last executing test programs:

5m42.208012072s ago: executing program 3 (id=109):
r0 = getpgrp(0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000600)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x401}, 0x11)
r2 = syz_pidfd_open(r0, 0x0)
fremovexattr(r2, &(0x7f0000000280)=@known='trusted.overlay.nlink\x00')
socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='ns\x00')
symlinkat(&(0x7f0000000200)='./file0\x00', r4, &(0x7f00000002c0)='./file2\x00')
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r3)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1b, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, 0x0, 0x20010010)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x121c02, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x0, 0x0, 0x0, 0x0, 0x10, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x32, 0x43a1bd56, 0x9, 0x5, 0x4006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r7, &(0x7f0000000100), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), r3)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="010300000100f1dbdf2526"], 0x14}}, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[], 0x54}}, 0x20040840)

5m42.0252611s ago: executing program 3 (id=111):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x6}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xf802})
r2 = socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/122, 0x6}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

5m41.655078225s ago: executing program 3 (id=115):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x240, 0x0)
write$rfkill(r1, &(0x7f00000001c0)={0x5, 0x3, 0x0, 0x1, 0x1}, 0x8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_LABELS={0x12, 0x7, "4614c334e344ae53204373dc0ddeb17f"}, @TCA_CT_ZONE={0x6, 0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x10}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$phonet_pipe(0x23, 0x5, 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r5 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r0, &(0x7f0000000040)=ANY=[], 0x32)

5m41.422179946s ago: executing program 3 (id=117):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x7d, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@errors_remount}, {@nombcache}]}, 0x1, 0x437, &(0x7f0000000900)="$eJzs289PHFUcAPDv7EKR/hBs6o/Sqmg1En9AobX24EWjiQdNTPRQjwi0wW6LKZjYhigaU4+miXfj0cS/wJNejHoy8ap306QxXFo9rZndGdhddrdAF7a6n08y8N7MW9777szbfW8eE0DPGk1/JBH7I+L3iBiqZusLjFZ/3Vpdnvl7dXkmiXL5rb+SSrmbq8szedH8dfvyTF9E4bMkjjSpd/HylfPTpdLcpSw/sXTh/YnFy1eem78wfW7u3NzFqdOnT56YfOHU1PMdiTON6+bIRwtHD7/2zrU3Zs5ce/fnb5M8/oY4OmS03cEny+UOV9ddB2rSSV8XG8KWFKvdNPor/X8oirF+8obi1U+72jhgR5XL5fIDrQ+vlIH/sSS63QKgO/Iv+nT+m2+7NPS4K9x4qToBSuO+lW3VI31RyMr0N8xvO2k0Is6s/PNVusXO3IcAAKjzfTr+ebbZ+K8QtfeF7s3WUIYj4r6IOBgRpyLiUETcH1Ep+2BEPNSskqR1/Y2LJBvHP4Xr2w5uE9Lx34vZ2lb9+C8f/cVwMcsdqMTfn5ydL80dz96TsegfSPOTber44ZXfvmh1rHb8l25p/flYMGvH9b6B+tfMTi9N30nMtW58EjHS1yz+ZG0lID19hyNiZJt1zD/9zdFWx24ffxsdWGcqfx3xVPX8r0RD/Lmk/frkxD1Rmjs+kV8VG/3y69U3W9V/R/F3QHr+9za9/tfiH05q12sXt17H1T8+bzmn2e71vyd5u27fh9NLS5cmI/Ykr1cbXbt/qqHc1Hr5NP6xY837/8FYfyeORER6ET8cEY9ExKNZ2x+LiMcj4lib+H96+Yn3thf/QJu/2hlp/LNbOv/riT3RuKd5onj+x+/qKh3ebPyRnf+TldRYtmczn3+badf2rmYAAAD47ylExP5ICuNr6UJhfLz6P/yHYm+htLC49MzZhQ8uzlafERiO/kJ+p2uo5n7oZDatz/NTDfkT2X3jL4uDlfz4zEJpttvBQ4/b16L/p/4sdrt1wI7zvBb0Lv0fepf+D71L/4fe1aT/D3ajHcDua/b9/3EX2gHsvob+b9kPeoj5P/Qu/R96l/4PPWlxMG7/kLyExIZEFO6KZkjsUKLbn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//zpS5t0=")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000200000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372000000001400"], 0xfc}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0xffffd000)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCGRDESC(r7, 0x90044802, 0x0)
timer_create(0x3, 0x0, &(0x7f0000044000))
syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})

5m40.101043362s ago: executing program 3 (id=132):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRESOCT], 0x3c}}, 0x40000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000386000/0x1000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x1828, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd1})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0x0, 0x4ea, &(0x7f0000000380)="$eJzs3VFrHF0ZAOB3Jrt+TZvPzaffRS3YFltJinaTNLYNXlQF0auCWu9rTLYhZJMtyaZtQtEUf4AgooI3euWN4A8QpD9BhILei4oi2uqFF9WR3Z2NabqbpHazq9nngdM5Z3Z23/N22JM5M8NOAEPrYkRMRkSWZdmViCjl69O8xE6rNLZ78fzxQqMkkWV3/pJEkq9rf9Y7+fJM/rZTEfGVL0Z8PXk97sbW9sp8tVpZz9tT9dXkZZZtX11enV+qLFXWZmdnbszdnLs+N92TPMcj4tbn//C9b//kC7d+8cmHv737p8lvtBJs2ZtHL7VSLzb/L9oKEbF+HMEGpNDMsOX6gPsCAMDBGsf7H4qIj0XElSjFSPNoDgAAADhJss+Mxcukdf0PAAAAOJnSiBiLJC3n9/uORZqWy617eN+P02m1tlH/RFbaPV8wHsX03nK1Mp3fOzAexaTRnsnvsW23r+1rz0bEexHx3dJos11eqFUXB3rmAwAAAIbHmX3z/7+XWvN/AAAA4IQZH3QHAAAAgGNn/g8AAAAnn/k/AAAAnGhfun27UbL2868XH2xtrtQeXF2sbKyUVzcXygu19fvlpVptqfmbfauHfV61Vrv/qVjbfDRVr2zUpza2tu+u1jbX6neXX3kENgAAANBH7114+pskInY+PZpGRJbsea0YkY3s3bjQ//4Bxyd9k41/f3z9APpvZNAdAAbGIT0Mr+KgOwAM3GHjQNebd37Z+74AAADHY+Iju9f/mwUYHvn1/yQZdEeAvnP9H4aX6/8wvIoHHQGYFMCJlx7hq/721/+z7I06BQAA9NxYsyRpOZ8HjEWalssR7zYfC1BM7i1XK9MR8cGI+HWp+E6jPdN8Z+L0AAAAAAAAAAAAAAAAAAAAAAAAAAAcUZYlkXUxursNAAAA8P8sIv1jkj//a6J0eWz/+YEPJP8oNZcR8fCHd77/aL5eX59prP/r7vr6D/L11/p99gIAAADopD1Pb8/jAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCXXjx/vNAu/Yz7589FxHin+IU41VyeimJEnP5bEoU970siYqQH8XeeRMTZTvGTRrdiPO/F/vhpRIz2Kv77MfbfxD/Tg/gwzJ42xp/Pdvr+p3Gxuez8/Svk5W11H//S3fFvpMv4926nD0xfX3Xu2c+musZ/EnGu0Hn8a8dPusS/dMQcv/bV7e1ur2U/jpjo+PcneSXWVFK4P7WxtX11eXV+qbJUWZudnbkxd3Pu+tz01L3laiX/t2OM73z05/86KP/TXeKPH5L/5SPm/89nj55/uFUt7nupGD/KsslLnff/2S7x23/7Pp7v7kZ7ol3fadX3Ov/TX52/cED+i13yP2z/Tx4x/ytf/tbvjrgpANAHG1vbK/PVamVdReXYKqPRx6DzcdA27YPYPvTnm3mo/4ld8MaVAQ5KAADAsfjPQf+gewIAAAAAAAAAAAAAAAAAAADD67CfAYse/JzY/pg7g0kVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA/w4AAP//btXLRA==")

5m39.749018837s ago: executing program 3 (id=137):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0xf2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
shutdown(r1, 0x1)

5m38.802656647s ago: executing program 32 (id=137):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0xf2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
shutdown(r1, 0x1)

33.81861011s ago: executing program 0 (id=5490):
io_setup(0x1e0, &(0x7f0000000580)=<r0=>0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
io_destroy(r0)

33.710489034s ago: executing program 0 (id=5493):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001)
r1 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80000)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140)=[r0, r0, r1], 0x3)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000280)=0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup2(r0, r3)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x12, &(0x7f00000002c0)=@raw=[@exit, @map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x20}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffff3e}, @ldst={0x0, 0x3, 0x2, 0xa, 0x3, 0x40, 0xfffffffffffffffc}], &(0x7f0000000200)='GPL\x00', 0xc, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x4, 0xb, 0xffff, 0x3}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000003c0)=[{0x1, 0x1, 0x8, 0x7}, {0x0, 0x5, 0x0, 0x5}, {0x0, 0x3, 0xb, 0x2}, {0x3, 0x3, 0x6, 0x6}, {0x40000, 0x5, 0xc, 0xb}, {0x3, 0x2, 0x3, 0xc}], 0x10, 0x17}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = gettid()
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r8, 0x545c, 0x200000000000000)
timer_create(0x0, &(0x7f0000000580)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6, 0x0, 0x5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000001c0)='afs_protocol_error\x00', r5, 0x0, 0x8}, 0x18)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @multicast1}], 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00'})
sendto$inet6(r3, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000005c0)={r2, 0x2, 0x1, "01"}, 0x9)

32.774005144s ago: executing program 0 (id=5505):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="8000"/20, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000003b7cefa05fee029d4e00000000000000"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
open_by_handle_at(r1, &(0x7f0000000080)=@shmem={0xc, 0x1, {0x20, 0x20}}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

31.799278836s ago: executing program 0 (id=5521):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001340)={&(0x7f0000000900)='kfree\x00', r3}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[])
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd3a, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
mount$9p_rdma(0x0, &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f00000000c0)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, 0x0, 0x0)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r7, 0x0, 0x9}, 0x18)
timerfd_create(0x3, 0x80800)
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0x0, 0x3)
r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r9}, 0x10)
r10 = socket$netlink(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="90", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

31.598599684s ago: executing program 0 (id=5527):
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x0, 0x2, @scatter={0x0, 0x40000, 0x0}, 0x0, 0x0, 0x800004, 0x10030, 0x1, 0x0})
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\x00\x00\b\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000380)='\\\x00')
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
write$nci(r2, &(0x7f0000000700)=ANY=[@ANYBLOB="710505cd030606018be8a1976e193c27010466dc77f0b1b54773ee6a19222755d2deac4f088f76bf3c93682f07d04b7bdccfa9d3d690cc68a8388ff2dfc30c6b960d016f65f015a1f19d83de68de15d94d698293bddfc4a2c323752cbeabab060f"], 0x61)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@deltaction={0x54, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x37}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)

