitimer(0x0, 0x0, 0x0) (async)
unshare(0x0) (async)
r7 = socket$caif_stream(0x25, 0x1, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r8, &(0x7f00000000c0)={0xe000001a})
finit_module(r8, 0x0, 0x3)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r4], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1e, 0x29, &(0x7f0000000cc0)=ANY=[@ANYBLOB="18000000000000c0000000000000000018000000", @ANYRES8=r1, @ANYBLOB="0031000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000080000000000df7a8af8ff00000000b7080000ff0700007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300"/140, @ANYRESOCT=r7, @ANYBLOB="0000000000000000b70500000800000085000000a50000008500000019000000186400000c000000000000000800000018360000020000000000000000000000dc01c0ff1000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000182a0000", @ANYRES32=r8, @ANYBLOB="00000000080000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x4, 0x2b, &(0x7f00000004c0)=""/43, 0x40f00, 0x44, '\x00', r2, @fallback=0x1a, r8, 0x8, &(0x7f0000000580)={0xa, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0x4, 0x4}, 0x10, 0x0, r6, 0x4, &(0x7f0000000800)=[r8, r9, r9, r8, r6, r9, 0xffffffffffffffff], &(0x7f0000000840)=[{0x5, 0x2, 0x4, 0x5}, {0x4, 0x3, 0x2, 0x3}, {0x0, 0x1, 0x5, 0xa}, {0x3, 0x3, 0x0, 0x8}], 0x10, 0xbc00}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})

41.272010444s ago: executing program 0 (id=191):
syz_mount_image$msdos(&(0x7f0000000240), &(0x7f0000001200)='./file0\x00', 0x2a00410, &(0x7f00000004c0)=ANY=[], 0x1, 0x11aa, &(0x7f0000001280)="$eJzs209rI2UcB/Bf/2hramv9V20vPuhFL4PtwVMvRVqQBpS2EVpBmNJUQ2ISMjkk4qFnT74O8ehNEN9A34W3ooheenKWbZZ2W7qH3WUb2P18LvnCNwPPw8DAM8zvbP2n75rHRXac92NyYiKmuxHpPEWKyZiKkZP46O/1/37c3T/Y3qhWN3dS2trYW/0kpbTw3u9f/fDL+3/05778deG3mThd/Prsn7U/T5dOl8/+3/u2UaRGkdqdfsrTYafTzw9b9XTUKJpZSl+06nlRT412Ue9d649bnW53mPL20Xyl26sXRcrbw9SsD1O/k/q9Ycq/yRvtlGVZmq8ET6P283lZlhFl+VK8HGVZlq9EJebi1ZiPhXgtFuP1eCPejLfi7ViKd+LdWL7417jXDQAAAAAAAAAAAAAAAAAAAM8X8/8AAAAAAAAAAAAAAAAAAAAwfub/AQAAAAAAAAAAAAAAAAAAYPzM/wMAAAAAAAAAAAAAAAAAAMD47e4fbG9Uq5s7Kc1G/HUyqA1qo99Rv/VZdfPjdGHx6qp/B4Pa1GW/OurT9X4mKg/6tVv72fjwg1F/v/v08+qNfiWOnv32AQAA4IWQpUu3nu+z7FH9KD30fuDG+X06VqbvbBs8oWL4fTNvteo9QRCEyzDuJxN34eqmj3slAAAAAAAAAAAAPI67+Jxw3HsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7rEDxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAqwIAAP//DSeWkg==")
open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
mount(&(0x7f0000005440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, 0x0, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000007c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd=r2, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1})
sendmsg$inet_sctp(r2, 0x0, 0x20000095)
shutdown(r1, 0x1)
write(r0, 0x0, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, 0x0)
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000f00)='.\x00', 0x80000, &(0x7f00000008c0)=ANY=[], 0x9, 0x0, &(0x7f0000000000))
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000200), 0xfea7)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0xc, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c6780000335a63bdbcef549ba197fce47ddfdd00000000000000000000a3c5c00c000000a000", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x6]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x24020000)

40.612986314s ago: executing program 0 (id=202):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
r7 = io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f00000001c0))
write$binfmt_script(r8, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r7, 0x2219, 0x7721, 0x16, 0x0, 0x0)

40.14625511s ago: executing program 0 (id=205):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0a00000000000000b702000003c7f11e8870e1028c00000001ca3c17e7a88deb95"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0xc7, 0x85, 0x7, 0x7ffc0001}]}) (async)
pipe2$9p(&(0x7f0000001900), 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) (async)
r3 = io_uring_setup(0x4e5d, &(0x7f0000000240)={0x0, 0xcece, 0x40, 0x0, 0x17c}) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r4}, 0x10) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000190001002cbd700000c8c3532d"], 0x24}}, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r6}, 0x10) (async, rerun: 64)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64)
sendmmsg$inet6(r7, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10) (async)
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000014c0), 0x4000, 0x0) (async)
openat(r9, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) (async)
faccessat(r9, &(0x7f0000000000)='./file0\x00', 0x5) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000000)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x16}], 0x1)

40.091950044s ago: executing program 32 (id=205):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0a00000000000000b702000003c7f11e8870e1028c00000001ca3c17e7a88deb95"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0xc7, 0x85, 0x7, 0x7ffc0001}]}) (async)
pipe2$9p(&(0x7f0000001900), 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) (async)
r3 = io_uring_setup(0x4e5d, &(0x7f0000000240)={0x0, 0xcece, 0x40, 0x0, 0x17c}) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r4}, 0x10) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000190001002cbd700000c8c3532d"], 0x24}}, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r6}, 0x10) (async, rerun: 64)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 64)
sendmmsg$inet6(r7, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10) (async)
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000014c0), 0x4000, 0x0) (async)
openat(r9, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) (async)
faccessat(r9, &(0x7f0000000000)='./file0\x00', 0x5) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000000)=[@ioring_restriction_sqe_flags_allowed={0x2, 0x16}], 0x1)

2.758019578s ago: executing program 5 (id=1040):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="240000003f000500000000000000df25047c0000040000000c0001"], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000409000/0x3000)=nil, 0x3000, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x68412212d699814c)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20, 0x3f}}], 0x1, 0xc0)

2.524272097s ago: executing program 4 (id=1042):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x200000000000006}, 0x18)
r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.442890743s ago: executing program 5 (id=1043):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a40)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b70300000000000085000000730000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2e, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)

2.370187528s ago: executing program 5 (id=1044):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x6, 0x640b9, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x32, 0x43a1bd78, 0x2, 0x9, 0x8, 0x2, 0x0, 0x0, 0x0, 0xc64}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r1, &(0x7f0000000200)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x600, 0x80, 0x0, 0xe0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x4)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCSACTIVE(r3, 0x40047459, 0x0)
read(r3, 0x0, 0x0)
write$ppp(r3, 0x0, 0x0)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="0e", 0x1}], 0x1)
removexattr(&(0x7f0000000580)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000080)=@known='user.syz\x00')
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
r4 = gettid()
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r5}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xf, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = timerfd_create(0x0, 0x0)
readv(r6, &(0x7f00000009c0)=[{&(0x7f0000000200)=""/33, 0x21}], 0x1)
r7 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, 0x0, 0x0)

2.288268905s ago: executing program 4 (id=1045):
epoll_create1(0x80000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x7}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000380)='memory.stat\x00', 0x275a, 0x0)
read(r2, &(0x7f0000000040)=""/190, 0xbe)
r3 = socket$inet6(0x10, 0x4, 0x1a4)
sendto$inet6(r3, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000a80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x18)
r6 = getpid()
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000c0014b7c6d6bfe2a2e43f3add9ec44c00", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000181100", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffce3)
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket(0x10, 0x803, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r8, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r8, 0x5606, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000540)=@filter={'filter\x00', 0x4, 0x4, 0x4c8, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3f8, 0x3f8, 0x3f8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x198, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x6, 0x7}, {0x1, 0x1, 0x4}, {0x4, 0x5, 0x5}, 0xfffffffc, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x528)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1.736530057s ago: executing program 4 (id=1048):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x8}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x6, &(0x7f0000000680)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000000400)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x0, 0x0, r1, 0x0, 0x0, 0x16}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x8, 0x3, r1, &(0x7f00000006c0)="5810235a8c132dec85", 0x9, 0x1}])
syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f00000003c0)='./file1\x00', 0x10000, &(0x7f0000001280)=ANY=[], 0x1, 0x2e0, &(0x7f0000000000)="$eJzs3M1rXFUUAPDzkkwyKchkIRZF8IkbVyGtdOGuQVKQBhRLEMWFwU6x5EWhA4GZRafd6N6FK8X/QJduBRfqxoULtyJIFNzYnVRh5M37MHntfFiJH+3vt5mTe8+5987NJS8hyX398f29y624cuvWYbTbSSwlcT5uR6zFQizGBFXH7VFhUh4A8J/062gUv3iMA8ADxfMfAB489fP/3Hvvb9WtS820F4uX4T+6NgDgZMz78/8d3xEAAP9bl1559eLm9vbWS2najth/9yAOdsavq2XClbgaWXRjIzrxe8SoVsQXnt/e2khzP67Fzv7wYGdcPzzYKf5IcLOqPxOdWMtrho36ZKsVEfkIx+tbcSoi77r63anoxtnoxMN3n/9sWhjXr0ZZvxxPP3Vk/vXoxDdvxNuR1e+9qr9+Jk2fe2E7jaVW2ZPXr8TlKnH1zn37ci38vgQAAAAAAAAAAAAAAAAAAAAAgHu2ntbuen/Pyvqk/qJ+s7oYcCM637587H6e9vH7gZr3+yzFYy4VBAAAAAAAAAAAAAAAAAAAgLFef7C3m2Xda9OCt776+POI6Tn9w69XyzGrllb5cZ3z22AvaeRMn70za9K/ETz05A8fTM65mczen2TGFItJxDAi/uLCPnui0fJacRVDPk47olhY3rWwGH9WJTd6F2fuarvc/dnLWJyx1C8O33z0md7pc82uS49UJ2vcUgeN8pU8aHatTEguguVZZ7U17Wj93DlyDo8GN+/h/KT5JyMPbuQtn5zYEZ0nqN512ZJM3MPTH57f/fT69z/NO3I+aHKSX3oAAAAAAAAAAAAAAAAAAICGXn+wMF/mO8+WgX8KBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC+0+sP9nazrLsc/cFHkWXda1XL1ODCHDl18G+/RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CMAAP//E1B2uQ==")

1.628297015s ago: executing program 3 (id=1049):
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000240), &(0x7f00000003c0)=r0}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.576108049s ago: executing program 3 (id=1050):
socket$nl_xfrm(0x10, 0x3, 0x6)
timerfd_create(0x1, 0x800)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000001f5ff0000000000000000008500000053000000b7080000000000007b8af8ff00000000b7080000001c00007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230100", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xdb755134262f1c00, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000180)='afs_protocol_error\x00', r0, 0x0, 0xfff}, 0x18)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x2160)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

1.523916873s ago: executing program 3 (id=1051):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r4, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0xf3a, 0x0)
ioctl$int_in(r7, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r7, 0x5452, &(0x7f0000000200)=0x10001)
write(r5, 0x0, 0x0)
r8 = io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
ioctl$sock_SIOCINQ(r9, 0x541b, &(0x7f00000001c0))
write$binfmt_script(r9, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r9, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r8, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.523722103s ago: executing program 4 (id=1052):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10208}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000340)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@nobh}, {@barrier}, {@stripe}, {@grpid}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
fadvise64(r0, 0x807f, 0x1000000, 0x4)

1.442284079s ago: executing program 5 (id=1053):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="240000003f000500000000000000df25047c0000040000000c0001"], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000409000/0x3000)=nil, 0x3000, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x68412212d699814c)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20, 0x3f}}], 0x1, 0xc0)

1.321960289s ago: executing program 3 (id=1054):
bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x103440)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x3, 0xf3, &(0x7f0000000540)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r1, 0x41015500, &(0x7f0000000500)=0x81000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)

1.298762271s ago: executing program 2 (id=1055):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x200000000000006}, 0x18)
r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.201727168s ago: executing program 5 (id=1056):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x5444, &(0x7f0000000a00)={[{@lazytime}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@usrjquota_path={'usrjquota', 0x3d, './file1/file0'}}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x1}}]}, 0x3, 0x441, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv10lLXyRUpdAHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QXWQaBRBQKgcUSXuiCMSfwEHBBcEnJC4wh1VqlAuLZyM1vYmjmuncepkC/79pI1ndseZ+bw79sxOnAD61kj2I4nYHRG/R8RQPbu6wEj94ebSwtTfSwtTSVSrb/6V1MrdWFqYyovmz9uVZwYi0k+TONSm3srl+fOT5fLMpUZ+bO7Ce2OVy/PPnrsweXbm7MzFiVOnThwff/7kxHM9iTOL68bBD2cPH3j17auvT52++s7P3yR5/C1x9MjIWgefqFZ7XF2x9jSlk4ECG0JXSvVuGoO1/j8UpVg5eUPxyieFNg7YVNVqtbo/4rsOhxerwP9YEkW3AChG/kGfzX/zbetGH8W7/mJ9ApTFfbOx1Y8MRNooM9gyv+2lkYg4vfjPl9kWm3MfAgBgle+z8c8z7cZ/aexvKndvYw1lOCLui4i9EXEyIvZFxP0RtbIPRMSDXdbfukhy6/gnvdb+mdu7rKm9bPz3QmNta/X4Lx/9xXCpkdtTi38wOXOuPHOs8ZocjcHtWX58jTp+ePm3zzsdax7/ZVtWf/a4sjqUXhtoCXV6cm7yjoJucv3jiIMD7eJPllcCkog4EBEHN1jHuae+PtzpWKf41/WLe7DOVP0q4sn6+V+Mlvhzydrrk2P3RHnm2Fh+Vdzql1+vvNGp/juKvwey87+z7fW/HP9w0rxeW+m+jit/fNZxTnP7+Ntf/9uSt1bt+2Bybu7SeMS25LV6o5v3T7SUm1gpn8V/9Ej7/r83Vl6JQxGRXcQPRcTDEfFIo+2PRsRjEXFkjfh/eunxdzce/+bK4p/u6vyvJLZF6572idL5H79dVelwN/Fn5/9ELXW0sWc973/radfGrmYAAAD470kjYnck6ehyOk1HR+t/w78vdqbl2crc02dm3784Xf+OwHAMpvmdrqGm+6HjjWl9np9oyR9v3Df+orSjlh+dmi1PFx089LldHfp/5s9S0a0DNp3va0H/0v+hf+n/0L/0f+hfbfr/jiLaAWy9dp//HxXQDmDrtfR/y37QR8z/oX/p/9C/9H/oS5UdcfsvyUsUncj/GcPd0p7K5flI74pmSGxSouA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//9wCOUr")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x103440)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00'}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r5, 0x0, 0x200000000000006}, 0x18)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
unshare(0xa000200)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x71b0, 0x1800}], 0x1, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0xf3, &(0x7f0000000540)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r3, 0x41015500, &(0x7f0000000500)=0x81000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)