30.805767538s ago: executing program 0 (id=5540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000040000000c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x24, 0x39, 0x9, 0x70bd2c, 0x0, {0x2}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\b\x00'}]}]}, 0x24}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000d80)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@uid_eq}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x58a, &(0x7f0000001380)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2zj03Oeebe8/NOfcmvQEMrKPpP7mIVyPimyRiZF1ZPrLCo6vrLT++PpU+klhZ+fT3JM5seK0k+384y7wSEb98FXEit6nafG1xabZUqZTnswVj9bkrY7XFpZOX5koz5Zny5YnJydNvT0689+47PYv1zfN/fv/JvQ9Pf31s+bufHx66ncTZOJiVpXH1oIob6zNHS/9kqUKc3bDieA8q202SfjeAHRnK+nkh0mPASAxlvR548X0ZESvAgEr0fxhQzXFAc27fo3nw/8ajD1YnQJvjz6+eG4l9jbnRgeXkqZlROt8d7UH9aR2jD+7cvvvgzu3ofB5if5c8wLbcuBkRp/L5zce/JDv+7dypxsnjzjbWMWifP9BP99LxT3IjYlP/z62Nf6LF+Ge4Rd/die79P/ewB9W0lY7/3m85/l07dI0OZbmXGmO+QnLxUqV8KiJejojjUdib5jtdzzm9fH+lXVka/91s/Jc+0vqbY8GsHQ/ze59+znSpXnqWmNd7dDPitZbj32Rt+ycttn/6fpzfYh1Hyndeb1fWPf7na+WniDdabv8nV7SSztcnxxr7w1hzr9jsj1tHfm1Xf7/jT7f/gc7xj6apteu1te3X8eO+v8rtyna6/+9JPmuk92TLrpXq9fnxiD3Jx/nhjcsnnjy3mW+un8Z//Fjr/t9p/08nX59vMf5bh2+1XbVr/H+vm6Q/5eYWa+8sjX96W9t/+4n7H33xw47jb2z/txqp49mSrRz/ttrAZ3nvAAAAAAAAYLfJRcTBSHLFtXQuVywWGmWH40CuUq3VT1ysLlyejsZvZUejkGte6R5Z932I8ez7sM38xIb8ZEQciohvh/Y38sWpamW638EDAAAAAAAAAAAAAAAAAADALjHc8vf/q2W/DfW7dcBz17ixwd5+twLoh663/O/FnZ6AXalr/wdeWNvv/84MwIvC5z8MLv0fBpf+D4Nrq/2/MPKcGwL853z+w+DS/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87lz5Wlh9fn0rz01cXF2arV09Ol2uzxbmFqeJUdf5KcaZanamUi1PVuW6vV6lWr4xPxMK1sXq5Vh+rLS5dmKsuXK5fuDRXmilfKBf8sWEAAAAAAAAAAAAAAAAAAADYpLa4NFuqVMrzEm0TZ6KXL5jsvnf+TNakHT09v1uikOhpoo8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY4N8AAAD//8gIM7I=")
r3 = socket$kcm(0xa, 0x2, 0x88)
r4 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400008"], 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x890b, &(0x7f0000000000))
sendmsg$inet(r3, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x6, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @multicast1}}}], 0x20}, 0x8000)
sendmsg$inet(r3, &(0x7f0000000880)={0x0, 0x1100, &(0x7f0000000040)=[{&(0x7f00000015c0)="2d544357ed4dfc32a9827a7c49ea9fb18e68be4131dd89821b2f0732a1ee74bb9f20c9fefe2105f4fa9b415212d4d179f13c522d61724d3aae414f27353a0c0f05ead2bcb8d77393edd05b854e95b3e67c472e054e55f5192b7b1dc09f73713a605bbf7f94b392f7d89ad250b9f9f93ff0ff6f837881cbabab18fb6f0a9626d03a8142839bb017b634029982fa31a6633bac5d26af28006ec8c317c20e7a1a1e0af1cf88a0a8a47b3b911bfd0cb280b6bed2c7c6e0a0159255ea25130d1f54d67369b7bbabd1e86acc8a74dbb56b66750ee5bea872b111d2c173dfe97caf5c572586cb9293f8ad83c2a167fc3f96a7f8bc2ff0daad91bd395616818650d24d9e4c17451b31cddd859b9f6a8dba0466cab7f6f7d797af7067920283efd585b38bcac4bad0077faaf0dcbb53ba7d5e339e2b05acb86dd7c056b816e0a307e61b0a92d41694da807ef729007cbe987a605e7e28c72b929a408339a9f296142aa472444f9aebe545a4961e3df6b7c12a305846f36f05a963bca674edbcb62592201e93846cf88d656ecb546a2627e4a0536c0aa3815546533427810453c441b2ae1cfa56c0816b834dbee7235e2b8ce81b67551045736b5b6f15af6c18a3df2aa31207fb27875d3bebca34406d2612e4647fec228c856478abdd9ccae237e0a6199d14fc3b5088df36e0a6219ccc6a5a396c6d6fc91ad7c0d2deaad2fdaaf40d1ab6d08054cdc0c7c3c732b59ecd2ceb3ab3c09104b00542aa61d0ef5dcaf7d63095bbebc874b5bc01305871d0b012b25c19245ae0bdf40fda548df61eacf8877eb9df8e4c0f96eafd9483179edc41999c92c8dc535b2b21190d0023ea416ae8598eb2c280b4798ecce906b3253c80b4dc33db0391cbc96fc8c0c6266f97a535e6cf780ff26d26af57b742b53fcf8bf70c115ae6b1ce6bda9f1d0ca4925c61f0af5857dd5f392cb9e621f8dc89a259f5992a64295c0fd6609d793905e4fe9efd227bc3158fda26fd5248af82bcd19dd86a9311767f9f0929e697e230b078bc39b59f002ea627367b2fdfe0354ddc688609554a7222eb78894dffa4bee3ab468578435d3cf86ac37b3b0e6fc6d00a5c74c3d9889847346dd65918b158c9acec81c1ae1c784cb082eeac76eb45cb13365d4b3e7a7a933a25c68ec3a4375b4c5f6e09819fefec73b5a2939cf5f5f25e429f7f3be8d069f9a0532353aa049defaf8f37e8aa0df8852909a7b4ac6ab0a446d1b31185aa991764eaf55feb89a2fac2333fa7f795d3994b7360a57c19e0ecf6d9d411d524c86045e70610cd225846b5a7019ee6717a8c4ee9d2c81d89622ad6c24f2e801e09f1d46c3d20cbeb729eccfe67de7afe1441557bf6bbb72fbca528ce55696f321a393de3a4c6356b39e164bdf7fe187e6e0c0478f53b02095795180fa6bf428184ec7b6aa3b0e434f98e8f16a304ac0bf48d6ec647352303e96f9361edcd54a2b063c53290eb7a8869b0350086cad5b020a47059a08e591f7edc905100add1a9feb0292ecc4841ce7cacba50fb603ab6ca1b195ca735e44003c6a698da76f1690ac43388813d6ff39fe76b5d5550bb3d9d2ac1641b550949d2cadae942f879afbefdc7d36a77a40a35a87a76676efc4d1f4fd4661b4ed0bc3ab5ad1e4d6301d853c8a825c8ed9b9bc6d8747492b3a021345e4a437b89276bfe9ae05239ca7b39cda6ad67f7d2ec07cbcd132f5002f001d28280a05643d3f127f352a93143e10ccadeb11e3cbce226c761da0f9ece7862a041e8959ae67c743bc4d870cf52e4ca4cdae7a39501df9465b985c768fe9ca2bab1a6618c9b8d6dd653832941072d081acbee0c40813b0701886db6ddb0e3e37dd761177a3f6d365a0788a0949840544f29cd57f183be09973a1545f101dc78d0342b580eac7d8eabe532c3a645d25da143a5675c4cf3c7eb4a4b1fdc38b3e9d3cd3f6f96", 0x567}], 0x1}, 0x0)

30.7596567s ago: executing program 33 (id=5540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000040000000c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x24, 0x39, 0x9, 0x70bd2c, 0x0, {0x2}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\b\x00'}]}]}, 0x24}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000d80)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@uid_eq}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x58a, &(0x7f0000001380)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2zj03Oeebe8/NOfcmvQEMrKPpP7mIVyPimyRiZF1ZPrLCo6vrLT++PpU+klhZ+fT3JM5seK0k+384y7wSEb98FXEit6nafG1xabZUqZTnswVj9bkrY7XFpZOX5koz5Zny5YnJydNvT0689+47PYv1zfN/fv/JvQ9Pf31s+bufHx66ncTZOJiVpXH1oIob6zNHS/9kqUKc3bDieA8q202SfjeAHRnK+nkh0mPASAxlvR548X0ZESvAgEr0fxhQzXFAc27fo3nw/8ajD1YnQJvjz6+eG4l9jbnRgeXkqZlROt8d7UH9aR2jD+7cvvvgzu3ofB5if5c8wLbcuBkRp/L5zce/JDv+7dypxsnjzjbWMWifP9BP99LxT3IjYlP/z62Nf6LF+Ge4Rd/die79P/ewB9W0lY7/3m85/l07dI0OZbmXGmO+QnLxUqV8KiJejojjUdib5jtdzzm9fH+lXVka/91s/Jc+0vqbY8GsHQ/ze59+znSpXnqWmNd7dDPitZbj32Rt+ycttn/6fpzfYh1Hyndeb1fWPf7na+WniDdabv8nV7SSztcnxxr7w1hzr9jsj1tHfm1Xf7/jT7f/gc7xj6apteu1te3X8eO+v8rtyna6/+9JPmuk92TLrpXq9fnxiD3Jx/nhjcsnnjy3mW+un8Z//Fjr/t9p/08nX59vMf5bh2+1XbVr/H+vm6Q/5eYWa+8sjX96W9t/+4n7H33xw47jb2z/txqp49mSrRz/ttrAZ3nvAAAAAAAAYLfJRcTBSHLFtXQuVywWGmWH40CuUq3VT1ysLlyejsZvZUejkGte6R5Z932I8ez7sM38xIb8ZEQciohvh/Y38sWpamW638EDAAAAAAAAAAAAAAAAAADALjHc8vf/q2W/DfW7dcBz17ixwd5+twLoh663/O/FnZ6AXalr/wdeWNvv/84MwIvC5z8MLv0fBpf+D4Nrq/2/MPKcGwL853z+w+DS/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87lz5Wlh9fn0rz01cXF2arV09Ol2uzxbmFqeJUdf5KcaZanamUi1PVuW6vV6lWr4xPxMK1sXq5Vh+rLS5dmKsuXK5fuDRXmilfKBf8sWEAAAAAAAAAAAAAAAAAAADYpLa4NFuqVMrzEm0TZ6KXL5jsvnf+TNakHT09v1uikOhpoo8HJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY4N8AAAD//8gIM7I=")
r3 = socket$kcm(0xa, 0x2, 0x88)
r4 = socket$kcm(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400008"], 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x890b, &(0x7f0000000000))
sendmsg$inet(r3, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x6, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @multicast1}}}], 0x20}, 0x8000)
sendmsg$inet(r3, &(0x7f0000000880)={0x0, 0x1100, &(0x7f0000000040)=[{&(0x7f00000015c0)="2d544357ed4dfc32a9827a7c49ea9fb18e68be4131dd89821b2f0732a1ee74bb9f20c9fefe2105f4fa9b415212d4d179f13c522d61724d3aae414f27353a0c0f05ead2bcb8d77393edd05b854e95b3e67c472e054e55f5192b7b1dc09f73713a605bbf7f94b392f7d89ad250b9f9f93ff0ff6f837881cbabab18fb6f0a9626d03a8142839bb017b634029982fa31a6633bac5d26af28006ec8c317c20e7a1a1e0af1cf88a0a8a47b3b911bfd0cb280b6bed2c7c6e0a0159255ea25130d1f54d67369b7bbabd1e86acc8a74dbb56b66750ee5bea872b111d2c173dfe97caf5c572586cb9293f8ad83c2a167fc3f96a7f8bc2ff0daad91bd395616818650d24d9e4c17451b31cddd859b9f6a8dba0466cab7f6f7d797af7067920283efd585b38bcac4bad0077faaf0dcbb53ba7d5e339e2b05acb86dd7c056b816e0a307e61b0a92d41694da807ef729007cbe987a605e7e28c72b929a408339a9f296142aa472444f9aebe545a4961e3df6b7c12a305846f36f05a963bca674edbcb62592201e93846cf88d656ecb546a2627e4a0536c0aa3815546533427810453c441b2ae1cfa56c0816b834dbee7235e2b8ce81b67551045736b5b6f15af6c18a3df2aa31207fb27875d3bebca34406d2612e4647fec228c856478abdd9ccae237e0a6199d14fc3b5088df36e0a6219ccc6a5a396c6d6fc91ad7c0d2deaad2fdaaf40d1ab6d08054cdc0c7c3c732b59ecd2ceb3ab3c09104b00542aa61d0ef5dcaf7d63095bbebc874b5bc01305871d0b012b25c19245ae0bdf40fda548df61eacf8877eb9df8e4c0f96eafd9483179edc41999c92c8dc535b2b21190d0023ea416ae8598eb2c280b4798ecce906b3253c80b4dc33db0391cbc96fc8c0c6266f97a535e6cf780ff26d26af57b742b53fcf8bf70c115ae6b1ce6bda9f1d0ca4925c61f0af5857dd5f392cb9e621f8dc89a259f5992a64295c0fd6609d793905e4fe9efd227bc3158fda26fd5248af82bcd19dd86a9311767f9f0929e697e230b078bc39b59f002ea627367b2fdfe0354ddc688609554a7222eb78894dffa4bee3ab468578435d3cf86ac37b3b0e6fc6d00a5c74c3d9889847346dd65918b158c9acec81c1ae1c784cb082eeac76eb45cb13365d4b3e7a7a933a25c68ec3a4375b4c5f6e09819fefec73b5a2939cf5f5f25e429f7f3be8d069f9a0532353aa049defaf8f37e8aa0df8852909a7b4ac6ab0a446d1b31185aa991764eaf55feb89a2fac2333fa7f795d3994b7360a57c19e0ecf6d9d411d524c86045e70610cd225846b5a7019ee6717a8c4ee9d2c81d89622ad6c24f2e801e09f1d46c3d20cbeb729eccfe67de7afe1441557bf6bbb72fbca528ce55696f321a393de3a4c6356b39e164bdf7fe187e6e0c0478f53b02095795180fa6bf428184ec7b6aa3b0e434f98e8f16a304ac0bf48d6ec647352303e96f9361edcd54a2b063c53290eb7a8869b0350086cad5b020a47059a08e591f7edc905100add1a9feb0292ecc4841ce7cacba50fb603ab6ca1b195ca735e44003c6a698da76f1690ac43388813d6ff39fe76b5d5550bb3d9d2ac1641b550949d2cadae942f879afbefdc7d36a77a40a35a87a76676efc4d1f4fd4661b4ed0bc3ab5ad1e4d6301d853c8a825c8ed9b9bc6d8747492b3a021345e4a437b89276bfe9ae05239ca7b39cda6ad67f7d2ec07cbcd132f5002f001d28280a05643d3f127f352a93143e10ccadeb11e3cbce226c761da0f9ece7862a041e8959ae67c743bc4d870cf52e4ca4cdae7a39501df9465b985c768fe9ca2bab1a6618c9b8d6dd653832941072d081acbee0c40813b0701886db6ddb0e3e37dd761177a3f6d365a0788a0949840544f29cd57f183be09973a1545f101dc78d0342b580eac7d8eabe532c3a645d25da143a5675c4cf3c7eb4a4b1fdc38b3e9d3cd3f6f96", 0x567}], 0x1}, 0x0)