936.736028ms ago: executing program 2 (id=1061):
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000240), &(0x7f00000003c0)=r0}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

836.529276ms ago: executing program 1 (id=1063):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x5e21, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x2000, 0x4)

785.964089ms ago: executing program 2 (id=1064):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r4, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0xf3a, 0x0)
ioctl$int_in(r7, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r7, 0x5452, &(0x7f0000000200)=0x10001)
write(r5, 0x0, 0x0)
r8 = io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
ioctl$sock_SIOCINQ(r9, 0x541b, &(0x7f00000001c0))
write$binfmt_script(r9, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r9, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r8, 0x2219, 0x7721, 0x16, 0x0, 0x0)

738.966093ms ago: executing program 1 (id=1065):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
mq_notify(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

637.454281ms ago: executing program 4 (id=1066):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="240000003f000500000000000000df25047c0000040000000c0001"], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000409000/0x3000)=nil, 0x3000, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x44}, 0x68412212d699814c)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @multicast1}}}], 0x20, 0x3f}}], 0x1, 0xc0)

590.681335ms ago: executing program 5 (id=1067):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0})
timerfd_create(0x1, 0x800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r3}, 0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000001f5ff0000000000000000008500000053000000b7080000000000007b8af8ff00000000b7080000001c00007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230100", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000040)="40d174b28bf781c274386d178550", 0x0, 0x1200803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xdb755134262f1c00, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000180)='afs_protocol_error\x00', r5, 0x0, 0xfff}, 0x18)
unshare(0x22020400)
recvmsg$unix(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x2160)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r6 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

544.230008ms ago: executing program 2 (id=1068):
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549025ade4a460c20b6ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x40, 0x0, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, 0xfffffffffffffffe)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, 0x0, 0x0)
close(r3)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000000580)=<r8=>0x0)
sendmsg$NFC_CMD_SE_IO(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010028bd7000fcdbdf251b00000008000100", @ANYRES32=r8, @ANYBLOB="080015880100000004001900"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r9, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r12], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r13}, 0x10)

537.038268ms ago: executing program 1 (id=1069):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a40)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b70300000000000085000000730000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2e, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)

507.445221ms ago: executing program 1 (id=1070):
r0 = socket$kcm(0xa, 0x5, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x40800, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000080)="be", 0x1}], 0x1, &(0x7f0000000040)=[{0x10, 0x88, 0x8}], 0x10}, 0x41)

440.326226ms ago: executing program 1 (id=1071):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x200000000000006}, 0x18)
r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

439.961676ms ago: executing program 2 (id=1072):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f000042f000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f00000ea000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000a00000b9800"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000100007020000f8ffffffb703000008000000b70400000000000085000000c300000095", @ANYRES32=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000240)=0x1)
ioctl$int_in(r6, 0x5452, &(0x7f0000000200)=0x10001)
write(r4, 0x0, 0x0)
io_uring_setup(0x2bd8, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0xc, 0xa0002f5})
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

414.040518ms ago: executing program 4 (id=1073):
socket$nl_xfrm(0x10, 0x3, 0x6)
timerfd_create(0x1, 0x800)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000001f5ff0000000000000000008500000053000000b7080000000000007b8af8ff00000000b7080000001c00007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230100", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xdb755134262f1c00, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000180)='afs_protocol_error\x00', r0, 0x0, 0xfff}, 0x18)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x2160)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

345.627413ms ago: executing program 3 (id=1074):
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000240), &(0x7f00000003c0)=r0}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

318.410715ms ago: executing program 3 (id=1075):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0xddc3, 0x80, 0xffffffff, 0x2})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004940000080000000b"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c0000001000ffff27bd7000f9dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="715b010000000000af8827d62d612c0012800b00010062726964246500001c0002800c002000000c001f000500"/59], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x20040000)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
accept(r3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)

40.026247ms ago: executing program 1 (id=1076):
syz_mount_image$msdos(&(0x7f0000000240), &(0x7f0000001200)='./file0\x00', 0x2a00410, &(0x7f00000004c0)=ANY=[], 0x1, 0x11aa, &(0x7f0000001280)="$eJzs209rI2UcB/Bf/2hramv9V20vPuhFL4PtwVMvRVqQBpS2EVpBmNJUQ2ISMjkk4qFnT74O8ehNEN9A34W3ooheenKWbZZ2W7qH3WUb2P18LvnCNwPPw8DAM8zvbP2n75rHRXac92NyYiKmuxHpPEWKyZiKkZP46O/1/37c3T/Y3qhWN3dS2trYW/0kpbTw3u9f/fDL+3/05778deG3mThd/Prsn7U/T5dOl8/+3/u2UaRGkdqdfsrTYafTzw9b9XTUKJpZSl+06nlRT412Ue9d649bnW53mPL20Xyl26sXRcrbw9SsD1O/k/q9Ycq/yRvtlGVZmq8ET6P283lZlhFl+VK8HGVZlq9EJebi1ZiPhXgtFuP1eCPejLfi7ViKd+LdWL7417jXDQAAAAAAAAAAAAAAAAAAAM8X8/8AAAAAAAAAAAAAAAAAAAAwfub/AQAAAAAAAAAAAAAAAAAAYPzM/wMAAAAAAAAAAAAAAAAAAMD47e4fbG9Uq5s7Kc1G/HUyqA1qo99Rv/VZdfPjdGHx6qp/B4Pa1GW/OurT9X4mKg/6tVv72fjwg1F/v/v08+qNfiWOnv32AQAA4IWQpUu3nu+z7FH9KD30fuDG+X06VqbvbBs8oWL4fTNvteo9QRCEyzDuJxN34eqmj3slAAAAAAAAAAAAPI67+Jxw3HsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7rEDxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAqwIAAP//DSeWkg==")
open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
mount(&(0x7f0000005440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, 0x0, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000007c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd=r2, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1})
sendmsg$inet_sctp(r2, 0x0, 0x20000095)
shutdown(r1, 0x1)
write(r0, 0x0, 0x0)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x541c, 0x0)
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000f00)='.\x00', 0x80000, &(0x7f00000008c0)=ANY=[], 0x9, 0x0, &(0x7f0000000000))
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000200), 0xfea7)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0xc, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c6780000335a63bdbcef549ba197fce47ddfdd00000000000000000000a3c5c00c000000a000", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x6]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x24020000)

0s ago: executing program 2 (id=1077):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x5444, &(0x7f0000000a00)={[{@lazytime}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@usrjquota_path={'usrjquota', 0x3d, './file1/file0'}}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x1}}]}, 0x3, 0x441, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv10lLXyRUpdAHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QXWQaBRBQKgcUSXuiCMSfwEHBBcEnJC4wh1VqlAuLZyM1vYmjmuncepkC/79pI1ndseZ+bw79sxOnAD61kj2I4nYHRG/R8RQPbu6wEj94ebSwtTfSwtTSVSrb/6V1MrdWFqYyovmz9uVZwYi0k+TONSm3srl+fOT5fLMpUZ+bO7Ce2OVy/PPnrsweXbm7MzFiVOnThwff/7kxHM9iTOL68bBD2cPH3j17auvT52++s7P3yR5/C1x9MjIWgefqFZ7XF2x9jSlk4ECG0JXSvVuGoO1/j8UpVg5eUPxyieFNg7YVNVqtbo/4rsOhxerwP9YEkW3AChG/kGfzX/zbetGH8W7/mJ9ApTFfbOx1Y8MRNooM9gyv+2lkYg4vfjPl9kWm3MfAgBgle+z8c8z7cZ/aexvKndvYw1lOCLui4i9EXEyIvZFxP0RtbIPRMSDXdbfukhy6/gnvdb+mdu7rKm9bPz3QmNta/X4Lx/9xXCpkdtTi38wOXOuPHOs8ZocjcHtWX58jTp+ePm3zzsdax7/ZVtWf/a4sjqUXhtoCXV6cm7yjoJucv3jiIMD7eJPllcCkog4EBEHN1jHuae+PtzpWKf41/WLe7DOVP0q4sn6+V+Mlvhzydrrk2P3RHnm2Fh+Vdzql1+vvNGp/juKvwey87+z7fW/HP9w0rxeW+m+jit/fNZxTnP7+Ntf/9uSt1bt+2Bybu7SeMS25LV6o5v3T7SUm1gpn8V/9Ej7/r83Vl6JQxGRXcQPRcTDEfFIo+2PRsRjEXFkjfh/eunxdzce/+bK4p/u6vyvJLZF6572idL5H79dVelwN/Fn5/9ELXW0sWc973/radfGrmYAAAD470kjYnck6ehyOk1HR+t/w78vdqbl2crc02dm3784Xf+OwHAMpvmdrqGm+6HjjWl9np9oyR9v3Df+orSjlh+dmi1PFx089LldHfp/5s9S0a0DNp3va0H/0v+hf+n/0L/0f+hfbfr/jiLaAWy9dp//HxXQDmDrtfR/y37QR8z/oX/p/9C/9H/oS5UdcfsvyUsUncj/GcPd0p7K5flI74pmSGxSouA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//9wCOUr")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x103440)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xf, 0xc, &(0x7f0000000b80)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRESHEX=0x0, @ANYBLOB="d2445775e0a605a957372bf020bb4436c49388fad06de66f2244b03a21591be66845e07d621daa1368f4151cca63f260d9d4bf03ef7975c04b", @ANYBLOB="88825209c98a5baa82d21d1b1adc4038f2174793baf596df4bca98a57cadc24f9f9df4799605369a26e638810ff6eba745b7f738f23243dc41a9998945bb99ffedc30e2b6261bce8bb49bf8d4d0679d9fdfee2810ca4a3d14d0f03d410aa891edaaefd0b78931add2470dcec4c5af8617f58bd92c938e3ce7ffdf972607402f78231e6a27c888064bd540552de7a91"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESDEC=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r5, 0x0, 0x200000000000006}, 0x18)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
unshare(0xa000200)
semget$private(0x0, 0x4000, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x2, 0x71b0, 0x1800}], 0x1, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0xf3, &(0x7f0000000540)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r3, 0x41015500, &(0x7f0000000500)=0x81000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)

kernel console output (not intermixed with test programs):