1.707976838s ago: executing program 2 (id=5987):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa15, &(0x7f00000002c0)="$eJzs3c1vHOd9B/DvrEiJog1VtlVXFWxrJUM2bbMUSdUSBB9qiVxKdPlSkBRgoS0sw5IKQURd2C1gGz3IQNFTjBhBECDJJfAxJwPOIb4EuiXHnHIIkPg/CIxcohwCBju7lJbkvog0RSrK57MYzdvveduZnUe73J0n/CVbWVkppy2uX/rxTlaWh8/5ya8++/yT+vTxrezNnrxa/DQZSFJN+v5Univ9E5ML87M9MrqZXElyOymS7Etj3sH+NWtXUnw7j99bv53ihzncJtnAJhtHTyv8Vdvt8w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5KE5Ojo2NFZqbnLr1Z7awcArzL/tXsvixH/S6+7FVskRT1KQMDq0N9Hz50b/fT9X+O55nG2jONkb8H8tFjTx987am+ymr6LhXaEe9/+NHNt5eXr713b1N/28C+Zrvqy/t2rHr3b+/Wkl2ozU0vzk/PnrtQq04vzlfPnj49evLi1GJ1ajq1xcuLS7XZ6sRC7dzS/EJ1aOKl6tjZs6eqtZHL85fmLkyOzNRWN575h/HR0dPVN0b+pXZuYXF+7uQbI4sTF6dnZqbnLpQx9d31mDP1E/Gfp5eqS7Vzs9Xq9RvL1071qmQ9aKztnmJt0HivnMZHx8fHxsbHx06/evbVM6OjfRs2jK6TDRG7f9Kye36yrddu+IYqzf4/M5nOXC7lzVTbPiYymYXMZ7bD/qbV/v/EyVrXclv7/9Ve/vC93UdS9v/PNdae69T/d6hL78fKSiPnraZffbyfD/NRbubtLGc51/LeN85xw+OP25RP9Zu3duPjQmqZy3QWM5/pzOZcuaXa3FLN2ZzO6YzmrVzMVBZTzVSmM5NaFnM5i1lKrTyjJrKQWs5lKfNZSDVDmchLqWYsZ3M2p1JNLSO5nPlcylwuZDLnylyu50b5vJ/qUse7QWP3EzTeJWib+/+Vh/F/gjxo234Nh61aafb/ezsGrKwuDU3sWK0AAACA7fT3v8iBQ0/+/DdJf54tP5efmp6pje52tQAAAIBtVH5d75n6rL++9GwK7/8BAADgUVOUv7ErkgzmaGOp8UuoPfEhAAAAADwiyr//P1efDdaXjqa4eyeUK7tdNwAAAGB79L7Hfs+IYnj19r/Vq4351WZE8z6/g1PTM7WRifmZ18byQnmXgfKXBhty25MU/eXPD17OsUbUscHGfHBtjgP1qLGR18byco43GzL0fH32/FCbyPFG5IuNyBe7RJ6qRwLAo+54l/74fvv/lzPciBg+0rc3Sd+RNj3rqJ4VAB4WvcfY6RlR/OO99//9zWzX9P9P5vofGl8pGMk7eTfLuZrh8tcG5TcO1uT6b582PzO4+zWE0Qz3+DRgNfaXZyoZ7vF5wGDLQC/DPT4RaMTm35NTD/5AAMAOOt6hH95M/z/c8v4/G9//3x1a6JqfFALAQ+HuCPYPcGG32wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgO23rXf7H9hi8t82x/V7sMMQbFjY33wOtp7Pd5LsXJ2LbS6rsg35rCTZqeO1cws5mGz5WW17Gu9Nsvvt6rnQ13xJ3Hx7ebeuSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOykItnTbnsl2ZdkNMnJna/Vg3Nrtyuw8/6pdaW4kzv5IAd2rzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+m5v3/K2nMH2tsSl8lOZHkSpJ/3e06bqc7u12BbbJ/i+la7v9fP+ZZKdLXOOwp+icmF+Zn64e/HPuh8tVnn39Sn1qS77vfcsrAyrrBJZolrI/90eOrS0+UqQYnr71/87/f/a/q5PlUsjfnl6ZmJmcvLLx+L8nTxRdJNY1p1Wp9//fEzz5t0/Iv6i1tb325U+WTM7mx3L9rl7p7ud3cWL42Xi9pqfbm0v/8540PWnY9mWPJ80PJ0NqS/qM+dSjpWPq7lVZ8Xfx/cSDfy5Xy+NefjWKlqB+ivynbv//6jeVrI++8u3y1Q50O5miSq8lA9zp93LL7aHk9aas86yr99VJHy6D6P4d6tLGrlhzHOrThifKUGWy2YW/HNrSqdm5DqeV5r7Tb36jRqQ41eiovtDnSK/uSzjV6ofuRbq/4uvh1cTG/yv+1jP9RqR//E+n86lybRRnZcqZ0jKw0IsuWj7fueGt95O++f1+1bztMDZv1rTUv3krL9b95rLbperRSdL0etZS4udfFuhLXnRVdXhdlj3RoXYrm1adTmmY9DzWiOtTzb/NK0nek21VxQ2/9So8ryt30r7ffvdXX/w+Kofw+t4z/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPyKZE+77ZXkRJKDq+vVZGUT2e7rtKMyWGy2itvq1t1/HgmVzSYo7uROPsiBB1MdAAAAAAAAAHba+cmvPvv8k/pU7G9uav59v5r0JTlYfHd/JhfmZ3tk1J9cSXK7vjzQZn+XP/fX0+Xxe+u362uHN9sSAOB+/TkAAP//mWBg/A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000080)=@shmem={0xc, 0x1, {0x20, 0x20}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)

1.66229805s ago: executing program 2 (id=5988):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000240)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000f00030001332564aaee7b1d58b9a64411f6bbf44d", 0x39}], 0x1)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x4}, 0x18)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0xfffffffc, 0xfbff, {0x0, 0x0, 0x0, r6, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_EMATCHES={0x10, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x20040054)

1.525440766s ago: executing program 2 (id=5992):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x14, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}}, 0x14}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000003800)=@newtaction={0x48, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

1.480935667s ago: executing program 2 (id=5993):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x4001)
r1 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80000)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000140)=[r0, r0, r1], 0x3)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000280)=0x8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup2(r0, r3)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x12, &(0x7f00000002c0)=@raw=[@exit, @map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x20}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffff3e}, @ldst={0x0, 0x3, 0x2, 0xa, 0x3, 0x40, 0xfffffffffffffffc}], &(0x7f0000000200)='GPL\x00', 0xc, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0xb, 0xffff, 0x3}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f00000003c0)=[{0x1, 0x1, 0x8, 0x7}, {0x0, 0x5, 0x0, 0x5}, {0x3, 0x3, 0x6, 0x6}, {0x40000, 0x5, 0xc, 0xb}], 0x10, 0x17}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = gettid()
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r8, 0x545c, 0x200000000000000)
timer_create(0x0, &(0x7f0000000580)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6, 0x0, 0x5}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000001c0)='afs_protocol_error\x00', r5, 0x0, 0x8}, 0x18)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @multicast1}], 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00'})
sendto$inet6(r3, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f00000005c0)={r2, 0x2, 0x1, "01"}, 0x9)

1.432058069s ago: executing program 1 (id=5994):
r0 = socket$kcm(0xa, 0x5, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)={r1})
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r1})

1.40515908s ago: executing program 1 (id=5995):
r0 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x20000000)

1.404588021s ago: executing program 1 (id=5996):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x400200, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000400)={'macvlan0\x00', 0x2000})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fsmount(0xffffffffffffffff, 0x0, 0x1)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c757466383d302c636865636b3d7374726963742c646973636172642c757466383d312c757466383d312c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c757466383d312c00ef5c3556"], 0xfd, 0x2a8, &(0x7f0000000280)="$eJzs3E9rE08YwPGnaZOmKW1y+PEDBfFBL3pZ2vgKgrQgBpTaiHoQpnajIWtSsjESEdubV19H8ehNsL6BXrx5Fy9FELz0IF3pbrfZ1qW2te3W5vuBstOdeTKzfxKeXZhZu/fmab3qWlXTllRWJSXZJVkXKUhKQgNb25RfzkjUklwd/fH5wp37D26WyuWpGdXp0uy1oqqOX/zw/OXbSx/bo3ffjb8fltXCw7XvxS+r/6+eW9uYDT+92Vajc81m28w5ts7X3LqletuxjWtrreHarR31Vae5sNBV05gfyy20bNdV0+hq3e5qu6ntVlfNY1NrqGVZOpaTOJnYvWfD4IEjKsszM6Z0LINBEkbidrZaJTMYW1lZPolBAQCA0+X3/F9OJP9/UnO15mrjT/l/So42/0eUn/9vxCaNOBvSmw8AJZPb+v7uRP4PAAAAAAAAAAAAAAAAAAAAAMC/YN3z8p7n5cNt+DcsIlkRCf9Pepw4Hoe4/gMJDhdHLDJxLyvivO5UOpVgG9SXqlITR2yZSPtzibxtQXn6RnlqQn0FWXEWt+L9SYLDYXyoEB8/GcRrJH6xU0lLLtp/UfLyX3x8cVd8WkQ6lYxcuRyJtyQvnx5JUxyZ9+/rXvyrSdXrt8q7+h/x2wEAAAAAcBZYuq2w8/k3WE3SsjRcNmRXfbCz935A8vJzz/cDKisZ6cUPyfmh5I4bAAAAAIB+4nZf1I3j2K1+LozIwaP68dRZ2eCm2bOx53mLm43+vtOUiCR0pN9E5BSc8KMufH0WXMD9NE7yVwkAAADAcegl/UmPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/rXfxcPC9odZeyzS3WAyRwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcDr8CAAD//4DOGY4=")
mknod$loop(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0xa, 0x300)
r3 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
read(r3, &(0x7f0000000280)=""/226, 0xe2)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000100)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@nombcache}, {@resgid}, {@minixdf}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xfe, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
unshare(0x20040600)
r6 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r6, 0x114, 0x5, &(0x7f0000019440)=""/102400, &(0x7f00000000c0)=0x19000)
ioctl$MON_IOCX_MFETCH(r5, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000002480)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRESDEC], 0x48)

1.231770198s ago: executing program 1 (id=6003):
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000000000), 0xa5023fff)
clock_gettime(0x3, &(0x7f0000000b00))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
r1 = shmget$private(0x0, 0x4000, 0x2, &(0x7f0000ffc000/0x4000)=nil)
r2 = shmat(r1, &(0x7f0000ffc000/0x4000)=nil, 0xc000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x8020)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce8102038700fe08000e40000200875a65969ff57b00ff020000000000000000000000000001"], 0xfdef)
execveat(r4, &(0x7f0000000740)='./file0/file0\x00', &(0x7f0000000800)={[&(0x7f0000000780)='/-!*\x00', &(0x7f00000007c0)='\'.&b@\\)\x00']}, &(0x7f0000000a40)={[&(0x7f0000000880)='sys_enter\x00', &(0x7f00000008c0)='F+\'\xd9.$#[\x00', &(0x7f0000000900)='\x00', &(0x7f0000000940)='GPL\x00', &(0x7f0000000980)='GPL\x00', &(0x7f00000009c0)='\x00', &(0x7f0000000a00)='GPL\x00']}, 0x400)
shmdt(r2)
r5 = getpid()
socket(0xb, 0x402, 0x3b)
r6 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000240)={0x1, 0x1, 0x5b, 0x7})
mq_timedsend(r6, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r6, 0x0, 0x0, 0x9, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000005980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {r5}}}], 0x38, 0x800}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@rights={{0x14, 0x1, 0x1, [r8]}}], 0x18, 0x40810}}], 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0, {0xa, 0x0, 0x4, @local, 0x5b}}}, 0x80, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1, 0x9d}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/power/pm_freeze_timeout', 0x20042, 0xe2)
write$tcp_mem(r9, &(0x7f0000000a80)={0x8000000000000002, 0x20, 0x7, 0x20, 0x2}, 0x48)
r10 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r10, 0x84, 0x9, &(0x7f0000000380), 0x98)
recvmsg(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="df7d0a6550792e11dae60f13707ca9231b02f185f663baee89329c2ec88ccf7ce5e6137727d83cb5f38b3ab74c108589b726cf4aae507b166820a6678438fbd1aed4dc07901b7f1fbcbc21f95091b492d90f5fecf20aefc31db87dcd647325ad161f213d3c25f690ab97920ad8030166c334eb345dfa9bca2f5cf43ef4cf864d2a53e2666ccaa797fb252b538e24e0b218ef5fcb9fdc5c76f1bcefe2c0011607d12e9a5d8fc244327a00045e2bea6f41abcd7a060a04714699868a5f37d53f8a84676f6fc92263cfc654bf3b8e42febbf2aa9cafd5b11fc43826ab437b5df596802a8cc061d6384338a2b659b3", 0xed}, {&(0x7f0000000100)="55e55f621ebad6c45caab65017b73f52cc4385a51ee7e647d268958da1be141b42fb6dfd4ef18bb1c73c36b8e13b85ccf83bde72b3796e68bf6d84ffed65cfc184fc72", 0x43}, {&(0x7f0000000240)="be643e1b9a9b8309269e26ccabc7c8eb53289b2accac84759b609052a627068f066fb939c8820708fe474317413616b11619d20776277afbf86b8e1772ac38ef62a7421a83d540074521c27365813800258d9627906f2cd58f284c1d41a9b20f8f5bee05685ccd5342365edf3c32a5406b8826b77102a157f797bf3bdfe25c34559a40fbb609feb9b35dd4268437b0b764fec48639c2c197dcfedd7e99a63fb1", 0xa0}, {&(0x7f0000000300)="933c9d544a649f91747d916a58958e2f8e2d69b6d4912fff767f01486edf37b66622863fa2c461853e4959cca0f08970e4b793b26e57801ebba8795c6906ba0887b1ff960c7971e7a658fcba6d423a5cec5b68ad42a821f264eb21c414aa063670ec8d1e966e0f758de3bf1c4e821b8c37fe896796ea82a074397af0ffd072ed35dac821f9627bdd9bb7f6a034a1e0", 0x8f}, {&(0x7f00000003c0)="38feb12b1a4a349d3899d1a0a04b6f363eb44978dd52a18e998575a455327dd2cfe6c690fc4791bd14d2b4178dad3c8e15a728a73efd2925d2c4312e4b1810feb8ee82e51b45becb2e3d940388", 0x4d}], 0x5, &(0x7f00000004c0)=[{0x48, 0x107, 0x3373b814, "d3058f0d00207691bf5be2314b82945ab8c52d9248e40751c0e40671e64811b1bbe6cbc234fd7d8ff1401c6ec7ce864b1e"}, {0xa0, 0x3a, 0x10, "a15a38bbc44e71aee4702fff44535d3de78910fa44ee68f1f9dbe78e2b729cc038cc0fc8c2404295c86c1b84552daed9317a60072fd6c5a3d9294c7f254cf7fd57e3a9edcaa0a9ebd9c4f5d5ef0179f212dec643871541a7e9b6c5251a5761d746a2db82c37b873614a5774b9806e82be5681c8d812e74847e245628a750b10739600dd06f24a3840bfcdac5"}], 0xe8}, 0x4080)
r11 = openat2$dir(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000640)={0x4400, 0x0, 0x3}, 0x18)
utimensat(r11, &(0x7f0000000680)='./file0\x00', &(0x7f0000000700)={{0x77359400}}, 0x100)

718.29444ms ago: executing program 6 (id=6019):
r0 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000680)={0xa, 0x4e24, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffff}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
nanosleep(0x0, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xf96d, 0x3010, 0x4, 0xe6}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x41c0573993bb06d7, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0, 0x24040007})
prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
openat$cgroup_int(r5, &(0x7f0000000000)='io.max\x00', 0x2, 0x0)
r6 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000005c0)={&(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x1, {{0x41, 0x4}, 0x24}}, 0x80, 0x0}, 0xc0400c0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1d, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8)

676.494722ms ago: executing program 6 (id=6022):
r0 = memfd_secret(0x80000)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x52, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000480)="89e7ee2c78dad9b4b473e4c988cafb0c7d1b1403bb91be0e49e20600000000000000074d53031a741e59ce9161166be63370ed0cec74053630accc", 0x3b}], 0x1)

630.847184ms ago: executing program 6 (id=6023):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x7}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0xa0100) (async)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) (async)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x465c, 0x800, 0x3, 0x287}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0})
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0xf5)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001600)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

628.843234ms ago: executing program 2 (id=6024):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0xf0, 0xa)

600.807414ms ago: executing program 2 (id=6025):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=any,cache=m'])
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffe, 0x9, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
syz_open_pts(r0, 0x900)
read(0xffffffffffffffff, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(0xffffffffffffffff, &(0x7f0000002d40)=""/4104, 0x1008)

569.648636ms ago: executing program 6 (id=6027):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r2}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010026bd70000000000021040000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r4, 0x0)
r5 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x9, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x518, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0xed}, 0x4c58, 0xd, 0x0, 0x0, 0x8, 0x4ac, 0xb, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x11, r5, 0xc266c000)

568.834696ms ago: executing program 5 (id=6028):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=any,cache=m'])
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffe, 0x9, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(r0, 0x900)
r4 = dup3(r3, r0, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)

440.200272ms ago: executing program 6 (id=6029):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x400200, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000400)={'macvlan0\x00', 0x2000})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fsmount(0xffffffffffffffff, 0x0, 0x1)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c757466383d302c636865636b3d7374726963742c646973636172642c757466383d312c757466383d312c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c757466383d312c00ef5c3556"], 0xfd, 0x2a8, &(0x7f0000000280)="$eJzs3E9rE08YwPGnaZOmKW1y+PEDBfFBL3pZ2vgKgrQgBpTaiHoQpnajIWtSsjESEdubV19H8ehNsL6BXrx5Fy9FELz0IF3pbrfZ1qW2te3W5vuBstOdeTKzfxKeXZhZu/fmab3qWlXTllRWJSXZJVkXKUhKQgNb25RfzkjUklwd/fH5wp37D26WyuWpGdXp0uy1oqqOX/zw/OXbSx/bo3ffjb8fltXCw7XvxS+r/6+eW9uYDT+92Vajc81m28w5ts7X3LqletuxjWtrreHarR31Vae5sNBV05gfyy20bNdV0+hq3e5qu6ntVlfNY1NrqGVZOpaTOJnYvWfD4IEjKsszM6Z0LINBEkbidrZaJTMYW1lZPolBAQCA0+X3/F9OJP9/UnO15mrjT/l/So42/0eUn/9vxCaNOBvSmw8AJZPb+v7uRP4PAAAAAAAAAAAAAAAAAAAAAMC/YN3z8p7n5cNt+DcsIlkRCf9Pepw4Hoe4/gMJDhdHLDJxLyvivO5UOpVgG9SXqlITR2yZSPtzibxtQXn6RnlqQn0FWXEWt+L9SYLDYXyoEB8/GcRrJH6xU0lLLtp/UfLyX3x8cVd8WkQ6lYxcuRyJtyQvnx5JUxyZ9+/rXvyrSdXrt8q7+h/x2wEAAAAAcBZYuq2w8/k3WE3SsjRcNmRXfbCz935A8vJzz/cDKisZ6cUPyfmh5I4bAAAAAIB+4nZf1I3j2K1+LozIwaP68dRZ2eCm2bOx53mLm43+vtOUiCR0pN9E5BSc8KMufH0WXMD9NE7yVwkAAADAcegl/UmPBAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/rXfxcPC9odZeyzS3WAyRwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcDr8CAAD//4DOGY4=")
mknod$loop(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0xa, 0x300)
r3 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
read(r3, &(0x7f0000000280)=""/226, 0xe2)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000100)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@nombcache}, {@resgid}, {@minixdf}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xfe, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
unshare(0x20040600)
r6 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r6, 0x114, 0x5, &(0x7f0000019440)=""/102400, &(0x7f00000000c0)=0x19000)
ioctl$MON_IOCX_MFETCH(r5, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})

350.143676ms ago: executing program 1 (id=6030):
r0 = memfd_secret(0x80000)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x52, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000480)="89e7ee2c78dad9b4b473e4c988cafb0c7d1b1403bb91be0e49e20600000000000000074d53031a741e59ce9161166be63370ed0cec74053630accc", 0x3b}], 0x1)

244.16665ms ago: executing program 4 (id=6031):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, 0x0, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xfffffffffffff001}, 0x18)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r1, 0x0, 0x0)

226.777891ms ago: executing program 4 (id=6032):
r0 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000680)={0xa, 0x4e24, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffff}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
nanosleep(0x0, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xf96d, 0x3010, 0x4, 0xe6}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x41c0573993bb06d7, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0, 0x24040007})
prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x498, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x1d, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f8)

205.911171ms ago: executing program 4 (id=6033):
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x0, 0x2, @scatter={0x0, 0x40000, 0x0}, 0x0, 0x0, 0x800004, 0x10030, 0x1, 0x0})
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='\x00\x00\b\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_NAME(0xf, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nfc(0x0, r3)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd7000fcdbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
write$nci(r2, &(0x7f0000000700)=ANY=[@ANYBLOB="710505cd030606018be8a1976e193c27010466dc77f0b1b54773ee6a19222755d2deac4f088f76bf3c93682f07d04b7bdccfa9d3d690cc68a8388ff2dfc30c6b960d016f65f015a1f19d83de68de15d94d698293bddfc4a2c323752cbeabab060f"], 0x61)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@deltaction={0x54, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x37}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)

193.511812ms ago: executing program 1 (id=6034):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=any,cache=m'])
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffe, 0x9, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(r0, 0x900)
r4 = dup3(r3, r0, 0x80000)
read(r4, &(0x7f00000000c0)=""/226, 0xe2)

180.681353ms ago: executing program 4 (id=6035):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = dup(r0)
ioctl$KDSETLED(r1, 0x891e, 0xb41)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
mount$9p_fd(0x0, 0x0, 0x0, 0x4, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0xf5ff, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
wait4(0x0, 0x0, 0x40000000, 0x0)
shmctl$IPC_RMID(0x0, 0x0)

180.106133ms ago: executing program 5 (id=6036):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f00000000c0)=[{0x0}], 0x1, 0xf0, 0xa)

124.689375ms ago: executing program 5 (id=6037):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x8, 0x18, &(0x7f0000000b80)=ANY=[], &(0x7f0000000a80)='syzkaller\x00', 0x1, 0xffffffffffffffd6, 0x0, 0x40f00, 0x79, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f0000000640)=ANY=[@ANYRESDEC=r2], &(0x7f0000000280)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x2}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0100000004000000e2bd2d5672a6a45db6d80f92fb01e8b28c598c051598b8e86313a47100da1deb9cbb4e7a54195ec56dd78fe0a1e488aee36a3526e5b5d929bdd5c6075d8585b3f99d2471797626db3ad58fc9e44f62991e5044c902a1fdd284b825b73564570d733b627b783de32d6bfeb4d96f1a4f000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES16, @ANYRES8=r5, @ANYBLOB="03000000000000000000000800000021ca000000000000000000be156410c06583d100000000000004000000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0xc, &(0x7f0000000540)=ANY=[@ANYRES32=r1, @ANYRESOCT=r6, @ANYRES8=r4, @ANYRES64=<r8=>r6], &(0x7f0000000180)='GPL\x00', 0x10000401, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r9 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340)="46116f03e4559c1f593e8ac50dc51ac88675c565004c4a79660c5badb104c610dfc2c36d42312f6499d0d7db231e8be163440cc3fd31ecfdc2cd285450dd36e016add9a12598004bbab545102511772e28a61f331c361b65202dd8b5e0231cd39470a0ad8ca523aee1d9f207c0f91362cd8bdf23c538dac0a9bace100913c92fd226ea46cf2c677443dd0c00942dd3a198873a5547114f51c87fb0e2c3e290a40371887230b78dd25904adef7fd8c1bfa25592520252a38bfc5731e68d66bf0f0fbeecc24c321eba14e0c359ae6a579b5b81f0ed96f9ab35219780cf03", 0xdd, 0xfffffffffffffffc)
add_key(&(0x7f00000009c0)='dns_resolver\x00', &(0x7f0000000a00)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r9, 0xfffffffffffffffa, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'macvlan0\x00', <r11=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r12}, 0x10)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0)
sendmsg$NFT_BATCH(r13, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="14000000100001f500000000000000000100000a14000000020a497f75241d4e1deb00000500000614000000110001"], 0x3c}, 0x1, 0x0, 0x0, 0x2004c040}, 0xc050)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c0000001000030500000012fddbdf250000000031ace2f40f487556d3f4c6682425b03f29ff107be2ebd3a8f149425693cb", @ANYRES8=r7, @ANYBLOB="c088010000000000240012800c004eff95f37a1c216c9261650002800800010010000000080003000100000008000500", @ANYRES32=r11, @ANYBLOB], 0x4c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r14 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bf544c649c4fa1c8e40000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r14, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000b00)='f2fs_destroy_extent_tree\x00', r7, 0x0, 0x1}, 0xfffffffffffffee5)

123.772815ms ago: executing program 4 (id=6038):
r0 = memfd_secret(0x80000)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x52, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r2, &(0x7f0000000440)=[{&(0x7f0000000480)="89e7ee2c78dad9b4b473e4c988cafb0c7d1b1403bb91be0e49e20600000000000000074d53031a741e59ce9161166be63370ed0cec74053630accc", 0x3b}], 0x1)

122.710405ms ago: executing program 5 (id=6039):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x4, 0x0, 0x0, 0x41100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000080)={0x0})
syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680)

40.985339ms ago: executing program 5 (id=6040):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

38.051749ms ago: executing program 6 (id=6041):
r0 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x20000000)

21.257429ms ago: executing program 5 (id=6042):
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1, 0x0, 0x3}, 0x18)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x78)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = msgget$private(0x0, 0xfffffffffffffffd)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113380000000000bf1000000000000025000200091b00003d200000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200000300000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_msg}, 0x48)
msgsnd(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000000000000065fbabba7667002bd5241f293091a3d7a1a5d81d626be845d07254bde4e329746163a52c3c064b2e69a7c9677e6a1f990100000000000000f8615b9b503824dec988c6a49b9d784df2629ca12eb5994d0881f32c1bb98087549ccb92a0a59167a7dba32fc4020accd0f0a4135499630386f7d0771d8edbec5736d58f818f2066aa241917ca"], 0xcc, 0x0)
msgrcv(r3, &(0x7f00000001c0)={0x0, ""/246}, 0xfe, 0x3, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x6}, 0x1c)