mpat=0 ip=0x7f67861af749 code=0x7ffc0000
[   38.609847][ T3892] set_capacity_and_notify: 10 callbacks suppressed
[   38.609931][ T3892] loop1: detected capacity change from 0 to 2048
[   38.635624][ T3892] EXT4-fs: Ignoring removed nobh option
[   38.651254][ T3906] __nla_validate_parse: 4 callbacks suppressed
[   38.651275][ T3906] netlink: 32 bytes leftover after parsing attributes in process `syz.2.116'.
[   38.672474][   T52] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.680707][   T52] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.690093][   T52] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.868812][ T3892] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.910389][ T3892] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.986866][ T3925] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   38.999538][ T3927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'.
[   39.079626][ T3933] loop3: detected capacity change from 0 to 512
[   39.087125][ T3937] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.123297][ T3933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   39.131784][ T3933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   39.147230][ T3939] loop4: detected capacity change from 0 to 164
[   39.156448][ T3939] process 'syz.4.126' launched '/dev/fd/3' with NULL argv: empty string added
[   39.168187][ T3937] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.179552][ T3939] syz.4.126: attempt to access beyond end of device
[   39.179552][ T3939] loop4: rw=8912896, sector=263328, nr_sectors = 4 limit=164
[   39.195786][ T3939] syz.4.126: attempt to access beyond end of device
[   39.195786][ T3939] loop4: rw=8388608, sector=263328, nr_sectors = 4 limit=164
[   39.201735][ T3938] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.110: bg 0: block 345: padding at end of block bitmap is not set
[   39.224651][ T3938] EXT4-fs (loop1): Remounting filesystem read-only
[   39.231474][   T52] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4984: inode #15: block 8: len 8: ext4_ext_map_blocks returned -30
[   39.240124][ T3929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   39.251644][ T3938] syz.1.110 (3938) used greatest stack depth: 10312 bytes left
[   39.255560][ T3929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   39.271447][ T3937] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.283188][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.338103][ T3937] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.379815][ T2051] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.392335][  T309] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.408860][ T2051] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.427708][ T2051] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.502596][ T3956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.135'.
[   39.512631][ T3957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.133'.
[   39.649812][ T3960] loop4: detected capacity change from 0 to 2048
[   39.706558][ T3962] loop3: detected capacity change from 0 to 1024
[   39.734195][ T3962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.747072][ T3967] netlink: 72 bytes leftover after parsing attributes in process `syz.0.138'.
[   39.756590][ T3966] netlink: 'syz.0.138': attribute type 13 has an invalid length.
[   39.757786][ T3308]  loop4: unable to read partition table
[   39.770229][ T3308] loop4: partition table beyond EOD, truncated
[   39.781513][ T3966] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.799405][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.841600][ T3960]  loop4: unable to read partition table
[   39.852654][ T3960] loop4: partition table beyond EOD, truncated
[   39.858945][ T3960] loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
[   39.906070][ T3008]  loop4: unable to read partition table
[   39.912399][ T3008] loop4: partition table beyond EOD, truncated
[   39.946294][ T3971] netlink: 'syz.2.142': attribute type 1 has an invalid length.
[   39.954149][ T3971] netlink: 'syz.2.142': attribute type 2 has an invalid length.
[   39.994099][ T3971] netlink: 24 bytes leftover after parsing attributes in process `syz.2.142'.
[   40.084358][ T3991] loop2: detected capacity change from 0 to 512
[   40.099182][ T3991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   40.108558][ T3991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   40.159982][ T3992] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[   40.268789][ T3997] Driver unsupported XDP return value 0 on prog  (id 154) dev N/A, expect packet loss!
[   40.309952][ T4001] loop3: detected capacity change from 0 to 512
[   40.318315][ T4001] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   40.331486][ T4001] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   40.348298][ T4001] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.149: inode has both inline data and extents flags
[   40.402588][ T4001] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.149: couldn't read orphan inode 15 (err -117)
[   40.423526][ T4001] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.457596][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.484674][ T4009] netlink: 16 bytes leftover after parsing attributes in process `syz.3.152'.
[   40.526181][ T4000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   40.544968][ T4000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   40.651647][ T4009] mmap: syz.3.152 (4009) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   40.700483][ T4009] xt_TPROXY: Can be used only with -p tcp or -p udp
[   40.715657][ T4009] loop3: detected capacity change from 0 to 1024
[   40.722820][ T4009] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[   40.962603][ T4039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.159'.
[   40.971557][ T4039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.159'.
[   40.981658][ T4039] netlink: 28 bytes leftover after parsing attributes in process `syz.0.159'.
[   41.017642][ T4041] loop0: detected capacity change from 0 to 164
[   41.033357][ T4041] Unable to read rock-ridge attributes
[   41.291800][ T4069] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   41.309665][ T4069] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   41.334758][ T4078] loop0: detected capacity change from 0 to 764
[   41.346025][ T4078] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   41.482387][ T4098] SELinux:  policydb version -355642704 does not match my version range 15-35
[   41.505172][ T4098] SELinux: failed to load policy
[   41.590851][ T4114] Invalid ELF header type: 2 != 1
[   41.597453][ T4114] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.608452][ T4115] veth0: entered promiscuous mode
[   41.634988][ T4108] veth0: left promiscuous mode
[   41.696269][ T4105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   41.713370][ T4105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   41.743417][ T4114] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.800704][ T4126] IPv6: sit1: Disabled Multicast RS
[   41.808143][ T4126] sit1: entered allmulticast mode
[   42.418039][ T4114] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.430150][ T4130] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   42.437611][ T4130] batman_adv: batadv0: Removing interface: batadv_slave_0
[   42.505827][ T4130] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   42.513525][ T4130] batman_adv: batadv0: Removing interface: batadv_slave_1
[   42.565245][ T4114] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.866226][ T4155] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   42.990347][ T4165] EXT4-fs: inline encryption not supported
[   43.005089][ T4165] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.130510][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.418105][    C0] I/O error, dev loop0, sector 1 op 0x1:(WRITE) flags 0x800000 phys_seg 1 prio class 2
[   43.428329][    C0] Buffer I/O error on dev loop0, logical block 1, lost sync page write
[   43.444256][ T4171] FAT-fs (loop0): FAT read failed (blocknr 1)
[   43.495756][ T4171] FAT-fs (loop0): unable to read inode block for updating (i_pos 2070)
[   43.504623][ T4171] Buffer I/O error on dev loop0, logical block 185, lost async page write
[   43.513622][ T4171] Buffer I/O error on dev loop0, logical block 186, lost async page write
[   43.522320][ T4171] Buffer I/O error on dev loop0, logical block 187, lost async page write
[   43.530919][ T4171] Buffer I/O error on dev loop0, logical block 188, lost async page write
[   43.548024][ T4171] Buffer I/O error on dev loop0, logical block 189, lost async page write
[   43.556687][ T4171] Buffer I/O error on dev loop0, logical block 190, lost async page write
[   43.565458][ T4171] Buffer I/O error on dev loop0, logical block 191, lost async page write
[   43.574360][   T29] kauditd_printk_skb: 729 callbacks suppressed
[   43.574374][   T29] audit: type=1400 audit(1766032651.125:1164): avc:  denied  { bind } for  pid=4193 comm="syz.1.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   43.587822][ T4171] Buffer I/O error on dev loop0, logical block 193, lost async page write
[   43.635986][ T4194] set_capacity_and_notify: 5 callbacks suppressed
[   43.636005][ T4194] loop1: detected capacity change from 0 to 2048
[   43.670910][ T4203] capability: warning: `syz.3.201' uses 32-bit capabilities (legacy support in use)
[   43.681010][ T3319] FAT-fs (loop0): Directory bread(block 129) failed
[   43.681411][ T4203] capability: warning: `syz.3.201' uses deprecated v2 capabilities in a way that may be insecure
[   43.689773][ T4194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.699164][ T4190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.712261][ T3319] FAT-fs (loop0): Directory bread(block 130) failed
[   43.720960][ T4203] program syz.3.201 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   43.725481][ T4190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.734620][ T4194] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.743157][ T3319] FAT-fs (loop0): Directory bread(block 131) failed
[   43.765004][ T4194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.767916][ T3319] FAT-fs (loop0): Directory bread(block 132) failed
[   43.774342][ T4194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.781472][   T29] audit: type=1326 audit(1766032651.325:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4202 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   43.802088][ T3319] FAT-fs (loop0): Directory bread(block 133) failed
[   43.811172][   T29] audit: type=1326 audit(1766032651.325:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4202 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   43.817877][ T3319] FAT-fs (loop0): Directory bread(block 134) failed
[   43.847719][ T3319] FAT-fs (loop0): Directory bread(block 135) failed
[   43.847901][ T4194] __nla_validate_parse: 30 callbacks suppressed
[   43.847918][ T4194] netlink: 8 bytes leftover after parsing attributes in process `syz.1.198'.
[   43.877682][ T2051] FAT-fs (loop0): unable to read inode block for updating (i_pos 2070)
[   43.883074][   T29] audit: type=1400 audit(1766032651.425:1167): avc:  denied  { write } for  pid=4193 comm="syz.1.198" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   43.888701][ T3603] FAT-fs (loop0): unable to read inode block for updating (i_pos 2070)
[   43.913300][ T3603] FAT-fs (loop0): unable to read inode block for updating (i_pos 2070)
[   43.921710][ T3603] FAT-fs (loop0): Failed to update on disk inode for unused fallocated blocks, inode could be corrupted. Please run fsck
[   43.934446][ T3603] Buffer I/O error on dev loop0, logical block 0, lost sync page write
[   43.997947][   T29] audit: type=1400 audit(1766032651.545:1168): avc:  denied  { create } for  pid=4209 comm="syz.3.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   44.017606][ T4210] loop3: detected capacity change from 0 to 512
[   44.025555][ T4210] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   44.034759][ T4210] EXT4-fs (loop3): orphan cleanup on readonly fs
[   44.041682][ T4210] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm LX[X: bg 0: block 248: padding at end of block bitmap is not set
[   44.055767][ T4210] Quota error (device loop3): write_blk: dquota write failed
[   44.063196][ T4210] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   44.073191][ T4210] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm LX[X: Failed to acquire dquot type 1
[   44.084651][ T4210] EXT4-fs (loop3): 1 truncate cleaned up
[   44.090912][ T4210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   44.103944][ T4210] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.115739][ T4210] LX[X (4210) used greatest stack depth: 9184 bytes left
[   44.163161][ T4216] netlink: 300 bytes leftover after parsing attributes in process `syz.3.206'.
[   44.178889][ T2051] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   44.203086][ T2051] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   44.218463][ T2051] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   44.232113][ T2051] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   44.245588][   T29] audit: type=1326 audit(1766032651.795:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4218 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   44.272725][   T29] audit: type=1326 audit(1766032651.815:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4218 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   44.296069][   T29] audit: type=1326 audit(1766032651.815:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4218 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   44.457617][ T4243] netlink: 'syz.2.213': attribute type 30 has an invalid length.
[   44.466190][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.490527][ T4220] chnl_net:caif_netlink_parms(): no params data found
[   44.543203][ T4220] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.550329][ T4220] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.558151][ T4220] bridge_slave_0: entered allmulticast mode
[   44.565695][ T4220] bridge_slave_0: entered promiscuous mode
[   44.577155][ T4255] Falling back ldisc for ptm0.
[   44.583426][ T4220] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.590563][ T4220] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.604914][ T4220] bridge_slave_1: entered allmulticast mode
[   44.605430][ T4253] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4253 comm=syz.1.215
[   44.617294][ T4220] bridge_slave_1: entered promiscuous mode
[   44.668914][ T4220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   44.685856][ T4220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   44.711654][ T4220] team0: Port device team_slave_0 added
[   44.718699][ T4220] team0: Port device team_slave_1 added
[   44.735543][ T4220] batman_adv: batadv0: Adding interface: batadv_slave_0
[   44.742563][ T4220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   44.768694][ T4220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   44.780509][ T4220] batman_adv: batadv0: Adding interface: batadv_slave_1
[   44.787527][ T4220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   44.813519][ T4220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   44.860041][ T4220] hsr_slave_0: entered promiscuous mode
[   44.867317][ T4220] hsr_slave_1: entered promiscuous mode
[   44.874205][ T4220] debugfs: 'hsr0' already exists in 'hsr'
[   44.879962][ T4220] Cannot create hsr debugfs directory
[   44.887015][ T4267] netlink: 300 bytes leftover after parsing attributes in process `syz.4.221'.
[   44.938008][ T4273] pimreg: entered allmulticast mode
[   44.950653][ T4273] pimreg: left allmulticast mode
[   45.072123][ T4220] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   45.091343][ T4220] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   45.103233][ T4220] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   45.115323][ T4220] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   45.142550][ T4307] netlink: 'syz.4.226': attribute type 30 has an invalid length.
[   45.230097][ T4323] loop2: detected capacity change from 0 to 512
[   45.260981][ T4220] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.296721][ T4323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.305475][ T4220] 8021q: adding VLAN 0 to HW filter on device team0
[   45.314396][ T4323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.331559][  T309] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.338670][  T309] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.377140][  T309] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.384259][  T309] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.451518][ T4342] netlink: 'syz.4.232': attribute type 6 has an invalid length.
[   45.515734][ T4220] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.717436][ T4220] veth0_vlan: entered promiscuous mode
[   45.726956][ T4220] veth1_vlan: entered promiscuous mode
[   45.748520][ T4220] veth0_macvtap: entered promiscuous mode
[   45.772872][ T4220] veth1_macvtap: entered promiscuous mode
[   45.794946][ T4220] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.826465][ T4220] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.865570][   T52] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.902525][   T52] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.925491][   T52] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.934470][ T4421] netlink: 'syz.1.241': attribute type 30 has an invalid length.
[   45.956604][   T52] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.157122][ T4456] netlink: 300 bytes leftover after parsing attributes in process `syz.3.248'.
[   46.215650][ T4465] SELinux:  Context system_u:object_r:var_auth_t:s0 is not valid (left unmapped).
[   46.246507][ T4467] loop2: detected capacity change from 0 to 512
[   46.271733][ T4467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   46.297884][ T4467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   46.336947][ T4475] netlink: 'syz.4.256': attribute type 30 has an invalid length.
[   46.426173][ T4488] netlink: 300 bytes leftover after parsing attributes in process `syz.3.260'.