0s ago: executing program 4 (id=6043):
r0 = syz_open_dev$evdev(0x0, 0x14be497c, 0x800)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000080)={0x17, 0xb, &(0x7f0000000040)="a62353a43a6beba40fe4f8"})

kernel console output (not intermixed with test programs):

oop4: detected capacity change from 0 to 512
[  353.358732][T20013] chnl_net:caif_netlink_parms(): no params data found
[  353.367192][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.380373][T19988] loop4: detected capacity change from 0 to 512
[  353.388093][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.397186][T19988] loop4: detected capacity change from 0 to 512
[  353.404015][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.413070][T19988] loop4: detected capacity change from 0 to 512
[  353.419657][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.429734][T19988] loop4: detected capacity change from 0 to 512
[  353.436660][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.445995][ T4146] hsr_slave_0: left promiscuous mode
[  353.446233][T19988] loop4: detected capacity change from 0 to 512
[  353.457970][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.464565][ T4146] hsr_slave_1: left promiscuous mode
[  353.467692][T19988] loop4: detected capacity change from 0 to 512
[  353.474177][T20043] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5550'.
[  353.476612][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.488993][ T4146] batman_adv: batadv0: Removing interface: batadv_slave_0
[  353.494595][T19988] loop4: detected capacity change from 0 to 512
[  353.505364][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.512803][ T4146] batman_adv: batadv0: Removing interface: batadv_slave_1
[  353.515230][T19988] loop4: detected capacity change from 0 to 512
[  353.527587][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.538947][T19988] loop4: detected capacity change from 0 to 512
[  353.545620][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.556599][T19988] loop4: detected capacity change from 0 to 512
[  353.566510][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.573572][ T4146] team0 (unregistering): Port device team_slave_1 removed
[  353.583952][T19988] loop4: detected capacity change from 0 to 512
[  353.594328][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.601389][ T4146] team0 (unregistering): Port device team_slave_0 removed
[  353.610290][T19988] loop4: detected capacity change from 0 to 512
[  353.617571][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.627861][T19988] loop4: detected capacity change from 0 to 512
[  353.634659][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.641396][ T4146] team0 (unregistering): Port device dummy0 removed
[  353.644323][T19988] loop4: detected capacity change from 0 to 512
[  353.654893][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.661929][T20043] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  353.664872][T19988] loop4: detected capacity change from 0 to 512
[  353.675156][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.687275][T19988] loop4: detected capacity change from 0 to 512
[  353.694417][T20051] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5551'.
[  353.696023][T20043] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  353.720459][T20051] 0ªî{X¹¦: renamed from gretap0
[  353.725822][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.733539][T20051] 0ªî{X¹¦: entered allmulticast mode
[  353.739676][T20051] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  353.763499][T19988] loop4: detected capacity change from 0 to 512
[  353.770613][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.780892][T19988] loop4: detected capacity change from 0 to 512
[  353.787655][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.795475][T20013] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.802634][T20013] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.807209][T19988] loop4: detected capacity change from 0 to 512
[  353.809897][T20013] bridge_slave_0: entered allmulticast mode
[  353.816266][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.822361][T20013] bridge_slave_0: entered promiscuous mode
[  353.828993][ T4180] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  353.835092][T20013] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.850797][T19988] loop4: detected capacity change from 0 to 512
[  353.851025][T20013] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.857654][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.873937][T20013] bridge_slave_1: entered allmulticast mode
[  353.883913][T19988] loop4: detected capacity change from 0 to 512
[  353.885944][T20013] bridge_slave_1: entered promiscuous mode
[  353.891821][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.913488][T20060] loop5: detected capacity change from 0 to 128
[  353.922561][T20060] FAT-fs (loop5): Directory bread(block 162) failed
[  353.929307][T19988] loop4: detected capacity change from 0 to 512
[  353.929582][T20060] FAT-fs (loop5): Directory bread(block 163) failed
[  353.942826][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.942840][T20060] FAT-fs (loop5): Directory bread(block 164) failed
[  353.956357][T20060] FAT-fs (loop5): Directory bread(block 165) failed
[  353.963194][T20060] FAT-fs (loop5): Directory bread(block 166) failed
[  353.966188][T19988] loop4: detected capacity change from 0 to 512
[  353.970078][T20060] FAT-fs (loop5): Directory bread(block 167) failed
[  353.976941][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  353.984937][T20060] FAT-fs (loop5): Directory bread(block 168) failed
[  353.995905][T20060] FAT-fs (loop5): Directory bread(block 169) failed
[  353.999770][T19988] loop4: detected capacity change from 0 to 512
[  354.011274][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.018131][T20060] FAT-fs (loop5): Directory bread(block 162) failed
[  354.030230][T20013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  354.039624][T19988] loop4: detected capacity change from 0 to 512
[  354.046309][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.046893][T20060] FAT-fs (loop5): Directory bread(block 163) failed
[  354.061232][T20013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  354.078787][T20068] loop2: detected capacity change from 0 to 128
[  354.091193][T19988] loop4: detected capacity change from 0 to 512
[  354.100566][T20070] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5556'.
[  354.102981][T20068] FAT-fs (loop2): Directory bread(block 162) failed
[  354.109604][T20070] FAULT_INJECTION: forcing a failure.
[  354.109604][T20070] name failslab, interval 1, probability 0, space 0, times 0
[  354.116461][T20068] FAT-fs (loop2): Directory bread(block 163) failed
[  354.129143][T20070] CPU: 1 UID: 0 PID: 20070 Comm: syz.1.5556 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  354.129238][T20070] Tainted: [W]=WARN
[  354.129244][T20070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  354.129256][T20070] Call Trace:
[  354.129264][T20070]  <TASK>
[  354.129271][T20070]  __dump_stack+0x1d/0x30
[  354.129363][T20070]  dump_stack_lvl+0xe8/0x140
[  354.129382][T20070]  dump_stack+0x15/0x1b
[  354.129399][T20070]  should_fail_ex+0x265/0x280
[  354.129426][T20070]  should_failslab+0x8c/0xb0
[  354.129474][T20070]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  354.129498][T20070]  ? nf_tables_dump_sets_start+0x2e/0x60
[  354.129628][T20070]  kmemdup_noprof+0x2b/0x70
[  354.129724][T20070]  nf_tables_dump_sets_start+0x2e/0x60
[  354.129748][T20070]  __netlink_dump_start+0x334/0x520
[  354.129778][T20070]  nf_tables_getset+0x3c3/0x670
[  354.129799][T20070]  ? __pfx_nf_tables_dump_sets_start+0x10/0x10
[  354.129823][T20070]  ? __pfx_nf_tables_dump_sets+0x10/0x10
[  354.129846][T20070]  ? __pfx_nf_tables_dump_sets_done+0x10/0x10
[  354.129873][T20070]  ? __pfx_nf_tables_getset+0x10/0x10
[  354.129912][T20070]  nfnetlink_rcv_msg+0x3c3/0x590
[  354.130012][T20070]  netlink_rcv_skb+0x123/0x220
[  354.130061][T20070]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  354.130164][T20070]  nfnetlink_rcv+0x167/0x16c0
[  354.130188][T20070]  ? __account_obj_stock+0x211/0x350
[  354.130208][T20070]  ? xas_load+0x413/0x430
[  354.130231][T20070]  ? __rcu_read_unlock+0x4f/0x70
[  354.130259][T20070]  ? xa_load+0xb1/0xe0
[  354.130283][T20070]  ? __account_obj_stock+0x2d6/0x350
[  354.130303][T20070]  ? obj_cgroup_charge_account+0x122/0x1a0
[  354.130337][T20070]  ? should_fail_ex+0x30/0x280
[  354.130362][T20070]  ? _raw_spin_lock_bh+0x56/0xb0
[  354.130403][T20070]  ? should_fail_ex+0xdb/0x280
[  354.130480][T20070]  ? selinux_nlmsg_lookup+0x99/0x890
[  354.130501][T20070]  ? __rcu_read_unlock+0x34/0x70
[  354.130529][T20070]  ? __netlink_lookup+0x266/0x2a0
[  354.130549][T20070]  netlink_unicast+0x5c0/0x690
[  354.130589][T20070]  netlink_sendmsg+0x58b/0x6b0
[  354.130683][T20070]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.130749][T20070]  __sock_sendmsg+0x145/0x180
[  354.130771][T20070]  ____sys_sendmsg+0x31e/0x4a0
[  354.130801][T20070]  ___sys_sendmsg+0x17b/0x1d0
[  354.130898][T20070]  __x64_sys_sendmsg+0xd4/0x160
[  354.130978][T20070]  x64_sys_call+0x17ba/0x3000
[  354.130999][T20070]  do_syscall_64+0xd8/0x2a0
[  354.131025][T20070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.131046][T20070] RIP: 0033:0x7ffacc82f749
[  354.131070][T20070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.131087][T20070] RSP: 002b:00007ffacb297038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.131105][T20070] RAX: ffffffffffffffda RBX: 00007ffacca85fa0 RCX: 00007ffacc82f749
[  354.131118][T20070] RDX: 00000000000c0042 RSI: 0000200000000480 RDI: 0000000000000006
[  354.131129][T20070] RBP: 00007ffacb297090 R08: 0000000000000000 R09: 0000000000000000
[  354.131171][T20070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.131183][T20070] R13: 00007ffacca86038 R14: 00007ffacca85fa0 R15: 00007ffd168fbee8
[  354.131200][T20070]  </TASK>
[  354.133062][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.136074][T20068] FAT-fs (loop2): Directory bread(block 164) failed
[  354.468283][ T4146] IPVS: stop unused estimator thread 0...
[  354.469377][T20076] loop5: detected capacity change from 0 to 512
[  354.484048][T19988] loop4: detected capacity change from 0 to 512
[  354.486843][T20013] team0: Port device team_slave_0 added
[  354.497652][T20013] team0: Port device team_slave_1 added
[  354.499691][T20068] FAT-fs (loop2): Directory bread(block 165) failed
[  354.513334][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.517019][T20068] FAT-fs (loop2): Directory bread(block 166) failed
[  354.526508][T20068] FAT-fs (loop2): Directory bread(block 167) failed
[  354.533639][T20068] FAT-fs (loop2): Directory bread(block 168) failed
[  354.547912][T20013] batman_adv: batadv0: Adding interface: batadv_slave_0
[  354.551167][T19988] loop4: detected capacity change from 0 to 512
[  354.554877][T20013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  354.562368][T20068] FAT-fs (loop2): Directory bread(block 169) failed
[  354.587016][T20013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  354.590841][T20076] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  354.594205][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.617734][T20013] batman_adv: batadv0: Adding interface: batadv_slave_1
[  354.630193][T20013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  354.656162][T20013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  354.669938][T19988] loop4: detected capacity change from 0 to 512
[  354.676806][T19988] EXT4-fs: Mount option(s) incompatible with ext2
[  354.685999][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.704998][T20013] hsr_slave_0: entered promiscuous mode
[  354.711132][T20013] hsr_slave_1: entered promiscuous mode
[  354.717222][T20013] debugfs: 'hsr0' already exists in 'hsr'
[  354.722951][T20013] Cannot create hsr debugfs directory
[  354.728526][T20068] FAT-fs (loop2): Directory bread(block 162) failed
[  354.735311][T20068] FAT-fs (loop2): Directory bread(block 163) failed
[  354.812956][T20013] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  354.819822][T20082] loop1: detected capacity change from 0 to 2048
[  354.831094][T20092] loop5: detected capacity change from 0 to 512
[  354.840702][T20013] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  354.847361][T20092] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.857938][T20082] Alternate GPT is invalid, using primary GPT.
[  354.865776][T20082]  loop1: p1 p2 p3
[  354.869687][T20082] loop1: partition table partially beyond EOD, truncated
[  354.883623][T20013] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  354.891751][ T4146] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  354.892630][T20013] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  354.945189][T20107] FAULT_INJECTION: forcing a failure.
[  354.945189][T20107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.958368][T20107] CPU: 0 UID: 0 PID: 20107 Comm: syz.4.5565 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  354.958446][T20107] Tainted: [W]=WARN
[  354.958452][T20107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  354.958462][T20107] Call Trace:
[  354.958469][T20107]  <TASK>
[  354.958476][T20107]  __dump_stack+0x1d/0x30
[  354.958577][T20107]  dump_stack_lvl+0xe8/0x140
[  354.958597][T20107]  dump_stack+0x15/0x1b
[  354.958615][T20107]  should_fail_ex+0x265/0x280
[  354.958689][T20107]  should_fail+0xb/0x20
[  354.958715][T20107]  should_fail_usercopy+0x1a/0x20
[  354.958745][T20107]  _copy_from_user+0x1c/0xb0
[  354.958766][T20107]  do_fcntl+0x667/0xf60
[  354.958906][T20107]  __se_sys_fcntl+0xb1/0x120
[  354.958960][T20107]  __x64_sys_fcntl+0x43/0x50
[  354.958985][T20107]  x64_sys_call+0x2d6f/0x3000
[  354.959088][T20107]  do_syscall_64+0xd8/0x2a0
[  354.959115][T20107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.959133][T20107] RIP: 0033:0x7f02e3b9f749
[  354.959152][T20107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.959219][T20107] RSP: 002b:00007f02e2607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  354.959239][T20107] RAX: ffffffffffffffda RBX: 00007f02e3df5fa0 RCX: 00007f02e3b9f749
[  354.959251][T20107] RDX: 00002000000000c0 RSI: 0000000000000007 RDI: 0000000000000003
[  354.959261][T20107] RBP: 00007f02e2607090 R08: 0000000000000000 R09: 0000000000000000
[  354.959271][T20107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.959282][T20107] R13: 00007f02e3df6038 R14: 00007f02e3df5fa0 R15: 00007fff8ed17b18
[  354.959300][T20107]  </TASK>
[  354.959737][T20109] futex_wake_op: syz.1.5566 tries to shift op by 35; fix this program
[  355.103960][T20113] netlink: 5 bytes leftover after parsing attributes in process `syz.4.5567'.
[  355.150708][T20113] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  355.158169][T20113] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  355.221698][T20013] 8021q: adding VLAN 0 to HW filter on device bond0
[  355.235218][T20013] 8021q: adding VLAN 0 to HW filter on device team0
[  355.244678][ T4146] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.251805][ T4146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.259719][T20121] loop2: detected capacity change from 0 to 512
[  355.268507][ T4146] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.275632][ T4146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.285778][T20121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.327949][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.351085][T20013] 8021q: adding VLAN 0 to HW filter on device batadv0
[  355.479624][T20013] veth0_vlan: entered promiscuous mode
[  355.487782][T20013] veth1_vlan: entered promiscuous mode
[  355.504055][T20013] veth0_macvtap: entered promiscuous mode
[  355.512458][T20013] veth1_macvtap: entered promiscuous mode
[  355.523640][T20013] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.534637][T20013] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.546369][ T4174] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  355.555485][ T4174] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  355.577725][ T4146] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  355.578663][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.589916][ T4146] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  355.717053][T20163] loop6: detected capacity change from 0 to 2048
[  355.762138][T20163] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.918950][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.085270][T20175] loop2: detected capacity change from 0 to 512
[  356.099132][T20175] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  356.117186][T20175] EXT4-fs (loop2): 1 truncate cleaned up
[  356.136665][T20175] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.150499][T20180] loop6: detected capacity change from 0 to 512
[  356.207467][T20180] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.252415][T20180] bridge_slave_0: left allmulticast mode
[  356.258178][T20180] bridge_slave_0: left promiscuous mode
[  356.263874][T20180] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.284197][T20180] bridge_slave_1: left allmulticast mode
[  356.289926][T20180] bridge_slave_1: left promiscuous mode
[  356.295842][T20180] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.330859][T20180] bond0: (slave bond_slave_0): Releasing backup interface
[  356.369201][T20180] bond0: (slave bond_slave_1): Releasing backup interface
[  356.380604][T20180] team0: Port device team_slave_0 removed
[  356.399874][T20180] team0: Port device team_slave_1 removed
[  356.407307][T20180] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  356.414701][T20180] batman_adv: batadv0: Removing interface: batadv_slave_0
[  356.494523][T20180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  356.501975][T20180] batman_adv: batadv0: Removing interface: batadv_slave_1
[  356.526475][T20180] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  356.532048][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.575541][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.603188][T20199] futex_wake_op: syz.5.5587 tries to shift op by 35; fix this program
[  356.611739][T20197] loop6: detected capacity change from 0 to 2048
[  356.619491][T20198] loop2: detected capacity change from 0 to 128
[  356.626602][T20198] FAT-fs (loop2): Directory bread(block 162) failed
[  356.633212][T20198] FAT-fs (loop2): Directory bread(block 163) failed
[  356.641386][T20198] FAT-fs (loop2): Directory bread(block 164) failed
[  356.649314][T20198] FAT-fs (loop2): Directory bread(block 165) failed
[  356.656230][T20198] FAT-fs (loop2): Directory bread(block 166) failed
[  356.662885][T20198] FAT-fs (loop2): Directory bread(block 167) failed
[  356.669841][T20198] FAT-fs (loop2): Directory bread(block 168) failed
[  356.676570][T20198] FAT-fs (loop2): Directory bread(block 169) failed
[  356.687482][T20197] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  356.730088][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.757157][T20206] loop1: detected capacity change from 0 to 128
[  356.764817][T20203] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5588'.
[  356.776620][T20206] FAT-fs (loop1): Directory bread(block 162) failed
[  356.791682][T20206] FAT-fs (loop1): Directory bread(block 163) failed
[  356.799126][T20206] FAT-fs (loop1): Directory bread(block 164) failed
[  356.807224][T20206] FAT-fs (loop1): Directory bread(block 165) failed
[  356.813442][T20208] loop6: detected capacity change from 0 to 128
[  356.814163][T20206] FAT-fs (loop1): Directory bread(block 166) failed
[  356.827241][T20206] FAT-fs (loop1): Directory bread(block 167) failed
[  356.835848][T20206] FAT-fs (loop1): Directory bread(block 168) failed
[  356.843236][T20206] FAT-fs (loop1): Directory bread(block 169) failed
[  356.857069][T20208] FAT-fs (loop6): Directory bread(block 162) failed
[  356.859890][T20206] FAT-fs (loop1): Directory bread(block 162) failed
[  356.871199][T20206] FAT-fs (loop1): Directory bread(block 163) failed
[  356.873698][T20208] FAT-fs (loop6): Directory bread(block 163) failed
[  356.878841][T20206] bio_check_eod: 4 callbacks suppressed
[  356.878854][T20206] syz.1.5590: attempt to access beyond end of device
[  356.878854][T20206] loop1: rw=3, sector=226, nr_sectors = 6 limit=128
[  356.893450][T20208] FAT-fs (loop6): Directory bread(block 164) failed
[  356.910077][T20206] syz.1.5590: attempt to access beyond end of device
[  356.910077][T20206] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128
[  356.954197][T20208] FAT-fs (loop6): Directory bread(block 165) failed
[  356.964717][T20208] FAT-fs (loop6): Directory bread(block 166) failed
[  356.972399][T20208] FAT-fs (loop6): Directory bread(block 167) failed
[  356.979197][T20208] FAT-fs (loop6): Directory bread(block 168) failed
[  356.989005][T20208] FAT-fs (loop6): Directory bread(block 169) failed
[  357.004517][T20208] FAT-fs (loop6): Directory bread(block 162) failed
[  357.011660][   T29] kauditd_printk_skb: 284 callbacks suppressed
[  357.011674][   T29] audit: type=1326 audit(357.038:46851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.012003][T20208] FAT-fs (loop6): Directory bread(block 163) failed
[  357.018714][   T29] audit: type=1326 audit(357.038:46852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.042043][T20208] syz.6.5589: attempt to access beyond end of device
[  357.042043][T20208] loop6: rw=3, sector=226, nr_sectors = 6 limit=128
[  357.069713][   T29] audit: type=1326 audit(357.068:46853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.106682][   T29] audit: type=1326 audit(357.068:46854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.115364][T20208] syz.6.5589: attempt to access beyond end of device
[  357.115364][T20208] loop6: rw=2051, sector=232, nr_sectors = 2 limit=128
[  357.129625][   T29] audit: type=1326 audit(357.068:46855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.152871][   T29] audit: type=1326 audit(357.098:46856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.189094][   T29] audit: type=1326 audit(357.098:46857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.212252][   T29] audit: type=1326 audit(357.098:46858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.218166][T20215] netlink: 'syz.1.5593': attribute type 3 has an invalid length.
[  357.253135][   T29] audit: type=1326 audit(357.198:46859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.276172][   T29] audit: type=1326 audit(357.198:46860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20214 comm="syz.1.5593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  357.351125][T20228] loop1: detected capacity change from 0 to 128
[  357.358941][T20228] FAT-fs (loop1): Directory bread(block 162) failed
[  357.365963][T20228] FAT-fs (loop1): Directory bread(block 163) failed
[  357.372754][T20228] FAT-fs (loop1): Directory bread(block 164) failed
[  357.379568][T20228] FAT-fs (loop1): Directory bread(block 165) failed
[  357.386344][T20228] FAT-fs (loop1): Directory bread(block 166) failed
[  357.386411][T20230] loop6: detected capacity change from 0 to 512
[  357.399402][T20228] FAT-fs (loop1): Directory bread(block 167) failed
[  357.406644][T20228] FAT-fs (loop1): Directory bread(block 168) failed
[  357.413558][T20228] FAT-fs (loop1): Directory bread(block 169) failed
[  357.421289][T20230] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.445901][T20230] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.5594: bg 0: block 217: padding at end of block bitmap is not set
[  357.469045][T20237] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5601'.
[  357.502589][T20245] IPv6: NLM_F_CREATE should be specified when creating new route
[  357.530570][T20249] netlink: 'syz.5.5607': attribute type 3 has an invalid length.
[  357.588258][T20258] loop4: detected capacity change from 0 to 512
[  357.601405][T20258] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  357.612859][T20258] EXT4-fs (loop4): 1 truncate cleaned up
[  357.619030][T20258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  357.632356][T20258] EXT4-fs error (device loop4): ext4_get_parent:1838: comm syz.4.5610: inode #2: comm syz.4.5610: iget: illegal inode #
[  357.661483][T20263] futex_wake_op: syz.5.5612 tries to shift op by 35; fix this program
[  357.680545][T13597] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.722330][T20268] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5614'.
[  357.731984][T20268] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  357.733968][T20272] blktrace: Concurrent blktraces are not allowed on loop2
[  357.797949][T20276] 9pnet: Could not find request transport: 0xffffffffffffffff
[  357.811114][T20279] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5618'.
[  357.828439][T20268] loop4: detected capacity change from 0 to 8192
[  357.843212][T20283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5620'.
[  357.874083][T20281] loop1: detected capacity change from 0 to 732
[  357.880858][ T3480] IPVS: starting estimator thread 0...
[  357.887039][T20281] iso9660: Unknown parameter ''
[  357.920358][T20288] netlink: 332 bytes leftover after parsing attributes in process `'.
[  357.956288][T20292] netlink: 'syz.1.5623': attribute type 3 has an invalid length.
[  357.985326][T20285] IPVS: using max 2688 ests per chain, 134400 per kthread
[  358.076986][T20300] loop1: detected capacity change from 0 to 512
[  358.086248][T20300] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  358.160354][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.170269][T20300] EXT4-fs (loop1): mount failed
[  358.208740][T20309] loop6: detected capacity change from 0 to 2048
[  358.223273][T20310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.231944][T20310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.246515][T20309] Alternate GPT is invalid, using primary GPT.
[  358.252871][T20309]  loop6: p1 p2 p3
[  358.256655][T20309] loop6: partition table partially beyond EOD, truncated
[  358.304396][T20314] netlink: 'syz.6.5632': attribute type 1 has an invalid length.
[  358.540926][T20328] loop6: detected capacity change from 0 to 512
[  358.563623][T20328] EXT4-fs error (device loop6): ext4_xattr_inode_iget:446: comm syz.6.5636: error while reading EA inode 32 err=-116
[  358.589390][T20328] EXT4-fs (loop6): Remounting filesystem read-only
[  358.596791][T20328] EXT4-fs warning (device loop6): ext4_evict_inode:256: couldn't mark inode dirty (err -30)
[  358.615637][T20328] EXT4-fs (loop6): 1 orphan inode deleted
[  358.624565][T20328] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.660565][T20333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5637'.
[  358.720121][T20337] blktrace: Concurrent blktraces are not allowed on loop8
[  358.727537][T20330] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5637'.
[  358.737141][T20330] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5637'.
[  358.746397][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.818995][T20345] loop2: detected capacity change from 0 to 512
[  358.865954][T20345] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.5643: EA inode hash validation failed
[  358.911428][T20345] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #15: comm syz.2.5643: corrupted inode contents
[  358.925967][T20345] EXT4-fs error (device loop2): ext4_dirty_inode:6513: inode #15: comm syz.2.5643: mark_inode_dirty error
[  358.937621][T20345] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #15: comm syz.2.5643: corrupted inode contents
[  358.953789][T20345] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.5643: mark_inode_dirty error
[  358.975332][T20345] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.5643: mark inode dirty (error -117)
[  358.990764][T20345] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117)
[  359.000143][T20345] EXT4-fs (loop2): 1 orphan inode deleted
[  359.041753][T20355] lo speed is unknown, defaulting to 1000
[  359.048711][T20355] lo speed is unknown, defaulting to 1000
[  359.202545][T20345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  359.354990][T20358] sch_fq: defrate 4294967295 ignored.
[  359.403166][T20358] loop5: detected capacity change from 0 to 1024
[  359.416096][T20358] EXT4-fs: Ignoring removed orlov option
[  359.421805][T20358] EXT4-fs: Ignoring removed mblk_io_submit option
[  359.442083][T20358] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c018, mo2=0003]
[  359.451806][T20358] System zones: 0-1, 3-12
[  359.458851][T20358] EXT4-fs (loop5): mounted filesystem 00000000-0500-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  359.495492][T20358] vlan2: entered allmulticast mode
[  359.671843][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.689409][T20367] futex_wake_op: syz.2.5647 tries to shift op by 35; fix this program
[  359.715807][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0500-0000-0000-000000000000.
[  359.716381][T20365] FAULT_INJECTION: forcing a failure.