[   46.443921][ T4490] netlink: 'syz.4.261': attribute type 3 has an invalid length.
[   46.537966][ T4479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   46.550372][ T4479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   46.667293][ T4520] netlink: 4 bytes leftover after parsing attributes in process `syz.4.268'.
[   46.676884][ T4520] bridge_slave_1: left allmulticast mode
[   46.682590][ T4520] bridge_slave_1: left promiscuous mode
[   46.688314][ T4520] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.696377][ T4520] bridge_slave_0: left allmulticast mode
[   46.702103][ T4520] bridge_slave_0: left promiscuous mode
[   46.707801][ T4520] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.753259][ T4525] netlink: 'syz.3.269': attribute type 30 has an invalid length.
[   46.862610][ T4530] netlink: 20 bytes leftover after parsing attributes in process `syz.3.270'.
[   47.047961][ T4538] netlink: 300 bytes leftover after parsing attributes in process `syz.2.273'.
[   47.103369][ T4541] loop2: detected capacity change from 0 to 2048
[   47.130345][ T4545] tipc: Started in network mode
[   47.135328][ T4545] tipc: Node identity ea943f4c2a5d, cluster identity 4711
[   47.142545][ T4545] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   47.150813][ T4545] tipc: Disabling bearer <eth:syzkaller0>
[   47.166278][ T4541]  loop2: p2 < > p4
[   47.177297][ T4541] loop2: p4 size 262144 extends beyond EOD, truncated
[   47.187789][ T3008]  loop2: p2 < > p4
[   47.193059][ T3008] loop2: p4 size 262144 extends beyond EOD, truncated
[   47.242756][ T3973] udevd[3973]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   47.243324][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   47.273181][ T4556] loop5: detected capacity change from 0 to 2048
[   47.321193][ T3973]  loop5: p2 p3 p7
[   47.322867][ T4560] netlink: 'syz.1.281': attribute type 30 has an invalid length.
[   47.344528][ T4556]  loop5: p2 p3 p7
[   47.362527][ T4562] loop2: detected capacity change from 0 to 512
[   47.375749][ T4562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   47.387351][ T4562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   47.414869][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[   47.417810][ T3311] udevd[3311]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[   47.434861][ T3973] udevd[3973]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[   47.456607][ T3973] udevd[3973]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[   47.456812][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[   47.468158][ T3311] udevd[3311]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[   47.567748][ T4570] loop1: detected capacity change from 0 to 1024
[   47.576570][ T4570] EXT4-fs: Ignoring removed bh option
[   47.583253][ T4570] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   47.603418][ T4570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.748623][ T4578] netlink: 300 bytes leftover after parsing attributes in process `syz.3.287'.
[   47.777773][ T4580] 9p: Bad value for 'wfdno'
[   47.878058][ T4576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   47.887741][ T4576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   47.932839][ T4585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4585 comm=syz.3.290
[   47.996674][ T4591] syz.3.292 uses obsolete (PF_INET,SOCK_PACKET)
[   48.047206][ T4592] loop2: detected capacity change from 0 to 1024
[   48.054135][ T4592] EXT4-fs: inline encryption not supported
[   48.060406][ T4592] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   48.071653][ T4592] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[   48.081503][ T4592] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   48.091819][ T4592] EXT4-fs (loop2): external journal device major/minor numbers have changed
[   48.100830][ T4592] EXT4-fs (loop2): filesystem has both journal inode and journal device!
[   48.164324][ T4598] netlink: 'syz.3.295': attribute type 30 has an invalid length.
[   48.240378][ T4608] FAULT_INJECTION: forcing a failure.
[   48.240378][ T4608] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   48.253611][ T4608] CPU: 0 UID: 0 PID: 4608 Comm: syz.3.298 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   48.253636][ T4608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   48.253727][ T4608] Call Trace:
[   48.253737][ T4608]  <TASK>
[   48.253744][ T4608]  __dump_stack+0x1d/0x30
[   48.253767][ T4608]  dump_stack_lvl+0xe8/0x140
[   48.253788][ T4608]  dump_stack+0x15/0x1b
[   48.253807][ T4608]  should_fail_ex+0x265/0x280
[   48.253850][ T4608]  should_fail+0xb/0x20
[   48.253868][ T4608]  should_fail_usercopy+0x1a/0x20
[   48.253966][ T4608]  _copy_from_user+0x1c/0xb0
[   48.254058][ T4608]  ___sys_sendmsg+0xc1/0x1d0
[   48.254100][ T4608]  __x64_sys_sendmsg+0xd4/0x160
[   48.254139][ T4608]  x64_sys_call+0x17ba/0x3000
[   48.254191][ T4608]  do_syscall_64+0xd8/0x2c0
[   48.254224][ T4608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.254244][ T4608] RIP: 0033:0x7f5ab80ef749
[   48.254309][ T4608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.254328][ T4608] RSP: 002b:00007f5ab6b57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.254349][ T4608] RAX: ffffffffffffffda RBX: 00007f5ab8345fa0 RCX: 00007f5ab80ef749
[   48.254404][ T4608] RDX: 0000000000040080 RSI: 00002000000007c0 RDI: 0000000000000004
[   48.254420][ T4608] RBP: 00007f5ab6b57090 R08: 0000000000000000 R09: 0000000000000000
[   48.254435][ T4608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.254451][ T4608] R13: 00007f5ab8346038 R14: 00007f5ab8345fa0 R15: 00007ffc23c0b618
[   48.254474][ T4608]  </TASK>
[   48.485049][ T4617] loop3: detected capacity change from 0 to 512
[   48.502123][ T4617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   48.511293][ T4617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   48.555260][ T4622] netlink: 300 bytes leftover after parsing attributes in process `syz.5.302'.
[   48.585654][   T29] kauditd_printk_skb: 419 callbacks suppressed
[   48.585720][   T29] audit: type=1400 audit(1766032656.135:1591): avc:  denied  { unmount } for  pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   48.586262][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.646547][   T29] audit: type=1400 audit(1766032656.195:1592): avc:  denied  { shutdown } for  pid=4625 comm="syz.5.305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   48.688552][ T4630] futex_wake_op: syz.1.304 tries to shift op by -3; fix this program
[   48.735375][ T4630] netlink: 'syz.1.304': attribute type 1 has an invalid length.
[   48.761535][ T4630] 8021q: adding VLAN 0 to HW filter on device bond1
[   48.794365][ T4630] bond1 (unregistering): Released all slaves
[   48.807596][ T4637] netlink: 'syz.5.309': attribute type 30 has an invalid length.
[   48.815903][ T4635] syzkaller1: entered promiscuous mode
[   48.821399][ T4635] syzkaller1: entered allmulticast mode
[   48.886897][   T29] audit: type=1326 audit(1766032656.435:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   48.940807][   T29] audit: type=1326 audit(1766032656.455:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   48.964510][   T29] audit: type=1326 audit(1766032656.455:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   48.987945][   T29] audit: type=1326 audit(1766032656.455:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   49.011456][   T29] audit: type=1326 audit(1766032656.455:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   49.035098][   T29] audit: type=1326 audit(1766032656.455:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   49.058505][   T29] audit: type=1326 audit(1766032656.455:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   49.081890][   T29] audit: type=1326 audit(1766032656.455:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4639 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   49.166742][ T4652] loop1: detected capacity change from 0 to 164
[   49.177512][ T4652] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   49.193771][ T4652] __nla_validate_parse: 1 callbacks suppressed
[   49.193789][ T4652] netlink: 28 bytes leftover after parsing attributes in process `syz.1.314'.
[   49.236063][ T4652] netlink: 16 bytes leftover after parsing attributes in process `syz.1.314'.
[   49.256459][ T4657] Falling back ldisc for ptm0.
[   49.304943][ T4661] netlink: 300 bytes leftover after parsing attributes in process `syz.1.316'.
[   49.306570][ T4645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   49.333729][ T4645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   49.526671][ T4676] FAULT_INJECTION: forcing a failure.
[   49.526671][ T4676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.539822][ T4676] CPU: 0 UID: 0 PID: 4676 Comm: syz.3.324 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.539846][ T4676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   49.539858][ T4676] Call Trace:
[   49.539916][ T4676]  <TASK>
[   49.539925][ T4676]  __dump_stack+0x1d/0x30
[   49.539972][ T4676]  dump_stack_lvl+0xe8/0x140
[   49.540000][ T4676]  dump_stack+0x15/0x1b
[   49.540103][ T4676]  should_fail_ex+0x265/0x280
[   49.540135][ T4676]  should_fail+0xb/0x20
[   49.540158][ T4676]  should_fail_usercopy+0x1a/0x20
[   49.540193][ T4676]  _copy_from_iter+0xcf/0xe70
[   49.540234][ T4676]  ? __build_skb_around+0x164/0x1c0
[   49.540322][ T4676]  ? __alloc_skb+0x3bb/0x4d0
[   49.540342][ T4676]  ? __alloc_skb+0x24d/0x4d0
[   49.540365][ T4676]  pfkey_sendmsg+0x126/0x900
[   49.540476][ T4676]  ? avc_has_perm+0xf7/0x180
[   49.540502][ T4676]  ? selinux_socket_sendmsg+0x175/0x1b0
[   49.540539][ T4676]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   49.540671][ T4676]  __sock_sendmsg+0x145/0x180
[   49.540693][ T4676]  ____sys_sendmsg+0x31e/0x4a0
[   49.540800][ T4676]  ___sys_sendmsg+0x17b/0x1d0
[   49.540877][ T4676]  __x64_sys_sendmsg+0xd4/0x160
[   49.540912][ T4676]  x64_sys_call+0x17ba/0x3000
[   49.540937][ T4676]  do_syscall_64+0xd8/0x2c0
[   49.541049][ T4676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.541078][ T4676] RIP: 0033:0x7f5ab80ef749
[   49.541097][ T4676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.541119][ T4676] RSP: 002b:00007f5ab6b57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.541187][ T4676] RAX: ffffffffffffffda RBX: 00007f5ab8345fa0 RCX: 00007f5ab80ef749
[   49.541205][ T4676] RDX: 0000000000040080 RSI: 00002000000007c0 RDI: 0000000000000004
[   49.541221][ T4676] RBP: 00007f5ab6b57090 R08: 0000000000000000 R09: 0000000000000000
[   49.541237][ T4676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.541253][ T4676] R13: 00007f5ab8346038 R14: 00007f5ab8345fa0 R15: 00007ffc23c0b618
[   49.541279][ T4676]  </TASK>
[   49.841352][ T4680] loop1: detected capacity change from 0 to 512
[   49.856350][ T4680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   49.865245][ T4680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.068057][ T4691] netlink: 300 bytes leftover after parsing attributes in process `syz.2.328'.
[   50.092080][ T4693] loop5: detected capacity change from 0 to 512
[   50.100875][ T4693] EXT4-fs: dax option not supported
[   50.134762][ T4693] loop5: detected capacity change from 0 to 512
[   50.153499][ T4693] ext4: Unknown parameter 'nouser_xattr'
[   50.157042][ T4696] loop2: detected capacity change from 0 to 128
[   50.245096][ T4696] syz.2.331: attempt to access beyond end of device
[   50.245096][ T4696] loop2: rw=2049, sector=145, nr_sectors = 16 limit=128
[   50.258791][ T4696] syz.2.331: attempt to access beyond end of device
[   50.258791][ T4696] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128
[   50.259498][ T4693] netlink: 40 bytes leftover after parsing attributes in process `syz.5.330'.
[   50.274329][ T4696] syz.2.331: attempt to access beyond end of device
[   50.274329][ T4696] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128
[   50.297193][ T4696] syz.2.331: attempt to access beyond end of device
[   50.297193][ T4696] loop2: rw=2049, sector=201, nr_sectors = 8 limit=128
[   50.317983][ T4696] syz.2.331: attempt to access beyond end of device
[   50.317983][ T4696] loop2: rw=2049, sector=217, nr_sectors = 8 limit=128
[   50.342641][ T4696] syz.2.331: attempt to access beyond end of device
[   50.342641][ T4696] loop2: rw=2049, sector=233, nr_sectors = 8 limit=128
[   50.376989][ T4696] Falling back ldisc for ptm0.
[   50.426193][ T4712] validate_nla: 1 callbacks suppressed
[   50.426212][ T4712] netlink: 'syz.5.337': attribute type 30 has an invalid length.
[   50.537217][ T4737] netlink: 300 bytes leftover after parsing attributes in process `syz.4.342'.
[   50.657398][ T4720] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.668468][ T4720] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.747175][ T4769] loop5: detected capacity change from 0 to 512
[   50.759916][ T4769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.768665][ T4769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.924360][ T4771] netlink: 16 bytes leftover after parsing attributes in process `syz.3.350'.
[   50.952421][ T4771] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   50.989922][ T4776] netlink: 'syz.4.352': attribute type 30 has an invalid length.
[   51.013882][ T4778] Falling back ldisc for ptm0.
[   51.048366][ T4780] netlink: 'syz.4.354': attribute type 4 has an invalid length.
[   51.227846][ T4791] netlink: 300 bytes leftover after parsing attributes in process `syz.2.357'.
[   51.321679][ T4800] loop5: detected capacity change from 0 to 512
[   51.328431][ T4800] journal_path: Non-blockdev passed as './bus'
[   51.334681][ T4800] EXT4-fs: error: could not find journal device path
[   51.343802][ T4800] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4800 comm=syz.5.361
[   51.356410][ T4800] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4800 comm=syz.5.361
[   51.397186][ T4804] syz.5.362 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   51.472712][ T4812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'.
[   51.483000][ T4812] netlink: 32 bytes leftover after parsing attributes in process `syz.2.364'.
[   51.509223][ T4814] netlink: 'syz.2.365': attribute type 30 has an invalid length.
[   51.792599][ T4816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   51.801154][ T4816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   51.987450][ T4826] loop5: detected capacity change from 0 to 512
[   51.999736][ T4826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.017636][ T4826] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.059990][ T4835] loop3: detected capacity change from 0 to 512
[   52.069352][ T4835] ------------[ cut here ]------------
[   52.074889][ T4835] EA inode 11 i_nlink=2
[   52.074913][ T4835] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x2e6/0x320, CPU#0: syz.3.374/4835
[   52.089923][ T4835] Modules linked in:
[   52.094033][ T4835] CPU: 0 UID: 0 PID: 4835 Comm: syz.3.374 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   52.103894][ T4835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   52.114040][ T4835] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320
[   52.120681][ T4835] Code: 31 ce 9c ff 4c 8d 2d ea ba 20 05 49 8d 7e 40 e8 91 63 b8 ff 49 8b 6e 40 4c 89 e7 e8 a5 5e b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 2c f9 ba 03 66 66 66 2e 0f 1f 84
[   52.140545][ T4835] RSP: 0018:ffffc9000f7e35a0 EFLAGS: 00010246
[   52.146698][ T4835] RAX: ffff88811ccc0a90 RBX: ffff888105d0a4e8 RCX: ffffffff81bb526b
[   52.154710][ T4835] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0d40
[   52.162801][ T4835] RBP: 000000000000000b R08: 0001888105d0a49b R09: 0000000000000000
[   52.170790][ T4835] R10: ffffc9000f7e34d0 R11: 0001c9000f7e34d0 R12: ffff888105d0a498
[   52.178966][ T4835] R13: ffffffff86dc0d40 R14: ffff888105d0a450 R15: 0000000000000001
[   52.187089][ T4835] FS:  00007f5ab6b366c0(0000) GS:ffff8882aedc2000(0000) knlGS:0000000000000000
[   52.196123][ T4835] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   52.202775][ T4835] CR2: 0000000000000000 CR3: 000000011ad30000 CR4: 00000000003506f0
[   52.210782][ T4835] DR0: 0000000000000000 DR1: 0000000000000006 DR2: 0000000000000000
[   52.218846][ T4835] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   52.226875][ T4835] Call Trace:
[   52.230185][ T4835]  <TASK>
[   52.233162][ T4835]  ext4_xattr_set_entry+0x77f/0x1020
[   52.238567][ T4835]  ext4_xattr_ibody_set+0x184/0x3c0
[   52.243864][ T4835]  ext4_expand_extra_isize_ea+0xcbb/0x11f0
[   52.250025][ T4835]  __ext4_expand_extra_isize+0x246/0x280
[   52.255894][ T4835]  __ext4_mark_inode_dirty+0x29d/0x3f0
[   52.261442][ T4835]  ext4_evict_inode+0x7c4/0xd40
[   52.266424][ T4835]  ? __pfx_ext4_evict_inode+0x10/0x10
[   52.271869][ T4835]  evict+0x2af/0x510
[   52.275852][ T4835]  ? __dquot_initialize+0x146/0x7c0
[   52.281151][ T4835]  iput+0x4bd/0x650
[   52.285076][ T4835]  ext4_process_orphan+0x1a9/0x1c0
[   52.290283][ T4835]  ext4_orphan_cleanup+0x6a8/0xa00
[   52.295462][ T4835]  ext4_fill_super+0x3411/0x37a0
[   52.300509][ T4835]  ? set_blocksize+0x1a8/0x310
[   52.305365][ T4835]  ? sb_set_blocksize+0xfc/0x170
[   52.310411][ T4835]  ? setup_bdev_super+0x30e/0x370
[   52.315522][ T4835]  ? __pfx_ext4_fill_super+0x10/0x10
[   52.320838][ T4835]  get_tree_bdev_flags+0x291/0x300
[   52.326049][ T4835]  ? __pfx_ext4_fill_super+0x10/0x10
[   52.331495][ T4835]  get_tree_bdev+0x1f/0x30
[   52.336067][ T4835]  ext4_get_tree+0x1c/0x30
[   52.340518][ T4835]  vfs_get_tree+0x57/0x1d0
[   52.345188][ T4835]  do_new_mount+0x24d/0x6a0
[   52.350081][ T4835]  path_mount+0x4ab/0xb80
[   52.354488][ T4835]  ? user_path_at+0xbf/0x130
[   52.359341][ T4835]  __se_sys_mount+0x28c/0x2e0
[   52.364116][ T4835]  __x64_sys_mount+0x67/0x80
[   52.368766][ T4835]  x64_sys_call+0x2cca/0x3000
[   52.373508][ T4849] netlink: 'syz.2.377': attribute type 30 has an invalid length.
[   52.381272][ T4835]  do_syscall_64+0xd8/0x2c0
[   52.385881][ T4835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.391888][ T4835] RIP: 0033:0x7f5ab80f0eea
[   52.396360][ T4835] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.416064][ T4835] RSP: 002b:00007f5ab6b35e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   52.424540][ T4835] RAX: ffffffffffffffda RBX: 00007f5ab6b35ef0 RCX: 00007f5ab80f0eea
[   52.432538][ T4835] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f5ab6b35eb0
[   52.440537][ T4835] RBP: 0000200000000180 R08: 00007f5ab6b35ef0 R09: 0000000000800700
[   52.448562][ T4835] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0
[   52.456572][ T4835] R13: 00007f5ab6b35eb0 R14: 000000000000046f R15: 000000000000002c
[   52.464602][ T4835]  </TASK>
[   52.467631][ T4835] ---[ end trace 0000000000000000 ]---
[   52.474433][ T4835] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #18: comm syz.3.374: iget: bad extra_isize 90 (inode size 256)
[   52.488117][ T4835] EXT4-fs (loop3): Remounting filesystem read-only
[   52.495145][ T4835] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30)
[   52.504267][ T4835] EXT4-fs (loop3): 1 orphan inode deleted
[   52.510573][ T4835] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.545315][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.617902][ T4860] loop5: detected capacity change from 0 to 512
[   52.632841][ T4857] bond1: option miimon: invalid value (18446744073709551615)
[   52.640272][ T4857] bond1: option miimon: allowed values 0 - 2147483647
[   52.648330][ T4857] bond1 (unregistering): Released all slaves
[   52.663073][ T4866] netlink: 'syz.2.382': attribute type 7 has an invalid length.
[   52.693674][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #3: comm syz.5.381: corrupted inode contents
[   52.730504][ T4860] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #3: comm syz.5.381: mark_inode_dirty error
[   52.750674][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #3: comm syz.5.381: corrupted inode contents
[   52.762837][ T4860] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #3: comm syz.5.381: mark_inode_dirty error
[   52.775373][ T4860] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.381: Failed to acquire dquot type 0
[   52.787483][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.381: corrupted inode contents
[   52.799845][ T4860] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #16: comm syz.5.381: mark_inode_dirty error
[   52.811535][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.381: corrupted inode contents
[   52.823958][ T4860] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.381: mark_inode_dirty error
[   52.835815][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.381: corrupted inode contents
[   52.848602][ T4860] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem
[   52.857427][ T4860] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.381: corrupted inode contents
[   52.872054][ T4860] EXT4-fs error (device loop5): ext4_truncate:4635: inode #16: comm syz.5.381: mark_inode_dirty error
[   52.890861][ T4860] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem
[   52.903744][ T4860] EXT4-fs (loop5): 1 truncate cleaned up
[   52.910622][ T4860] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.923395][ T4860] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.959268][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.028489][ T4891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   53.030772][ T4889] SELinux:  Context system_u:object_r:modules_dep_t:s0 is not valid (left unmapped).
[   53.048419][ T4891] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   53.084670][ T4895] netlink: 'syz.2.393': attribute type 30 has an invalid length.
[   53.104111][ T4882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   53.114630][ T4882] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   53.139707][ T4899] x_tables: ip_tables: icmp match: only valid for protocol 1
[   53.274821][ T4914] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.282421][ T4914] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.282677][ T4917]  loop2: p1 p2 < > p3 < p5 p6 > p4
[   53.294860][ T4917] loop2: partition table partially beyond EOD, truncated
[   53.302513][ T4917] loop2: p1 size 917504 extends beyond EOD, truncated
[   53.302949][ T4914] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.317011][ T4914] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.321540][ T4917] loop2: p2 start 4278190080 is beyond EOD, truncated
[   53.332411][ T4917] loop2: p4 size 8192 extends beyond EOD, truncated
[   53.339703][ T4917] loop2: p5 size 917504 extends beyond EOD, truncated
[   53.347268][ T4917] loop2: p6 size 8192 extends beyond EOD, truncated
[   53.381862][ T1616] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   53.394914][ T1616] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   53.405497][ T1616] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   53.414746][ T1616] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   53.479252][ T3973] udevd[3973]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   53.493732][ T4921] udevd[4921]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   53.495188][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   53.505791][ T3498] udevd[3498]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory
[   53.517946][ T3311] udevd[3311]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory
[   53.565974][ T4933] netlink: 'syz.4.407': attribute type 30 has an invalid length.
[   53.646252][   T29] kauditd_printk_skb: 845 callbacks suppressed
[   53.646270][   T29] audit: type=1326 audit(1766032661.195:2444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.5.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e458df749 code=0x7ffc0000
[   53.675887][   T29] audit: type=1326 audit(1766032661.195:2445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.5.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f4e458df749 code=0x7ffc0000
[   53.699161][   T29] audit: type=1326 audit(1766032661.195:2446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.5.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e458df749 code=0x7ffc0000
[   53.722678][   T29] audit: type=1326 audit(1766032661.195:2447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.5.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e458df749 code=0x7ffc0000
[   53.748107][ T4944] bond1: option coupled_control: mode dependency failed, not supported in mode balance-rr(0)
[   53.793033][ T4944] bond1 (unregistering): Released all slaves
[   53.940756][   T29] audit: type=1326 audit(1766032661.295:2448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   53.964163][   T29] audit: type=1326 audit(1766032661.295:2449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   53.987647][   T29] audit: type=1326 audit(1766032661.295:2450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   54.011146][   T29] audit: type=1326 audit(1766032661.295:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   54.034608][   T29] audit: type=1326 audit(1766032661.295:2452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   54.058200][   T29] audit: type=1326 audit(1766032661.295:2453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4926 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   54.132096][ T4970] unsupported nla_type 65024
[   54.180065][ T4955] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.415: inode has both inline data and extents flags
[   54.206346][ T4955] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.415: couldn't read orphan inode 15 (err -117)
[   54.238957][ T4955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.275468][ T4977] set_capacity_and_notify: 3 callbacks suppressed
[   54.275486][ T4977] loop5: detected capacity change from 0 to 512
[   54.303774][ T4979] netlink: 'syz.1.421': attribute type 30 has an invalid length.
[   54.356914][ T4977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   54.366766][ T4977] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   54.410184][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.642549][ T4982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   54.645183][ T4989] __nla_validate_parse: 23 callbacks suppressed
[   54.645203][ T4989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.424'.
[   54.651442][ T4982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   54.657261][ T4989] netlink: 12 bytes leftover after parsing attributes in process `syz.2.424'.
[   54.690851][ T4989] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[   54.697437][ T4989] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   54.704921][ T4989] vhci_hcd vhci_hcd.0: Device attached
[   54.714066][ T4990] vhci_hcd: connection closed
[   54.714234][ T1616] vhci_hcd vhci_hcd.2: stop threads
[   54.724239][ T1616] vhci_hcd vhci_hcd.2: release socket
[   54.729703][ T1616] vhci_hcd vhci_hcd.2: disconnect device
[   54.827600][ T5000] netlink: 300 bytes leftover after parsing attributes in process `syz.4.426'.
[   55.000539][ T5027] netlink: 'syz.3.433': attribute type 30 has an invalid length.
[   55.096005][ T5031] netlink: 256 bytes leftover after parsing attributes in process `syz.3.436'.
[   55.180018][ T5040] netlink: 300 bytes leftover after parsing attributes in process `syz.3.438'.
[   55.212668][ T5042] syzkaller1: entered promiscuous mode
[   55.218241][ T5042] syzkaller1: entered allmulticast mode
[   55.255479][ T5045] loop1: detected capacity change from 0 to 512
[   55.292529][ T5048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.439'.
[   55.302484][ T5045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.311102][ T5045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.360759][ T5053] Falling back ldisc for ptm0.
[   55.490055][ T5064] netlink: 'syz.4.447': attribute type 30 has an invalid length.
[   55.520802][ T5066] syzkaller1: entered promiscuous mode
[   55.526546][ T5066] syzkaller1: entered allmulticast mode
[   55.607280][ T5069] team0: Device gtp0 is of different type
[   55.773866][ T5074] netlink: 300 bytes leftover after parsing attributes in process `syz.5.451'.
[   55.936842][ T5072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.947100][ T5072] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.971261][ T5091] Falling back ldisc for ptm0.
[   56.098893][ T5100] netlink: 8 bytes leftover after parsing attributes in process `syz.3.460'.
[   56.107920][ T5100] netlink: 'syz.3.460': attribute type 30 has an invalid length.
[   56.120920][ T2626] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   56.130923][ T2626] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   56.139418][ T2626] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   56.147972][ T2626] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   56.206359][ T5107] netlink: 300 bytes leftover after parsing attributes in process `syz.5.463'.
[   56.269162][ T5114] loop5: detected capacity change from 0 to 512
[   56.292023][ T5114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.300586][ T5114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.413758][ T5118] loop1: detected capacity change from 0 to 128
[   56.431287][ T5118] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   56.485062][ T5118] ext4 filesystem being mounted at /70/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   56.555990][ T5133] netlink: 'syz.4.471': attribute type 12 has an invalid length.
[   56.566507][ T5102] netlink: 132 bytes leftover after parsing attributes in process `syz.1.457'.
[   56.581447][ T5133] bond0: (slave bond_slave_0): Releasing backup interface
[   56.591758][ T5133] bond0: (slave bond_slave_1): Releasing backup interface
[   56.608394][ T5133] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   56.716536][ T5140] netlink: 'syz.2.473': attribute type 30 has an invalid length.
[   56.781557][ T5144] netlink: 'syz.4.475': attribute type 39 has an invalid length.
[   56.847688][ T5150] infiniband syz!: set down
[   56.852402][ T5150] infiniband syz!: added team_slave_0
[   56.892809][ T5150] RDS/IB: syz!: added
[   56.897312][ T5150] smc: adding ib device syz! with port count 1
[   56.907196][ T5150] smc:    ib device syz! port 1 has no pnetid
[   56.973623][ T3317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   57.061531][ T5154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.071814][ T5154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.125295][ T5169] Falling back ldisc for ptm0.
[   57.141918][ T5171] loop2: detected capacity change from 0 to 512
[   57.166745][ T5171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.189469][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.198632][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.204870][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.212617][ T5166] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   57.222963][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.229122][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.240493][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.247434][ T5171] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   57.260457][ T5164] EXT4-fs error (device loop2): ext4_get_first_dir_block:3535: inode #12: block 32: comm syz.2.481: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0
[   57.281157][ T5164] EXT4-fs error (device loop2): ext4_get_first_dir_block:3538: inode #12: comm syz.2.481: directory missing '.'
[   57.302181][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.330049][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.349309][ T5193] netlink: 'syz.3.487': attribute type 30 has an invalid length.
[   57.377796][ T5166] wg1 speed is unknown, defaulting to 1000
[   57.629964][ T5237] Falling back ldisc for ptm0.
[   57.765713][ T5256] netlink: 'syz.3.502': attribute type 30 has an invalid length.
[   57.822038][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.861035][ T5264] loop2: detected capacity change from 0 to 128
[   57.876997][ T5264] /dev/loop2: Can't open blockdev
[   57.914551][ T5270] bridge_slave_0: left allmulticast mode
[   57.920362][ T5270] bridge_slave_0: left promiscuous mode
[   57.926262][ T5270] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.964190][ T5270] bridge_slave_1: left allmulticast mode
[   57.969959][ T5270] bridge_slave_1: left promiscuous mode
[   57.975686][ T5270] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.994881][ T5270] bond0: (slave bond_slave_0): Releasing backup interface
[   58.005336][ T5270] bond0: (slave bond_slave_1): Releasing backup interface
[   58.017408][ T5270] team0: Port device team_slave_0 removed
[   58.026931][ T5270] team0: Port device team_slave_1 removed
[   58.038255][ T5270] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   58.058376][ T5267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   58.068250][ T5267] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.142674][ T5291] netlink: 'syz.4.514': attribute type 30 has an invalid length.
[   58.153965][ T5287] loop5: detected capacity change from 0 to 8192
[   58.161886][ T1616] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   58.183917][ T1616] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   58.220085][  T309] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   58.231310][  T309] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   58.258836][ T5302] xt_TCPMSS: Only works on TCP SYN packets
[   58.297791][ T5287] Falling back ldisc for ptm0.
[   58.358992][ T5310] loop5: detected capacity change from 0 to 512
[   58.361788][ T5307] 9p: Could not find request transport: fCM×@õà0xffffffffffffffff
[   58.384665][ T5310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   58.401467][ T5310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.441667][ T5316] vlan2: entered allmulticast mode
[   58.447003][ T5316] bridge_slave_0: entered allmulticast mode
[   58.508046][ T5318] wg1 speed is unknown, defaulting to 1000
[   58.514125][ T5324] loop3: detected capacity change from 0 to 2048
[   58.554683][ T3498] Alternate GPT is invalid, using primary GPT.
[   58.561229][ T3498]  loop3: p2 p3 p7
[   58.576262][ T5324] Alternate GPT is invalid, using primary GPT.
[   58.582802][ T5324]  loop3: p2 p3 p7
[   58.592522][ T5324] netlink: 'syz.3.524': attribute type 2 has an invalid length.
[   58.653151][   T29] kauditd_printk_skb: 915 callbacks suppressed
[   58.653169][   T29] audit: type=1326 audit(1766032666.205:3369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5263 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f67861e2005 code=0x7ffc0000
[   58.703420][ T5331] netlink: 'syz.4.527': attribute type 30 has an invalid length.
[   58.744235][   T29] audit: type=1326 audit(1766032666.235:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5263 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   58.767669][   T29] audit: type=1326 audit(1766032666.235:3371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5263 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   58.791009][   T29] audit: type=1326 audit(1766032666.235:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5263 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   58.814571][   T29] audit: type=1326 audit(1766032666.235:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5263 comm="syz.2.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   58.838132][   T29] audit: type=1326 audit(1766032666.265:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5332 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   58.861586][   T29] audit: type=1326 audit(1766032666.265:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5332 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   58.884914][   T29] audit: type=1326 audit(1766032666.275:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5332 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   58.908492][   T29] audit: type=1326 audit(1766032666.275:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5332 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   58.908572][   T29] audit: type=1326 audit(1766032666.275:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5332 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   59.253957][ T5356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.263635][ T5356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.379541][ T5370] atomic_op ffff88811b4f8d28 conn xmit_atomic 0000000000000000