[  359.716381][T20365] name failslab, interval 1, probability 0, space 0, times 0
[  359.737584][T20365] CPU: 0 UID: 0 PID: 20365 Comm: syz.6.5648 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  359.737605][T20365] Tainted: [W]=WARN
[  359.737609][T20365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  359.737616][T20365] Call Trace:
[  359.737621][T20365]  <TASK>
[  359.737626][T20365]  __dump_stack+0x1d/0x30
[  359.737640][T20365]  dump_stack_lvl+0xe8/0x140
[  359.737739][T20365]  dump_stack+0x15/0x1b
[  359.737749][T20365]  should_fail_ex+0x265/0x280
[  359.737778][T20365]  should_failslab+0x8c/0xb0
[  359.737791][T20365]  kmem_cache_alloc_noprof+0x50/0x480
[  359.737802][T20365]  ? skb_clone+0x151/0x1f0
[  359.737855][T20365]  skb_clone+0x151/0x1f0
[  359.737871][T20365]  __netlink_deliver_tap+0x2c9/0x500
[  359.737890][T20365]  netlink_unicast+0x66b/0x690
[  359.737947][T20365]  netlink_sendmsg+0x58b/0x6b0
[  359.737963][T20365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  359.737980][T20365]  __sock_sendmsg+0x145/0x180
[  359.737992][T20365]  ____sys_sendmsg+0x31e/0x4a0
[  359.738068][T20365]  ___sys_sendmsg+0x17b/0x1d0
[  359.738099][T20365]  __x64_sys_sendmsg+0xd4/0x160
[  359.738170][T20365]  x64_sys_call+0x17ba/0x3000
[  359.738181][T20365]  do_syscall_64+0xd8/0x2a0
[  359.738197][T20365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.738220][T20365] RIP: 0033:0x7ff0a3f1f749
[  359.738230][T20365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.738305][T20365] RSP: 002b:00007ff0a297f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  359.738316][T20365] RAX: ffffffffffffffda RBX: 00007ff0a4175fa0 RCX: 00007ff0a3f1f749
[  359.738324][T20365] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 0000000000000006
[  359.738331][T20365] RBP: 00007ff0a297f090 R08: 0000000000000000 R09: 0000000000000000
[  359.738338][T20365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.738345][T20365] R13: 00007ff0a4176038 R14: 00007ff0a4175fa0 R15: 00007ffdc3e24a28
[  359.738354][T20365]  </TASK>
[  359.956067][T20377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  359.964588][T20377] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.978750][T20379] netlink: 'syz.5.5651': attribute type 13 has an invalid length.
[  359.997796][T20379] 1ªî{X¹¦: refused to change device tx_queue_len
[  360.004262][T20379] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  360.036352][T20383] blktrace: Concurrent blktraces are not allowed on loop10
[  360.058361][T20387] IPv6: NLM_F_CREATE should be specified when creating new route
[  360.066705][ T4171] Bluetooth: hci1: Frame reassembly failed (-84)
[  360.071157][T20387] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  360.080252][T20387] IPv6: NLM_F_CREATE should be set when creating new route
[  360.092673][T20389] 1ªî{X¹¦: left allmulticast mode
[  360.121388][T20391] __nla_validate_parse: 2 callbacks suppressed
[  360.121469][T20391] netlink: 14 bytes leftover after parsing attributes in process `syz.6.5657'.
[  360.140907][T20391] bond0 (unregistering): Released all slaves
[  360.244522][ T3553] Bluetooth: hci0: command 0x1003 tx timeout
[  360.250581][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  360.724870][T20396] lo speed is unknown, defaulting to 1000
[  360.731410][T20396] lo speed is unknown, defaulting to 1000
[  360.777386][T20396] netlink: 144 bytes leftover after parsing attributes in process `syz.2.5658'.
[  360.909501][T20398] FAULT_INJECTION: forcing a failure.
[  360.909501][T20398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.922672][T20398] CPU: 0 UID: 0 PID: 20398 Comm: syz.1.5659 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  360.922699][T20398] Tainted: [W]=WARN
[  360.922704][T20398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  360.922714][T20398] Call Trace:
[  360.922721][T20398]  <TASK>
[  360.922728][T20398]  __dump_stack+0x1d/0x30
[  360.922785][T20398]  dump_stack_lvl+0xe8/0x140
[  360.922805][T20398]  dump_stack+0x15/0x1b
[  360.922823][T20398]  should_fail_ex+0x265/0x280
[  360.922847][T20398]  should_fail+0xb/0x20
[  360.923004][T20398]  should_fail_usercopy+0x1a/0x20
[  360.923034][T20398]  _copy_to_user+0x20/0xa0
[  360.923120][T20398]  simple_read_from_buffer+0xb5/0x130
[  360.923156][T20398]  proc_fail_nth_read+0x10e/0x150
[  360.923183][T20398]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.923279][T20398]  vfs_read+0x1a8/0x770
[  360.923305][T20398]  ? __rcu_read_unlock+0x4f/0x70
[  360.923329][T20398]  ? __fget_files+0x184/0x1c0
[  360.923413][T20398]  ? mutex_lock+0x58/0x90
[  360.923436][T20398]  ksys_read+0xda/0x1a0
[  360.923492][T20398]  __x64_sys_read+0x40/0x50
[  360.923507][T20398]  x64_sys_call+0x2889/0x3000
[  360.923525][T20398]  do_syscall_64+0xd8/0x2a0
[  360.923558][T20398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.923622][T20398] RIP: 0033:0x7ffacc82e15c
[  360.923635][T20398] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  360.923685][T20398] RSP: 002b:00007ffacb297030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  360.923701][T20398] RAX: ffffffffffffffda RBX: 00007ffacca85fa0 RCX: 00007ffacc82e15c
[  360.923712][T20398] RDX: 000000000000000f RSI: 00007ffacb2970a0 RDI: 0000000000000006
[  360.923722][T20398] RBP: 00007ffacb297090 R08: 0000000000000000 R09: 0000000000000000
[  360.923733][T20398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.923785][T20398] R13: 00007ffacca86038 R14: 00007ffacca85fa0 R15: 00007ffd168fbee8
[  360.923849][T20398]  </TASK>
[  361.206037][T20400] netlink: 'syz.6.5661': attribute type 3 has an invalid length.
[  361.536178][T20413] blktrace: Concurrent blktraces are not allowed on loop2
[  361.619301][T20415] loop1: detected capacity change from 0 to 128
[  361.630310][T20415] netlink: 83992 bytes leftover after parsing attributes in process `vfat'.
[  361.630342][T20415] netlink: zone id is out of range
[  361.630348][T20415] netlink: zone id is out of range
[  361.630357][T20415] netlink: zone id is out of range
[  361.630368][T20415] netlink: zone id is out of range
[  361.630401][T20415] netlink: zone id is out of range
[  361.630411][T20415] netlink: zone id is out of range
[  361.630426][T20415] netlink: zone id is out of range
[  361.630437][T20415] netlink: zone id is out of range
[  361.630478][T20415] netlink: zone id is out of range
[  361.631875][T20415] netlink: zone id is out of range
[  361.757386][T20420] futex_wake_op: syz.1.5668 tries to shift op by 35; fix this program
[  362.083753][ T3713] Bluetooth: hci1: command 0x1003 tx timeout
[  362.083881][ T3617] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  362.236279][T20428] loop2: detected capacity change from 0 to 2048
[  362.285394][T20428] Alternate GPT is invalid, using primary GPT.
[  362.285527][T20428]  loop2: p1 p2 p3
[  362.285535][T20428] loop2: partition table partially beyond EOD, truncated
[  362.578422][T20439] loop2: detected capacity change from 0 to 512
[  362.595333][T20439] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  362.616933][T20444] program syz.1.5676 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  362.644230][   T29] kauditd_printk_skb: 693 callbacks suppressed
[  362.644246][   T29] audit: type=1326 audit(362.674:47553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.683362][   T29] audit: type=1326 audit(362.674:47554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.701502][T20446] Cannot find add_set index 0 as target
[  362.706634][   T29] audit: type=1326 audit(362.674:47555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.706713][   T29] audit: type=1326 audit(362.674:47556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.758130][   T29] audit: type=1326 audit(362.674:47557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.781170][   T29] audit: type=1326 audit(362.674:47558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.804314][   T29] audit: type=1326 audit(362.674:47559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.827296][   T29] audit: type=1326 audit(362.674:47560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  362.850906][   T29] audit: type=1326 audit(362.674:47561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffacc82f783 code=0x7ffc0000
[  362.873753][   T29] audit: type=1326 audit(362.674:47562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20445 comm="syz.1.5677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ffacc82f783 code=0x7ffc0000
[  362.937156][T20454] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5680'.
[  363.051475][T20471] lo speed is unknown, defaulting to 1000
[  363.058779][T20471] lo speed is unknown, defaulting to 1000
[  363.121604][T20479] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  363.130939][T20478] tipc: Disabling bearer <eth:syzkaller0>
[  363.183659][T20485] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  363.193340][T20484] tipc: Disabling bearer <eth:syzkaller0>
[  363.211038][T20488] loop5: detected capacity change from 0 to 1024
[  363.218152][T20488] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  363.229064][T20488] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  363.239624][T20488] JBD2: no valid journal superblock found
[  363.245472][T20488] EXT4-fs (loop5): Could not load journal inode
[  363.256753][T20488] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  363.267390][T20488] 9pnet_fd: Insufficient options for proto=fd
[  363.304313][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.335325][T20502] FAULT_INJECTION: forcing a failure.
[  363.335325][T20502] name failslab, interval 1, probability 0, space 0, times 0
[  363.342211][T20503] loop4: detected capacity change from 0 to 1764
[  363.348050][T20502] CPU: 1 UID: 0 PID: 20502 Comm: syz.5.5701 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  363.348112][T20502] Tainted: [W]=WARN
[  363.348119][T20502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  363.348132][T20502] Call Trace:
[  363.348140][T20502]  <TASK>
[  363.348148][T20502]  __dump_stack+0x1d/0x30
[  363.348247][T20502]  dump_stack_lvl+0xe8/0x140
[  363.348267][T20502]  dump_stack+0x15/0x1b
[  363.348285][T20502]  should_fail_ex+0x265/0x280
[  363.348314][T20502]  should_failslab+0x8c/0xb0
[  363.348354][T20502]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  363.348442][T20502]  ? __alloc_skb+0x101/0x320
[  363.348469][T20502]  __alloc_skb+0x101/0x320
[  363.348495][T20502]  netlink_alloc_large_skb+0xbf/0xf0
[  363.348616][T20502]  netlink_sendmsg+0x3cf/0x6b0
[  363.348647][T20502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  363.348710][T20502]  __sock_sendmsg+0x145/0x180
[  363.348747][T20502]  ____sys_sendmsg+0x31e/0x4a0
[  363.348839][T20502]  ___sys_sendmsg+0x17b/0x1d0
[  363.348921][T20502]  __x64_sys_sendmsg+0xd4/0x160
[  363.348963][T20502]  x64_sys_call+0x17ba/0x3000
[  363.348985][T20502]  do_syscall_64+0xd8/0x2a0
[  363.349013][T20502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.349034][T20502] RIP: 0033:0x7f39bffbf749
[  363.349056][T20502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.349074][T20502] RSP: 002b:00007f39bea1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  363.349093][T20502] RAX: ffffffffffffffda RBX: 00007f39c0215fa0 RCX: 00007f39bffbf749
[  363.349106][T20502] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  363.349119][T20502] RBP: 00007f39bea1f090 R08: 0000000000000000 R09: 0000000000000000
[  363.349131][T20502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.349144][T20502] R13: 00007f39c0216038 R14: 00007f39c0215fa0 R15: 00007ffdf1e9a788
[  363.349214][T20502]  </TASK>
[  363.557015][T20503] isofs: isofs_export_get_parent(): child directory not normalized!
[  363.581230][T20515] FAULT_INJECTION: forcing a failure.
[  363.581230][T20515] name failslab, interval 1, probability 0, space 0, times 0
[  363.593912][T20515] CPU: 0 UID: 0 PID: 20515 Comm: syz.6.5703 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  363.593941][T20515] Tainted: [W]=WARN
[  363.593976][T20515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  363.593988][T20515] Call Trace:
[  363.593996][T20515]  <TASK>
[  363.594005][T20515]  __dump_stack+0x1d/0x30
[  363.594027][T20515]  dump_stack_lvl+0xe8/0x140
[  363.594043][T20515]  dump_stack+0x15/0x1b
[  363.594059][T20515]  should_fail_ex+0x265/0x280
[  363.594150][T20515]  should_failslab+0x8c/0xb0
[  363.594239][T20515]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  363.594264][T20515]  ? sidtab_sid2str_get+0xa0/0x130
[  363.594292][T20515]  kmemdup_noprof+0x2b/0x70
[  363.594425][T20515]  sidtab_sid2str_get+0xa0/0x130
[  363.594450][T20515]  security_sid_to_context_core+0x1eb/0x2e0
[  363.594477][T20515]  security_sid_to_context+0x27/0x40
[  363.594498][T20515]  avc_audit_post_callback+0x10f/0x520
[  363.594565][T20515]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  363.594596][T20515]  common_lsm_audit+0x1bb/0x230
[  363.594619][T20515]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  363.594647][T20515]  ? avc_denied+0xe4/0x100
[  363.594702][T20515]  slow_avc_audit+0x104/0x140
[  363.594738][T20515]  avc_has_perm+0x13a/0x180
[  363.594818][T20515]  selinux_socket_sendmsg+0x175/0x1b0
[  363.594836][T20515]  security_socket_sendmsg+0x48/0x80
[  363.594853][T20515]  __sock_sendmsg+0x30/0x180
[  363.594873][T20515]  __sys_sendto+0x268/0x330
[  363.594978][T20515]  __x64_sys_sendto+0x76/0x90
[  363.595019][T20515]  x64_sys_call+0x29a7/0x3000
[  363.595062][T20515]  do_syscall_64+0xd8/0x2a0
[  363.595092][T20515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.595188][T20515] RIP: 0033:0x7ff0a3f1f749
[  363.595201][T20515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.595216][T20515] RSP: 002b:00007ff0a297f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  363.595234][T20515] RAX: ffffffffffffffda RBX: 00007ff0a4175fa0 RCX: 00007ff0a3f1f749
[  363.595247][T20515] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003
[  363.595259][T20515] RBP: 00007ff0a297f090 R08: 0000200000000100 R09: 000000000000001c
[  363.595272][T20515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.595320][T20515] R13: 00007ff0a4176038 R14: 00007ff0a4175fa0 R15: 00007ffdc3e24a28
[  363.595335][T20515]  </TASK>
[  363.924289][T20525] netlink: 3 bytes leftover after parsing attributes in process `syz.6.5707'.
[  363.935098][T20525] 0ªX¹¦À: renamed from caif0
[  363.941401][T20525] 0ªX¹¦À: entered allmulticast mode
[  363.991223][T20531] netlink: 164 bytes leftover after parsing attributes in process `syz.6.5710'.