[   59.401795][ T5370] SELinux: security_context_str_to_sid () failed with errno=-22
[   59.627925][ T5378] netlink: zone id is out of range
[   59.633179][ T5378] netlink: zone id is out of range
[   59.652750][ T5378] netlink: zone id is out of range
[   59.688608][ T5378] netlink: set zone limit has 8 unknown bytes
[   59.720287][ T5379] Falling back ldisc for ptm0.
[   59.814184][ T5386] pim6reg: entered allmulticast mode
[   59.819680][ T5385] pim6reg: left allmulticast mode
[   59.896887][ T5391] loop5: detected capacity change from 0 to 512
[   59.926080][ T5391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.934986][ T5391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.021206][ T5404] __nla_validate_parse: 18 callbacks suppressed
[   60.021222][ T5404] netlink: 300 bytes leftover after parsing attributes in process `syz.3.550'.
[   60.063644][ T5407] loop3: detected capacity change from 0 to 732
[   60.072522][ T5407] iso9660: Unknown parameter ''
[   60.154155][ T5407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.551'.
[   60.270084][ T5416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.553'.
[   60.313044][ T5420] loop2: detected capacity change from 0 to 2048
[   60.491246][ T5426] wg1 speed is unknown, defaulting to 1000
[   60.614351][ T5436] IPv6: Can't replace route, no match found
[   60.620546][ T5417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.655084][ T5417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.740835][ T5441] netlink: 300 bytes leftover after parsing attributes in process `syz.5.561'.
[   60.772670][ T5420]  loop2: p1 < > p4
[   60.780010][ T5420] loop2: p4 size 8388608 extends beyond EOD, truncated
[   60.906867][ T5452] loop5: detected capacity change from 0 to 2048
[   60.925797][ T5452] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.946973][ T5452] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.958251][ T5452] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.022767][ T5458] wg1 speed is unknown, defaulting to 1000
[   61.023490][ T5460] validate_nla: 3 callbacks suppressed
[   61.023509][ T5460] netlink: 'syz.1.566': attribute type 21 has an invalid length.
[   61.047240][ T5460] netlink: 152 bytes leftover after parsing attributes in process `syz.1.566'.
[   61.057864][ T5462] netlink: 'syz.5.567': attribute type 29 has an invalid length.
[   61.065828][ T5462] netlink: 'syz.5.567': attribute type 3 has an invalid length.
[   61.073578][ T5462] netlink: 132 bytes leftover after parsing attributes in process `syz.5.567'.
[   61.100843][ T5464] netlink: 8 bytes leftover after parsing attributes in process `syz.5.568'.
[   61.109856][ T5464] netlink: 'syz.5.568': attribute type 30 has an invalid length.
[   61.121897][ T1688] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   61.131013][ T1688] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   61.141185][ T1688] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   61.150207][ T1688] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   61.179259][ T5466] loop5: detected capacity change from 0 to 512
[   61.198022][ T5466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.214130][ T5468] loop1: detected capacity change from 0 to 1024
[   61.242187][ T5466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.318543][ T5474] loop2: detected capacity change from 0 to 512
[   61.363877][ T5477] netlink: 300 bytes leftover after parsing attributes in process `syz.1.574'.
[   61.421726][ T5483] loop2: detected capacity change from 0 to 1024
[   61.428907][ T5483] journal_path: Non-blockdev passed as './file1'
[   61.435434][ T5483] EXT4-fs: error: could not find journal device path
[   61.576628][ T5492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.579'.
[   61.585625][ T5492] netlink: 'syz.2.579': attribute type 30 has an invalid length.
[   61.600443][ T5494] loop1: detected capacity change from 0 to 512
[   61.623396][ T5496] loop2: detected capacity change from 0 to 512
[   61.649196][ T5496] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.649493][ T5494] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.664312][ T5496] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.685688][ T5494] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.697205][ T5496] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.581: corrupted xattr block 6: invalid header
[   61.710587][ T5496] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   61.712970][ T5494] netlink: 28 bytes leftover after parsing attributes in process `syz.1.580'.
[   61.719816][ T5496] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.581: corrupted xattr block 6: invalid header
[   61.742033][ T5496] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   61.751207][ T5496] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #12: comm syz.2.581: corrupted xattr block 6: invalid header
[   61.764720][ T5496] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   61.788020][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.797879][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.836573][ T5506] netdevsim netdevsim2: Direct firmware load for ./file1 failed with error -2
[   61.864057][ T5509] bond0: entered promiscuous mode
[   61.869160][ T5509] bond_slave_0: entered promiscuous mode
[   61.876429][ T5509] bond_slave_1: entered promiscuous mode
[   61.886369][ T5509] bond0: left promiscuous mode
[   61.891200][ T5509] bond_slave_0: left promiscuous mode
[   61.896961][ T5509] bond_slave_1: left promiscuous mode
[   61.928498][ T5515] sock: sock_timestamping_bind_phc: sock not bind to device
[   62.051079][ T5530] netlink: 'syz.2.592': attribute type 30 has an invalid length.
[   62.138335][ T5541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   62.163359][ T5541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   62.184692][ T5549] 9p: Bad value for 'wfdno'
[   62.229552][ T5552] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   62.243769][ T5552] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.310713][ T5552] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.600: Freeing blocks not in datazone - block = 0, count = 16
[   62.431735][ T2626] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:13: bg 0: block 112: padding at end of block bitmap is not set
[   62.462276][ T2626] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 8 with error 28
[   62.474602][ T2626] EXT4-fs (loop1): This should not happen!! Data will be lost
[   62.474602][ T2626] 
[   62.484362][ T2626] EXT4-fs (loop1): Total free blocks count 0
[   62.490351][ T2626] EXT4-fs (loop1): Free/Dirty block details
[   62.496308][ T2626] EXT4-fs (loop1): free_blocks=16
[   62.501377][ T2626] EXT4-fs (loop1): dirty_blocks=16
[   62.506570][ T2626] EXT4-fs (loop1): Block reservation details
[   62.513207][ T2626] EXT4-fs (loop1): i_reserved_data_blocks=1
[   62.550931][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   62.627484][ T5572] netlink: 'syz.1.604': attribute type 30 has an invalid length.
[   62.640041][ T2626] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   62.660616][ T2626] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   62.669988][ T2626] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   62.921087][ T2626] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   62.921440][ T5579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.944932][ T5579] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   62.983012][ T5579] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.607: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1
[   63.029246][ T5579] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 12: comm syz.1.607: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0
[   63.050575][ T5579] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 13: comm syz.1.607: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0
[   63.093650][ T5611] netlink: 'syz.5.617': attribute type 30 has an invalid length.
[   63.157493][ T5614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   63.186367][ T5614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   63.271330][ T5625] SELinux: failed to load policy
[   63.285007][ T5579] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #2: comm syz.1.607: corrupted inode contents
[   63.302695][ T5579] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #2: comm syz.1.607: mark_inode_dirty error
[   63.314684][ T5579] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #2: comm syz.1.607: corrupted inode contents
[   63.423529][ T5637] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   63.435011][ T5639] netlink: 'syz.2.629': attribute type 30 has an invalid length.
[   63.615754][ T5654] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[   63.627313][ T5654] EXT4-fs (loop3): orphan cleanup on readonly fs
[   63.634589][ T5654] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[   63.651169][ T5654] EXT4-fs (loop3): Cannot turn on quotas: error -22
[   63.661005][ T5654] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #13: comm syz.3.633: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   63.678859][   T29] kauditd_printk_skb: 598 callbacks suppressed
[   63.678873][   T29] audit: type=1326 audit(1766032671.205:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.708542][   T29] audit: type=1326 audit(1766032671.215:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.709223][ T5654] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.633: couldn't read orphan inode 13 (err -117)
[   63.731991][   T29] audit: type=1326 audit(1766032671.215:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.732030][   T29] audit: type=1326 audit(1766032671.215:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.790459][   T29] audit: type=1326 audit(1766032671.215:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.814175][   T29] audit: type=1326 audit(1766032671.215:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.837772][   T29] audit: type=1326 audit(1766032671.215:3983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.860984][   T29] audit: type=1326 audit(1766032671.215:3984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.884358][   T29] audit: type=1326 audit(1766032671.215:3985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.907753][   T29] audit: type=1326 audit(1766032671.215:3986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5647 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   63.930044][ T5654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   63.976980][ T5654] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   63.985972][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.996249][ T5670] netlink: 'syz.2.640': attribute type 30 has an invalid length.
[   64.004195][ T5654] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   64.014044][ T5654] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=2856c09c, mo2=0002]
[   64.051236][ T5654] System zones: 0-2, 18-18, 34-34
[   64.056673][ T5654] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[   64.111290][ T5676] EXT4-fs: dax option not supported
[   64.132670][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.172688][ T5676] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   64.184629][ T5676] EXT4-fs (loop5): orphan cleanup on readonly fs
[   64.191160][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.205039][ T5676] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem
[   64.214270][ T5676] EXT4-fs (loop5): 1 orphan inode deleted
[   64.220627][ T5676] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   64.234237][ T5676] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[   64.244704][ T5676] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   64.262433][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.275911][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.289548][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.303537][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.316957][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.330320][ T5676] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.641: Block bitmap for bg 0 marked uninitialized
[   64.346468][ T5687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.362244][ T5687] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.374529][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.532221][ T5726] 9p: Bad value for 'rfdno'
[   64.547937][ T5719] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[   64.606331][ T5729] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[   64.640271][ T5729] EXT4-fs (loop5): 1 truncate cleaned up
[   64.666325][ T5729] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   64.716800][ T5730] wg1 speed is unknown, defaulting to 1000
[   64.815737][ T5730] wg1 speed is unknown, defaulting to 1000
[   64.824517][ T5754] xt_HMARK: spi-set and port-set can't be combined
[   64.976921][ T5730] wg1 speed is unknown, defaulting to 1000
[   65.209650][ T5730] wg1 speed is unknown, defaulting to 1000
[   65.226349][ T5789] __nla_validate_parse: 22 callbacks suppressed
[   65.226371][ T5789] netlink: 300 bytes leftover after parsing attributes in process `syz.4.675'.
[   65.277283][ T5791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.676'.
[   65.364395][ T5730] wg1 speed is unknown, defaulting to 1000
[   65.413455][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.546213][ T5809] sctp: [Deprecated]: syz.1.681 (pid 5809) Use of int in max_burst socket option deprecated.
[   65.546213][ T5809] Use struct sctp_assoc_value instead
[   65.648643][ T5815] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=36 sclass=netlink_tcpdiag_socket pid=5815 comm=syz.1.681
[   65.649892][ T5801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.670020][ T5801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.954646][ T5831] netlink: 300 bytes leftover after parsing attributes in process `syz.3.686'.
[   65.967930][ T5823] netlink: 1 bytes leftover after parsing attributes in process `syz.2.684'.
[   66.007144][ T5835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.687'.
[   66.016490][ T5835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.687'.
[   66.033946][ T5837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.688'.
[   66.042893][ T5837] validate_nla: 5 callbacks suppressed
[   66.042906][ T5837] netlink: 'syz.4.688': attribute type 30 has an invalid length.
[   66.124116][ T5835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.687'.
[   66.240868][ T5849] set_capacity_and_notify: 9 callbacks suppressed
[   66.240905][ T5849] loop5: detected capacity change from 0 to 2048
[   66.277825][ T5849] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.290785][ T5849] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.347704][ T5860] loop5: detected capacity change from 0 to 512
[   66.372737][ T5860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   66.399914][ T5860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   66.473408][ T5868] loop1: detected capacity change from 0 to 512
[   66.497979][ T5869] loop3: detected capacity change from 0 to 512
[   66.515179][ T5868] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.528388][ T5869] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.697: bg 0: block 248: padding at end of block bitmap is not set
[   66.547611][ T5868] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.558754][ T5869] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.697: Failed to acquire dquot type 1
[   66.571585][ T5869] EXT4-fs (loop3): 1 truncate cleaned up
[   66.577977][ T5869] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.582514][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.590818][ T5869] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.620506][ T5863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=12
[   66.629660][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.643122][ T5863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=12
[   66.652460][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.666221][ T5863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=12
[   66.675357][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.689174][ T5863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=12
[   66.698252][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.712156][ T5863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=12
[   66.721814][ T5863] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.696: corrupted xattr block 6: invalid header
[   66.737323][ T5876] netlink: 300 bytes leftover after parsing attributes in process `syz.2.698'.
[   66.759871][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.781791][ T5880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.700'.
[   66.790744][ T5880] netlink: 'syz.1.700': attribute type 30 has an invalid length.
[   66.820127][ T5882] wireguard0: entered promiscuous mode
[   66.825687][ T5882] wireguard0: entered allmulticast mode
[   66.985991][ T5892] loop5: detected capacity change from 0 to 512
[   66.991206][ T5888] wg1 speed is unknown, defaulting to 1000
[   67.008639][ T5892] EXT4-fs (loop5): 1 truncate cleaned up
[   67.016875][ T5892] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.060068][ T5885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.086854][ T5885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.102543][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.180113][ T5869] syz.3.697 (5869) used greatest stack depth: 9088 bytes left
[   67.223649][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.334663][ T5904] ip6gre1: entered promiscuous mode
[   67.340015][ T5904] ip6gre1: entered allmulticast mode
[   67.356159][ T5904] syz.5.708 (5904) used greatest stack depth: 8672 bytes left
[   67.441708][ T5919] loop2: detected capacity change from 0 to 512
[   67.471935][ T5919] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   67.511212][ T5919] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[   67.511324][ T5919] EXT4-fs: failed to create workqueue
[   67.526382][ T5919] EXT4-fs (loop2): mount failed
[   67.645747][ T5941] netlink: 'syz.1.720': attribute type 30 has an invalid length.
[   67.660865][ T5943] loop2: detected capacity change from 0 to 764
[   67.678899][ T5942] loop5: detected capacity change from 0 to 512
[   67.728876][ T5942] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.819225][ T5961] loop3: detected capacity change from 0 to 512
[   67.868106][ T5961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.876705][ T5961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.907282][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.079726][ T5985] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[   68.100993][ T5985] loop5: detected capacity change from 0 to 512
[   68.107862][ T5985] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   68.133467][ T5985] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #16: comm syz.5.728: invalid indirect mapped block 4294967295 (level 0)
[   68.166327][ T5973] ip6gre1: entered promiscuous mode
[   68.171587][ T5973] ip6gre1: entered allmulticast mode
[   68.198735][ T5985] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #16: comm syz.5.728: invalid indirect mapped block 4294967295 (level 1)
[   68.223376][ T5985] EXT4-fs (loop5): 1 orphan inode deleted
[   68.229148][ T5985] EXT4-fs (loop5): 1 truncate cleaned up
[   68.235449][ T5985] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.258555][ T5985] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   68.284830][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.306824][ T5993] netlink: 'syz.4.732': attribute type 30 has an invalid length.
[   68.386716][ T5999] netlink: 'syz.5.735': attribute type 20 has an invalid length.
[   68.394551][ T5999] netlink: 'syz.5.735': attribute type 21 has an invalid length.
[   68.424440][ T5991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.434809][ T5991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.529124][ T6021] msdos: Bad value for 'umask'
[   68.602483][ T3498]  loop3: p1 < > p3 p4
[   68.608096][ T3498] loop3: p3 start 458752 is beyond EOD, truncated
[   68.614695][ T3498] loop3: p4 start 268435456 is beyond EOD, truncated
[   68.668330][ T6031] netlink: 'syz.5.747': attribute type 30 has an invalid length.
[   68.680304][ T6023]  loop3: p1 < > p3 p4
[   68.685522][ T6023] loop3: p3 start 458752 is beyond EOD, truncated
[   68.692085][ T6023] loop3: p4 start 268435456 is beyond EOD, truncated
[   68.703325][   T29] kauditd_printk_skb: 496 callbacks suppressed
[   68.703343][   T29] audit: type=1400 audit(1766032676.255:4481): avc:  denied  { read write } for  pid=6022 comm="syz.3.744" name="loop3p1" dev="devtmpfs" ino=911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   68.711529][ T6023] syzkaller1: entered promiscuous mode
[   68.734046][   T29] audit: type=1400 audit(1766032676.255:4482): avc:  denied  { open } for  pid=6022 comm="syz.3.744" path="/dev/loop3p1" dev="devtmpfs" ino=911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   68.738288][ T6023] syzkaller1: entered allmulticast mode
[   68.761357][   T29] audit: type=1400 audit(1766032676.255:4483): avc:  denied  { ioctl } for  pid=6022 comm="syz.3.744" path="socket:[13560]" dev="sockfs" ino=13560 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   68.922335][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.932008][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.986139][ T6035] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   69.007278][   T29] audit: type=1326 audit(1766032676.555:4484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.040048][   T29] audit: type=1326 audit(1766032676.555:4485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.063493][   T29] audit: type=1326 audit(1766032676.555:4486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.086836][   T29] audit: type=1326 audit(1766032676.555:4487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.110169][   T29] audit: type=1326 audit(1766032676.555:4488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.133635][   T29] audit: type=1326 audit(1766032676.555:4489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.157177][   T29] audit: type=1326 audit(1766032676.555:4490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6043 comm="syz.1.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   69.223267][ T6060] netlink: 'syz.3.758': attribute type 30 has an invalid length.
[   69.335275][ T6066] bridge0: entered allmulticast mode
[   69.376347][ T6062] ip6gre1: entered promiscuous mode
[   69.381678][ T6062] ip6gre1: entered allmulticast mode
[   69.392165][ T6062] syz.1.759 (6062) used greatest stack depth: 8640 bytes left
[   69.541037][ T6087] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.585066][ T6099] netlink: 'syz.3.771': attribute type 30 has an invalid length.
[   69.599494][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.702899][ T6112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.711514][ T6112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.741831][ T6115] EXT4-fs: Mount option(s) incompatible with ext2
[   70.144663][ T6142] netlink: 'syz.2.787': attribute type 30 has an invalid length.
[   70.177136][ T6140] tap0: tun_chr_ioctl cmd 1074025677
[   70.190363][ T6140] tap0: linktype set to 0
[   70.357779][ T6169] __nla_validate_parse: 20 callbacks suppressed
[   70.357806][ T6169] netlink: 300 bytes leftover after parsing attributes in process `syz.1.792'.
[   70.409051][ T6174] pimreg: entered allmulticast mode
[   70.471781][ T6174] pimreg: left allmulticast mode
[   70.526143][ T6196] netlink: 44 bytes leftover after parsing attributes in process `syz.2.797'.
[   70.539490][ T6193] EXT4-fs: Ignoring removed bh option
[   70.582620][ T6193] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.795796][ T6191] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   70.798875][ T6202] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   70.815113][ T6202] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.823143][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.796'.
[   70.834847][ T6191] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.846762][ T6191] bridge_slave_0 (unregistering): left allmulticast mode
[   70.854010][ T6191] bridge_slave_0 (unregistering): left promiscuous mode
[   70.861140][ T6191] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.878257][ T6210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   70.887237][ T6210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.914241][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.980753][ T6216] netlink: 300 bytes leftover after parsing attributes in process `syz.4.804'.
[   71.140598][ T6230] netlink: 44 bytes leftover after parsing attributes in process `syz.1.809'.
[   71.281980][ T6239] validate_nla: 1 callbacks suppressed
[   71.287645][ T6239] netlink: 'syz.3.812': attribute type 30 has an invalid length.
[   71.414183][ T6248] netlink: 300 bytes leftover after parsing attributes in process `syz.3.816'.
[   71.449870][ T6255] netlink: 44 bytes leftover after parsing attributes in process `syz.5.820'.
[   71.470656][ T6257] netlink: 60 bytes leftover after parsing attributes in process `syz.1.821'.
[   71.479894][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.821'.
[   71.488850][ T6257] netlink: 60 bytes leftover after parsing attributes in process `syz.1.821'.
[   71.635421][ T6274] netlink: 'syz.2.827': attribute type 30 has an invalid length.
[   71.669099][ T6263] ip6gre1: entered promiscuous mode
[   71.674369][ T6263] ip6gre1: entered allmulticast mode
[   71.754040][ T6284] set_capacity_and_notify: 10 callbacks suppressed
[   71.754056][ T6284] loop1: detected capacity change from 0 to 512
[   71.757471][ T6266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.792172][ T6266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   71.817308][ T6284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.852220][ T6284] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   71.982740][ T6307] vlan2: entered allmulticast mode
[   71.987966][ T6307] bridge_slave_0: entered allmulticast mode
[   72.099365][ T6314] netlink: 'syz.3.840': attribute type 30 has an invalid length.
[   72.236832][ T6312] ip6gre1: entered promiscuous mode
[   72.242147][ T6312] ip6gre1: entered allmulticast mode
[   72.369337][ T6343] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=2572 sclass=netlink_xfrm_socket pid=6343 comm=syz.4.845
[   72.543434][ T6373] netlink: 'syz.1.852': attribute type 30 has an invalid length.
[   72.707436][ T6391] loop5: detected capacity change from 0 to 512
[   72.736485][ T6391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.766668][ T6391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.775482][ T6380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.785331][ T6380] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.932276][ T6398] wg1 speed is unknown, defaulting to 1000
[   72.979780][ T6413] netlink: 'syz.2.866': attribute type 30 has an invalid length.
[   73.135644][ T2626] Bluetooth: hci0: Frame reassembly failed (-84)
[   73.142228][ T6425] Bluetooth: hci0: Frame reassembly failed (-84)
[   73.407108][ T6450] loop5: detected capacity change from 0 to 512
[   73.415943][ T6450] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   73.440026][ T6450] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   73.472528][ T6450] EXT4-fs (loop5): 1 truncate cleaned up
[   73.478591][ T6450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.531664][ T6461] netlink: 'syz.2.878': attribute type 30 has an invalid length.
[   73.771435][   T29] kauditd_printk_skb: 1165 callbacks suppressed
[   73.771453][   T29] audit: type=1326 audit(1766032681.315:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.805898][   T29] audit: type=1326 audit(1766032681.345:5657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.807575][ T4220] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.829337][   T29] audit: type=1326 audit(1766032681.345:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.861812][   T29] audit: type=1326 audit(1766032681.345:5659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.885208][   T29] audit: type=1326 audit(1766032681.345:5660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.902785][ T6471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   73.908613][   T29] audit: type=1326 audit(1766032681.345:5661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.917396][ T6471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   73.940405][   T29] audit: type=1326 audit(1766032681.345:5662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.971577][   T29] audit: type=1326 audit(1766032681.345:5663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   73.994971][   T29] audit: type=1326 audit(1766032681.345:5664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   74.018332][   T29] audit: type=1326 audit(1766032681.345:5665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6481 comm="syz.4.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f123484f749 code=0x7ffc0000
[   74.289366][ T6495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   74.299555][ T6495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   74.685958][ T6543] netlink: 'syz.2.903': attribute type 21 has an invalid length.
[   74.694161][ T6543] netlink: 'syz.2.903': attribute type 3 has an invalid length.
[   75.045187][ T6557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.053864][ T6557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.147864][ T6581] FAULT_INJECTION: forcing a failure.
[   75.147864][ T6581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.161111][ T6581] CPU: 1 UID: 0 PID: 6581 Comm: syz.3.917 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   75.161151][ T6581] Tainted: [W]=WARN
[   75.161159][ T6581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   75.161171][ T6581] Call Trace:
[   75.161178][ T6581]  <TASK>
[   75.161186][ T6581]  __dump_stack+0x1d/0x30
[   75.161294][ T6581]  dump_stack_lvl+0xe8/0x140
[   75.161375][ T6581]  dump_stack+0x15/0x1b
[   75.161401][ T6581]  should_fail_ex+0x265/0x280
[   75.161431][ T6581]  should_fail+0xb/0x20
[   75.161455][ T6581]  should_fail_usercopy+0x1a/0x20
[   75.161561][ T6581]  _copy_from_user+0x1c/0xb0
[   75.161646][ T6581]  ___sys_recvmsg+0xaa/0x370
[   75.161685][ T6581]  ? 0xffffffff81000000
[   75.161702][ T6581]  ? __rcu_read_unlock+0x4f/0x70
[   75.161740][ T6581]  __x64_sys_recvmsg+0xd1/0x160
[   75.161806][ T6581]  x64_sys_call+0x2cbf/0x3000
[   75.161849][ T6581]  do_syscall_64+0xd8/0x2c0
[   75.161883][ T6581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.161983][ T6581] RIP: 0033:0x7f5ab80ef749
[   75.162002][ T6581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.162023][ T6581] RSP: 002b:00007f5ab6b57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   75.162142][ T6581] RAX: ffffffffffffffda RBX: 00007f5ab8345fa0 RCX: 00007f5ab80ef749
[   75.162157][ T6581] RDX: 0000000000000020 RSI: 00002000000005c0 RDI: 000000000000000a
[   75.162172][ T6581] RBP: 00007f5ab6b57090 R08: 0000000000000000 R09: 0000000000000000
[   75.162245][ T6581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.162273][ T6581] R13: 00007f5ab8346038 R14: 00007f5ab8345fa0 R15: 00007ffc23c0b618
[   75.162295][ T6581]  </TASK>
[   75.337028][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   75.341590][ T3806] Bluetooth: hci0: command 0x1003 tx timeout
[   75.384246][ T6585] openvswitch: netlink: Missing key (keys=40, expected=100)
[   75.398448][ T6585] __nla_validate_parse: 21 callbacks suppressed
[   75.398469][ T6585] netlink: 44 bytes leftover after parsing attributes in process `syz.1.918'.
[   75.496749][ T6592] netlink: 4 bytes leftover after parsing attributes in process `syz.4.921'.
[   75.614526][ T6587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.623360][ T6587] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.733677][ T6633] netlink: 104 bytes leftover after parsing attributes in process `syz.1.929'.
[   75.789259][ T6645] loop1: detected capacity change from 0 to 512
[   75.801341][ T6647] netlink: 300 bytes leftover after parsing attributes in process `syz.3.932'.
[   75.834261][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.844841][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.863944][ T6654] netlink: 44 bytes leftover after parsing attributes in process `syz.3.933'.
[   76.038793][ T6667] netlink: 44 bytes leftover after parsing attributes in process `syz.3.937'.
[   76.065104][ T6669] syzkaller0: entered allmulticast mode
[   76.070826][ T6669] syzkaller0: entered promiscuous mode
[   76.077116][ T6669] netlink: 44 bytes leftover after parsing attributes in process `syz.5.938'.
[   76.087089][ T6669] syzkaller0: left promiscuous mode
[   76.092450][ T6669] syzkaller0: left allmulticast mode
[   76.132151][ T6667] FAULT_INJECTION: forcing a failure.
[   76.132151][ T6667] name failslab, interval 1, probability 0, space 0, times 0
[   76.144939][ T6667] CPU: 1 UID: 0 PID: 6667 Comm: syz.3.937 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   76.144972][ T6667] Tainted: [W]=WARN
[   76.144978][ T6667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   76.145016][ T6667] Call Trace:
[   76.145025][ T6667]  <TASK>
[   76.145034][ T6667]  __dump_stack+0x1d/0x30
[   76.145064][ T6667]  dump_stack_lvl+0xe8/0x140
[   76.145094][ T6667]  dump_stack+0x15/0x1b
[   76.145185][ T6667]  should_fail_ex+0x265/0x280
[   76.145216][ T6667]  should_failslab+0x8c/0xb0
[   76.145246][ T6667]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[   76.145296][ T6667]  ? __alloc_skb+0x324/0x4d0
[   76.145324][ T6667]  __alloc_skb+0x324/0x4d0
[   76.145355][ T6667]  ? __alloc_skb+0x24d/0x4d0
[   76.145382][ T6667]  alloc_skb_with_frags+0x7d/0x470
[   76.145482][ T6667]  ? update_curr+0x2c/0x150
[   76.145504][ T6667]  ? tracing_record_taskinfo_sched_switch+0x71/0x260
[   76.145541][ T6667]  ? rcu_segcblist_enqueue+0x92/0xb0
[   76.145571][ T6667]  virtio_transport_alloc_skb+0x91/0x710
[   76.145723][ T6667]  virtio_transport_send_pkt_info+0x43d/0x820
[   76.145764][ T6667]  virtio_transport_release+0x11b/0x450
[   76.145796][ T6667]  ? lock_sock_nested+0x112/0x140
[   76.145846][ T6667]  __vsock_release+0x6d/0x380
[   76.145866][ T6667]  vsock_release+0x5b/0x90
[   76.145908][ T6667]  sock_close+0x6b/0x150
[   76.145999][ T6667]  ? __pfx_sock_close+0x10/0x10
[   76.146052][ T6667]  __fput+0x29b/0x650
[   76.146091][ T6667]  ____fput+0x1c/0x30
[   76.146123][ T6667]  task_work_run+0x131/0x1a0
[   76.146144][ T6667]  get_signal+0xe12/0xf70
[   76.146271][ T6667]  ? _raw_spin_unlock+0x26/0x50
[   76.146295][ T6667]  ? finish_task_switch+0x7a/0x2a0
[   76.146464][ T6667]  arch_do_signal_or_restart+0x96/0x450
[   76.146498][ T6667]  exit_to_user_mode_loop+0x6a/0x740
[   76.146586][ T6667]  do_syscall_64+0x1ef/0x2c0
[   76.146624][ T6667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.146646][ T6667] RIP: 0033:0x7f5ab80ef749
[   76.146662][ T6667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.146757][ T6667] RSP: 002b:00007f5ab6b57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   76.146777][ T6667] RAX: fffffffffffffff5 RBX: 00007f5ab8345fa0 RCX: 00007f5ab80ef749
[   76.146791][ T6667] RDX: 0000000000000020 RSI: 00002000000005c0 RDI: 000000000000000a
[   76.146814][ T6667] RBP: 00007f5ab6b57090 R08: 0000000000000000 R09: 0000000000000000
[   76.146827][ T6667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.146840][ T6667] R13: 00007f5ab8346038 R14: 00007f5ab8345fa0 R15: 00007ffc23c0b618
[   76.146860][ T6667]  </TASK>
[   76.483702][ T6688] netlink: 240 bytes leftover after parsing attributes in process `syz.3.945'.
[   76.492903][ T6688] netlink: 240 bytes leftover after parsing attributes in process `syz.3.945'.
[   76.578859][ T6695] netlink: 300 bytes leftover after parsing attributes in process `syz.3.947'.
[   76.633998][ T6697] loop5: detected capacity change from 0 to 512
[   76.652342][ T6697] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[   76.661106][ T6697] FAT-fs (loop5): Filesystem has been set read-only
[   76.673320][ T6697] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 548)
[   76.718714][ T6697] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[   76.932841][ T6711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.941534][ T6711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.060001][ T6738] loop3: detected capacity change from 0 to 512
[   77.100438][ T6732] wg1 speed is unknown, defaulting to 1000
[   77.176846][ T6744] loop5: detected capacity change from 0 to 512
[   77.199195][ T6744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   77.212523][ T6744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.284701][ T6751] loop3: detected capacity change from 0 to 512
[   77.304153][ T6751] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[   77.313041][ T6751] FAT-fs (loop3): Filesystem has been set read-only
[   77.320246][ T6751] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[   77.330942][ T6751] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[   77.693352][ T6765] wg1 speed is unknown, defaulting to 1000
[   77.788456][ T6770] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6770 comm=syz.3.972
[   77.821707][ T6786] FAULT_INJECTION: forcing a failure.
[   77.821707][ T6786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   77.834980][ T6786] CPU: 1 UID: 0 PID: 6786 Comm: syz.5.975 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   77.835021][ T6786] Tainted: [W]=WARN
[   77.835109][ T6786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   77.835126][ T6786] Call Trace:
[   77.835178][ T6786]  <TASK>
[   77.835188][ T6786]  __dump_stack+0x1d/0x30
[   77.835229][ T6786]  dump_stack_lvl+0xe8/0x140
[   77.835348][ T6786]  dump_stack+0x15/0x1b
[   77.835374][ T6786]  should_fail_ex+0x265/0x280
[   77.835429][ T6786]  should_fail+0xb/0x20
[   77.835462][ T6786]  should_fail_usercopy+0x1a/0x20
[   77.835490][ T6786]  _copy_from_user+0x1c/0xb0
[   77.835560][ T6786]  do_tcp_setsockopt+0x41c/0x1680
[   77.835599][ T6786]  ? selinux_socket_setsockopt+0x1ad/0x1e0
[   77.835630][ T6786]  tcp_setsockopt+0x51/0xb0
[   77.835651][ T6786]  sock_common_setsockopt+0x69/0x80
[   77.835741][ T6786]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   77.835766][ T6786]  __sys_setsockopt+0x184/0x200
[   77.835797][ T6786]  __x64_sys_setsockopt+0x64/0x80
[   77.835894][ T6786]  x64_sys_call+0x21d5/0x3000
[   77.835921][ T6786]  do_syscall_64+0xd8/0x2c0
[   77.835960][ T6786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.836078][ T6786] RIP: 0033:0x7f4e458df749
[   77.836124][ T6786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.836147][ T6786] RSP: 002b:00007f4e44347038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   77.836171][ T6786] RAX: ffffffffffffffda RBX: 00007f4e45b35fa0 RCX: 00007f4e458df749
[   77.836187][ T6786] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000003
[   77.836203][ T6786] RBP: 00007f4e44347090 R08: 0000000000000004 R09: 0000000000000000
[   77.836218][ T6786] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   77.836234][ T6786] R13: 00007f4e45b36038 R14: 00007f4e45b35fa0 R15: 00007ffebaf51f48
[   77.836299][ T6786]  </TASK>
[   78.110996][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.118599][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.118723][ T6803] loop5: detected capacity change from 0 to 512
[   78.125215][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.310248][ T6802] infiniband syz2: set active
[   78.315081][ T6802] infiniband syz2: added ip6_vti0
[   78.320158][ T3392] ip6_vti0 speed is unknown, defaulting to 1000
[   78.355182][ T6802] RDS/IB: syz2: added
[   78.360776][ T6802] smc: adding ib device syz2 with port count 1
[   78.367422][ T6802] smc:    ib device syz2 port 1 has no pnetid
[   78.373611][ T3392] ip6_vti0 speed is unknown, defaulting to 1000
[   78.380710][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.451384][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.484450][ T6828] loop2: detected capacity change from 0 to 512
[   78.507024][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.524389][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.533064][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   78.574418][ T6824] wg1 speed is unknown, defaulting to 1000
[   78.584691][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.642714][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.689281][ T6824] ip6_vti0 speed is unknown, defaulting to 1000
[   78.728348][ T6802] ip6_vti0 speed is unknown, defaulting to 1000
[   78.880893][   T29] kauditd_printk_skb: 591 callbacks suppressed
[   78.880914][   T29] audit: type=1400 audit(1766032686.425:6257): avc:  denied  { create } for  pid=6831 comm="syz.5.987" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=irda_socket permissive=1
[   78.969141][   T29] audit: type=1326 audit(1766032686.515:6258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ab80e65e7 code=0x7ffc0000
[   78.993029][   T29] audit: type=1326 audit(1766032686.515:6259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ab808b829 code=0x7ffc0000
[   79.016441][   T29] audit: type=1326 audit(1766032686.515:6260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ab80e65e7 code=0x7ffc0000
[   79.040089][   T29] audit: type=1326 audit(1766032686.515:6261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ab808b829 code=0x7ffc0000
[   79.063559][   T29] audit: type=1326 audit(1766032686.515:6262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   79.087246][   T29] audit: type=1326 audit(1766032686.515:6263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   79.110925][   T29] audit: type=1326 audit(1766032686.515:6264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   79.134554][   T29] audit: type=1326 audit(1766032686.515:6265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5ab80ef749 code=0x7ffc0000
[   79.158045][   T29] audit: type=1326 audit(1766032686.515:6266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ab80e65e7 code=0x7ffc0000
[   79.182575][ T6840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.191123][ T6840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.440839][ T3392] IPVS: starting estimator thread 0...
[   79.449728][ T6880] loop3: detected capacity change from 0 to 512
[   79.463507][ T6880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.473070][ T6880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.542077][ T6881] IPVS: using max 2160 ests per chain, 108000 per kthread
[   79.637574][ T6877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.646271][ T6877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.781937][ T6893] loop2: detected capacity change from 0 to 512
[   79.793569][ T6893] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   79.817399][ T6893] EXT4-fs (loop2): mount failed
[   81.163866][ T6978] __nla_validate_parse: 18 callbacks suppressed
[   81.163906][ T6978] netlink: 300 bytes leftover after parsing attributes in process `syz.3.1036'.
[   81.224399][ T6982] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1037'.
[   81.233696][ T6981] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1038'.
[   81.655767][ T6993] loop3: detected capacity change from 0 to 512
[   81.680276][ T6993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.688861][ T6993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.043533][ T7007] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[   82.236823][ T7009] FAULT_INJECTION: forcing a failure.
[   82.236823][ T7009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   82.249994][ T7009] CPU: 1 UID: 0 PID: 7009 Comm: syz.3.1046 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   82.250063][ T7009] Tainted: [W]=WARN
[   82.250071][ T7009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   82.250084][ T7009] Call Trace:
[   82.250091][ T7009]  <TASK>
[   82.250100][ T7009]  __dump_stack+0x1d/0x30
[   82.250131][ T7009]  dump_stack_lvl+0xe8/0x140
[   82.250219][ T7009]  dump_stack+0x15/0x1b
[   82.250246][ T7009]  should_fail_ex+0x265/0x280
[   82.250271][ T7009]  should_fail+0xb/0x20
[   82.250323][ T7009]  should_fail_usercopy+0x1a/0x20
[   82.250350][ T7009]  _copy_to_user+0x20/0xa0
[   82.250389][ T7009]  simple_read_from_buffer+0xb5/0x130
[   82.250486][ T7009]  proc_fail_nth_read+0x10e/0x150
[   82.250551][ T7009]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   82.250639][ T7009]  vfs_read+0x1a8/0x770
[   82.250663][ T7009]  ? __rcu_read_unlock+0x4f/0x70
[   82.250687][ T7009]  ? __fget_files+0x184/0x1c0
[   82.250717][ T7009]  ? mutex_lock+0x58/0x90
[   82.250749][ T7009]  ksys_read+0xda/0x1a0
[   82.250814][ T7009]  __x64_sys_read+0x40/0x50
[   82.250840][ T7009]  x64_sys_call+0x2889/0x3000
[   82.250873][ T7009]  do_syscall_64+0xd8/0x2c0
[   82.250941][ T7009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.250970][ T7009] RIP: 0033:0x7f5ab80ee15c
[   82.250989][ T7009] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   82.251013][ T7009] RSP: 002b:00007f5ab6b57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   82.251065][ T7009] RAX: ffffffffffffffda RBX: 00007f5ab8345fa0 RCX: 00007f5ab80ee15c
[   82.251088][ T7009] RDX: 000000000000000f RSI: 00007f5ab6b570a0 RDI: 0000000000000007
[   82.251104][ T7009] RBP: 00007f5ab6b57090 R08: 0000000000000000 R09: 0000000000000000
[   82.251119][ T7009] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.251135][ T7009] R13: 00007f5ab8346038 R14: 00007f5ab8345fa0 R15: 00007ffc23c0b618
[   82.251162][ T7009]  </TASK>
[   82.672849][ T7015] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1049'.
[   83.109136][ T7034] loop5: detected capacity change from 0 to 512
[   83.129321][ T7034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.150143][ T7034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.278186][ T7043] netlink: 300 bytes leftover after parsing attributes in process `syz.1.1059'.
[   83.315698][ T7045] loop1: detected capacity change from 0 to 1024
[   83.322887][ T7028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.353364][ T7028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.399314][ T7045] SELinux: failed to load policy
[   83.463758][ T7048] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1061'.
[   83.763061][ T7067] netlink: 'syz.2.1068': attribute type 15 has an invalid length.
[   83.770977][ T7067] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1068'.
[   83.953506][ T7088] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1074'.
[   83.981731][   T29] kauditd_printk_skb: 736 callbacks suppressed
[   83.981748][   T29] audit: type=1400 audit(1766032691.525:7002): avc:  denied  { bind } for  pid=7090 comm="syz.3.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   84.011334][ T7091] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.016568][   T29] audit: type=1400 audit(1766032691.535:7003): avc:  denied  { setopt } for  pid=7090 comm="syz.3.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   84.021376][ T7091] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.041613][   T29] audit: type=1326 audit(1766032691.555:7004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.063411][ T7094] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1075'.
[   84.074861][   T29] audit: type=1326 audit(1766032691.555:7005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.107373][   T29] audit: type=1326 audit(1766032691.555:7006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.130820][   T29] audit: type=1326 audit(1766032691.555:7007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.154670][   T29] audit: type=1326 audit(1766032691.615:7008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.2.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   84.178124][   T29] audit: type=1326 audit(1766032691.615:7009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.2.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67861af749 code=0x7ffc0000
[   84.201617][   T29] audit: type=1326 audit(1766032691.635:7010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.225218][   T29] audit: type=1326 audit(1766032691.635:7011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7078 comm="syz.1.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89d32af749 code=0x7ffc0000
[   84.264355][ T7091] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.274276][ T7091] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.297675][ T7097] loop1: detected capacity change from 0 to 8192
[   84.308138][ T7099] loop2: detected capacity change from 0 to 512
[   84.324251][ T7091] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.324327][ T7091] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.340983][ T7099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.341068][ T7099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.354260][ T7091] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.354301][ T7091] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.408910][ T1688] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   84.417154][ T1688] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.430275][ T1688] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   84.438593][ T1688] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.450290][  T364] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   84.458547][  T364] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.469443][  T364] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   84.477795][  T364] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.492037][ T7097] loop1: detected capacity change from 8192 to 0
[   84.492183][ T7100] ==================================================================
[   84.506608][ T7100] BUG: KCSAN: data-race in __bio_queue_enter / blk_mq_unfreeze_queue_nomemrestore
[   84.515836][ T7100] 
[   84.518168][ T7100] read-write to 0xffff8881021146f4 of 4 bytes by task 7097 on cpu 1:
[   84.526244][ T7100]  blk_mq_unfreeze_queue_nomemrestore+0x38/0xc0
[   84.532511][ T7100]  loop_set_status+0x3a3/0x6a0
[   84.537291][ T7100]  lo_ioctl+0x671/0x12b0
[   84.541542][ T7100]  blkdev_ioctl+0x37d/0x460
[   84.546061][ T7100]  __se_sys_ioctl+0xce/0x140
[   84.550739][ T7100]  __x64_sys_ioctl+0x43/0x50
[   84.555357][ T7100]  x64_sys_call+0x14b0/0x3000
[   84.560050][ T7100]  do_syscall_64+0xd8/0x2c0
[   84.564677][ T7100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.570581][ T7100] 
[   84.572911][ T7100] read to 0xffff8881021146f4 of 4 bytes by task 7100 on cpu 0:
[   84.580542][ T7100]  __bio_queue_enter+0x1e5/0x5a0
[   84.585523][ T7100]  blk_mq_submit_bio+0x196/0x1120
[   84.590560][ T7100]  __submit_bio+0xed/0x4d0
[   84.594993][ T7100]  submit_bio_noacct_nocheck+0x152/0x5c0
[   84.600724][ T7100]  submit_bio_noacct+0x746/0x9a0
[   84.605670][ T7100]  submit_bio+0x2a6/0x2c0
[   84.610007][ T7100]  submit_bh_wbc+0x2e0/0x320
[   84.614614][ T7100]  __sync_dirty_buffer+0x16b/0x230
[   84.619744][ T7100]  sync_dirty_buffer+0x1a/0x30
[   84.624526][ T7100]  fat_mirror_bhs+0x270/0x320
[   84.629210][ T7100]  fat_ent_write+0xd0/0xe0
[   84.633640][ T7100]  fat_chain_add+0x15d/0x440
[   84.638246][ T7100]  fat_get_block+0x46c/0x5e0
[   84.642872][ T7100]  __block_write_begin_int+0x400/0xf90
[   84.648347][ T7100]  cont_write_begin+0x5ff/0x970
[   84.653229][ T7100]  fat_write_begin+0x4f/0xe0
[   84.657858][ T7100]  generic_perform_write+0x184/0x490
[   84.663160][ T7100]  __generic_file_write_iter+0x9e/0x120
[   84.668727][ T7100]  generic_file_write_iter+0x8d/0x2f0
[   84.674121][ T7100]  vfs_write+0x52a/0x960
[   84.678371][ T7100]  ksys_write+0xda/0x1a0
[   84.682630][ T7100]  __x64_sys_write+0x40/0x50
[   84.687240][ T7100]  x64_sys_call+0x2847/0x3000
[   84.691941][ T7100]  do_syscall_64+0xd8/0x2c0
[   84.696478][ T7100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.702387][ T7100] 
[   84.704720][ T7100] value changed: 0x00000001 -> 0x00000000
[   84.710441][ T7100] 
[   84.712797][ T7100] Reported by Kernel Concurrency Sanitizer on:
[   84.718961][ T7100] CPU: 0 UID: 0 PID: 7100 Comm: syz.1.1076 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   84.730279][ T7100] Tainted: [W]=WARN
[   84.734091][ T7100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   84.744163][ T7100] ==================================================================
[   84.754654][    C1] I/O error, dev loop1, sector 33 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[   84.764459][    C1] Buffer I/O error on dev loop1, logical block 33, lost sync page write
[   84.779506][ T7100] Buffer I/O error on dev loop1, logical block 1, lost sync page write
[   84.800142][ T7100] FAT-fs (loop1): unable to read inode block for updating (i_pos 2070)
[   84.812116][ T7100] Buffer I/O error on dev loop1, logical block 185, lost async page write
[   84.820859][ T7100] Buffer I/O error on dev loop1, logical block 186, lost async page write
[   84.829792][ T7100] Buffer I/O error on dev loop1, logical block 187, lost async page write
[   84.838668][ T7100] Buffer I/O error on dev loop1, logical block 188, lost async page write
[   84.847267][ T7100] Buffer I/O error on dev loop1, logical block 189, lost async page write
[   84.855983][ T7100] Buffer I/O error on dev loop1, logical block 190, lost async page write
[   84.864626][ T7100] Buffer I/O error on dev loop1, logical block 191, lost async page write
[   84.873353][ T7100] Buffer I/O error on dev loop1, logical block 193, lost async page write
[   84.910478][ T3317] FAT-fs (loop1): Directory bread(block 129) failed
[   84.917252][ T3317] FAT-fs (loop1): Directory bread(block 130) failed
[   84.924149][ T3317] FAT-fs (loop1): Directory bread(block 131) failed
[   84.930821][ T3317] FAT-fs (loop1): Directory bread(block 132) failed
[   84.937659][ T3317] FAT-fs (loop1): Directory bread(block 133) failed
[   84.944451][ T3317] FAT-fs (loop1): Directory bread(block 134) failed
[   84.951148][ T3317] FAT-fs (loop1): Directory bread(block 135) failed
[   84.965780][   T31] FAT-fs (loop1): unable to read inode block for updating (i_pos 2070)
[   84.974397][ T3317] FAT-fs (loop1): unable to read inode block for updating (i_pos 2070)
[   84.982872][ T3317] FAT-fs (loop1): unable to read inode block for updating (i_pos 2070)
[   84.991123][ T3317] FAT-fs (loop1): Failed to update on disk inode for unused fallocated blocks, inode could be corrupted. Please run fsck