[  364.006982][T20533] loop2: detected capacity change from 0 to 1024
[  364.051135][T20540] netlink: 'syz.6.5714': attribute type 3 has an invalid length.
[  364.084858][T20541] lo speed is unknown, defaulting to 1000
[  364.093683][T20533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  364.107649][T20541] lo speed is unknown, defaulting to 1000
[  364.146707][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  364.254008][T20553] netlink: 14 bytes leftover after parsing attributes in process `syz.6.5719'.
[  364.271683][T20556] FAULT_INJECTION: forcing a failure.
[  364.271683][T20556] name failslab, interval 1, probability 0, space 0, times 0
[  364.284492][T20556] CPU: 1 UID: 0 PID: 20556 Comm: syz.4.5718 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  364.284519][T20556] Tainted: [W]=WARN
[  364.284525][T20556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  364.284536][T20556] Call Trace:
[  364.284543][T20556]  <TASK>
[  364.284551][T20556]  __dump_stack+0x1d/0x30
[  364.284621][T20556]  dump_stack_lvl+0xe8/0x140
[  364.284637][T20556]  dump_stack+0x15/0x1b
[  364.284651][T20556]  should_fail_ex+0x265/0x280
[  364.284676][T20556]  should_failslab+0x8c/0xb0
[  364.284743][T20556]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  364.284762][T20556]  ? __alloc_skb+0x101/0x320
[  364.284784][T20556]  __alloc_skb+0x101/0x320
[  364.284871][T20556]  netlink_ack+0xfd/0x500
[  364.284923][T20556]  netlink_rcv_skb+0x192/0x220
[  364.284955][T20556]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  364.285002][T20556]  rtnetlink_rcv+0x1c/0x30
[  364.285039][T20556]  netlink_unicast+0x5c0/0x690
[  364.285063][T20556]  netlink_sendmsg+0x58b/0x6b0
[  364.285096][T20556]  ? __pfx_netlink_sendmsg+0x10/0x10
[  364.285162][T20556]  __sock_sendmsg+0x145/0x180
[  364.285216][T20556]  ____sys_sendmsg+0x345/0x4a0
[  364.285260][T20556]  ___sys_sendmsg+0x17b/0x1d0
[  364.285311][T20556]  __sys_sendmmsg+0x178/0x300
[  364.285348][T20556]  __x64_sys_sendmmsg+0x57/0x70
[  364.285405][T20556]  x64_sys_call+0x1e28/0x3000
[  364.285427][T20556]  do_syscall_64+0xd8/0x2a0
[  364.285527][T20556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.285577][T20556] RIP: 0033:0x7f02e3b9f749
[  364.285593][T20556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.285610][T20556] RSP: 002b:00007f02e2607038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  364.285695][T20556] RAX: ffffffffffffffda RBX: 00007f02e3df5fa0 RCX: 00007f02e3b9f749
[  364.285706][T20556] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  364.285717][T20556] RBP: 00007f02e2607090 R08: 0000000000000000 R09: 0000000000000000
[  364.285727][T20556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.285740][T20556] R13: 00007f02e3df6038 R14: 00007f02e3df5fa0 R15: 00007fff8ed17b18
[  364.285824][T20556]  </TASK>
[  364.518407][T20554] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5717'.
[  364.727814][T20569] loop5: detected capacity change from 0 to 512
[  364.734888][T20569] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  364.754013][T20569] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  364.768730][T20569] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5723: bg 0: block 248: padding at end of block bitmap is not set
[  364.783432][T20569] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.5723: Failed to acquire dquot type 1
[  364.795474][T20569] EXT4-fs (loop5): 1 truncate cleaned up
[  364.801491][T20569] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  364.815003][T20570] netlink: 'syz.5.5723': attribute type 32 has an invalid length.
[  364.822884][T20569] netlink: 'syz.5.5723': attribute type 32 has an invalid length.
[  364.839103][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  364.854341][T20577] futex_wake_op: syz.5.5724 tries to shift op by 35; fix this program
[  365.081945][T20582] netlink: 'syz.6.5726': attribute type 3 has an invalid length.
[  365.127550][T20588] loop6: detected capacity change from 0 to 1764
[  365.142753][T20588] isofs: isofs_export_get_parent(): child directory not normalized!
[  365.516165][T20607] lo speed is unknown, defaulting to 1000
[  365.516500][T20607] lo speed is unknown, defaulting to 1000
[  365.788186][T20618] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5738'.
[  365.808808][T20620] IPv6: NLM_F_CREATE should be specified when creating new route
[  365.891477][ T4171] Bluetooth: hci0: Frame reassembly failed (-84)
[  366.346255][T20638] FAULT_INJECTION: forcing a failure.
[  366.346255][T20638] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  366.359607][T20638] CPU: 0 UID: 0 PID: 20638 Comm: syz.6.5746 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  366.359713][T20638] Tainted: [W]=WARN
[  366.359721][T20638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  366.359782][T20638] Call Trace:
[  366.359790][T20638]  <TASK>
[  366.359798][T20638]  __dump_stack+0x1d/0x30
[  366.359821][T20638]  dump_stack_lvl+0xe8/0x140
[  366.359842][T20638]  dump_stack+0x15/0x1b
[  366.359859][T20638]  should_fail_ex+0x265/0x280
[  366.359910][T20638]  should_fail_alloc_page+0xf2/0x100
[  366.359929][T20638]  __alloc_frozen_pages_noprof+0xff/0x360
[  366.359953][T20638]  alloc_pages_mpol+0xb3/0x260
[  366.359977][T20638]  alloc_pages_noprof+0x90/0x130
[  366.360009][T20638]  get_free_pages_noprof+0xc/0x40
[  366.360032][T20638]  selinux_genfs_get_sid+0x33/0x180
[  366.360125][T20638]  inode_doinit_with_dentry+0x5fe/0x7a0
[  366.360153][T20638]  selinux_d_instantiate+0x27/0x40
[  366.360228][T20638]  security_d_instantiate+0x7a/0xa0
[  366.360258][T20638]  d_instantiate+0x3f/0x80
[  366.360280][T20638]  __debugfs_create_file+0x1c1/0x330
[  366.360319][T20638]  debugfs_create_file_full+0x3f/0x60
[  366.360344][T20638]  ? __pfx_ppp_setup+0x10/0x10
[  366.360413][T20638]  ref_tracker_dir_debugfs+0x100/0x1e0
[  366.360571][T20638]  alloc_netdev_mqs+0x1a7/0xa40
[  366.360642][T20638]  rtnl_create_link+0x239/0x6e0
[  366.360673][T20638]  rtnl_newlink_create+0x14c/0x620
[  366.360694][T20638]  ? security_capable+0x83/0x90
[  366.360741][T20638]  rtnl_newlink+0xf5b/0x1360
[  366.360773][T20638]  ? __memcg_slab_free_hook+0x135/0x230
[  366.360847][T20638]  ? __rcu_read_unlock+0x4f/0x70
[  366.360876][T20638]  ? avc_has_perm_noaudit+0x1b1/0x200
[  366.361040][T20638]  ? cred_has_capability+0x210/0x280
[  366.361067][T20638]  ? selinux_capable+0x31/0x40
[  366.361157][T20638]  ? security_capable+0x83/0x90
[  366.361229][T20638]  ? ns_capable+0x7d/0xb0
[  366.361256][T20638]  ? __pfx_rtnl_newlink+0x10/0x10
[  366.361276][T20638]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  366.361305][T20638]  netlink_rcv_skb+0x123/0x220
[  366.361452][T20638]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  366.361475][T20638]  rtnetlink_rcv+0x1c/0x30
[  366.361523][T20638]  netlink_unicast+0x5c0/0x690
[  366.361612][T20638]  netlink_sendmsg+0x58b/0x6b0
[  366.361642][T20638]  ? __pfx_netlink_sendmsg+0x10/0x10
[  366.361685][T20638]  __sock_sendmsg+0x145/0x180
[  366.361704][T20638]  ____sys_sendmsg+0x31e/0x4a0
[  366.361852][T20638]  ___sys_sendmsg+0x17b/0x1d0
[  366.361892][T20638]  __x64_sys_sendmsg+0xd4/0x160
[  366.361926][T20638]  x64_sys_call+0x17ba/0x3000
[  366.361977][T20638]  do_syscall_64+0xd8/0x2a0
[  366.362011][T20638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.362030][T20638] RIP: 0033:0x7ff0a3f1f749
[  366.362042][T20638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.362057][T20638] RSP: 002b:00007ff0a297f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  366.362092][T20638] RAX: ffffffffffffffda RBX: 00007ff0a4175fa0 RCX: 00007ff0a3f1f749
[  366.362116][T20638] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005
[  366.362178][T20638] RBP: 00007ff0a297f090 R08: 0000000000000000 R09: 0000000000000000
[  366.362252][T20638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  366.362262][T20638] R13: 00007ff0a4176038 R14: 00007ff0a4175fa0 R15: 00007ffdc3e24a28
[  366.362278][T20638]  </TASK>
[  366.783821][T20660] sd 0:0:1:0: device reset
[  366.803423][ T4154] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  366.823929][T20658] loop4: detected capacity change from 0 to 2048
[  366.862822][T20658] Alternate GPT is invalid, using primary GPT.
[  366.869200][T20658]  loop4: p1 p2 p3
[  366.872936][T20658] loop4: partition table partially beyond EOD, truncated
[  366.943333][T20670] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5757'.
[  367.012340][T20673] lo speed is unknown, defaulting to 1000
[  367.025153][T20673] lo speed is unknown, defaulting to 1000
[  367.453851][T20684] IPv6: NLM_F_CREATE should be specified when creating new route
[  367.475882][T20686] FAULT_INJECTION: forcing a failure.
[  367.475882][T20686] name failslab, interval 1, probability 0, space 0, times 0
[  367.488622][T20686] CPU: 1 UID: 0 PID: 20686 Comm: syz.2.5762 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  367.488654][T20686] Tainted: [W]=WARN
[  367.488661][T20686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  367.488747][T20686] Call Trace:
[  367.488754][T20686]  <TASK>
[  367.488762][T20686]  __dump_stack+0x1d/0x30
[  367.488832][T20686]  dump_stack_lvl+0xe8/0x140
[  367.488852][T20686]  dump_stack+0x15/0x1b
[  367.488871][T20686]  should_fail_ex+0x265/0x280
[  367.488920][T20686]  ? p9_client_create+0x59/0xb90
[  367.488959][T20686]  should_failslab+0x8c/0xb0
[  367.488980][T20686]  __kmalloc_cache_noprof+0x4c/0x4a0
[  367.489022][T20686]  p9_client_create+0x59/0xb90
[  367.489043][T20686]  ? should_failslab+0x8c/0xb0
[  367.489064][T20686]  ? __kmalloc_node_track_caller_noprof+0x399/0x580
[  367.489087][T20686]  ? v9fs_session_init+0x78/0xde0
[  367.489195][T20686]  v9fs_session_init+0xf7/0xde0
[  367.489222][T20686]  ? avc_has_perm_noaudit+0x1b1/0x200
[  367.489295][T20686]  ? should_fail_ex+0xdb/0x280
[  367.489322][T20686]  ? v9fs_mount+0x51/0x5c0
[  367.489392][T20686]  ? should_failslab+0x8c/0xb0
[  367.489539][T20686]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  367.489600][T20686]  v9fs_mount+0x67/0x5c0
[  367.489629][T20686]  ? selinux_capable+0x31/0x40
[  367.489646][T20686]  ? __pfx_v9fs_mount+0x10/0x10
[  367.489775][T20686]  legacy_get_tree+0x78/0xd0
[  367.489796][T20686]  vfs_get_tree+0x57/0x1d0
[  367.489815][T20686]  do_new_mount+0x24d/0x6a0
[  367.489833][T20686]  ? security_capable+0x83/0x90
[  367.489876][T20686]  path_mount+0x4ab/0xb80
[  367.489894][T20686]  ? user_path_at+0xbf/0x130
[  367.489921][T20686]  __se_sys_mount+0x28c/0x2e0
[  367.489941][T20686]  ? fput+0x8f/0xc0
[  367.490042][T20686]  __x64_sys_mount+0x67/0x80
[  367.490088][T20686]  x64_sys_call+0x2cca/0x3000
[  367.490110][T20686]  do_syscall_64+0xd8/0x2a0
[  367.490143][T20686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.490165][T20686] RIP: 0033:0x7fec0f91f749
[  367.490180][T20686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.490270][T20686] RSP: 002b:00007fec0e37f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  367.490290][T20686] RAX: ffffffffffffffda RBX: 00007fec0fb75fa0 RCX: 00007fec0f91f749
[  367.490303][T20686] RDX: 0000200000000080 RSI: 0000200000000300 RDI: 0000000000000000
[  367.490316][T20686] RBP: 00007fec0e37f090 R08: 00002000000004c0 R09: 0000000000000000
[  367.490384][T20686] R10: 0000000000804000 R11: 0000000000000246 R12: 0000000000000002
[  367.490396][T20686] R13: 00007fec0fb76038 R14: 00007fec0fb75fa0 R15: 00007fff00b065b8
[  367.490415][T20686]  </TASK>
[  367.779564][   T29] kauditd_printk_skb: 559 callbacks suppressed
[  367.779577][   T29] audit: type=1326 audit(367.806:48120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.808824][   T29] audit: type=1326 audit(367.806:48121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.872893][T20694] loop2: detected capacity change from 0 to 1024
[  367.885958][   T29] audit: type=1326 audit(367.806:48122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.909338][   T29] audit: type=1326 audit(367.806:48123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.932328][   T29] audit: type=1326 audit(367.806:48124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.932617][ T4154] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  367.955420][   T29] audit: type=1326 audit(367.806:48125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  367.975164][ T3617] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  367.988350][   T29] audit: type=1326 audit(367.806:48126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  368.017387][   T29] audit: type=1326 audit(367.806:48127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  368.040230][   T29] audit: type=1326 audit(367.806:48128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  368.063194][   T29] audit: type=1326 audit(367.806:48129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20688 comm="syz.1.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffacc82f749 code=0x7ffc0000
[  368.113380][T20708] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5770'.
[  368.122727][T20704] loop6: detected capacity change from 0 to 2048
[  368.137407][T20704] Alternate GPT is invalid, using primary GPT.
[  368.143804][T20704]  loop6: p1 p2 p3
[  368.147507][T20704] loop6: partition table partially beyond EOD, truncated
[  368.432902][T20730] netlink: 96 bytes leftover after parsing attributes in process `syz.6.5778'.
[  368.512205][T20736] 0ªî{X¹¦: left allmulticast mode
[  368.512368][ T4146] Bluetooth: hci0: Frame reassembly failed (-84)
[  368.585015][T20740] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20740 comm=syz.4.5782
[  368.600445][T20740] FAULT_INJECTION: forcing a failure.
[  368.600445][T20740] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.613590][T20740] CPU: 0 UID: 0 PID: 20740 Comm: syz.4.5782 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  368.613670][T20740] Tainted: [W]=WARN
[  368.613681][T20740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  368.613697][T20740] Call Trace:
[  368.613708][T20740]  <TASK>
[  368.613720][T20740]  __dump_stack+0x1d/0x30
[  368.613747][T20740]  dump_stack_lvl+0xe8/0x140
[  368.613823][T20740]  dump_stack+0x15/0x1b
[  368.613878][T20740]  should_fail_ex+0x265/0x280
[  368.613910][T20740]  should_fail+0xb/0x20
[  368.613938][T20740]  should_fail_usercopy+0x1a/0x20
[  368.614002][T20740]  _copy_to_user+0x20/0xa0
[  368.614026][T20740]  simple_read_from_buffer+0xb5/0x130
[  368.614140][T20740]  proc_fail_nth_read+0x10e/0x150
[  368.614170][T20740]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  368.614209][T20740]  vfs_read+0x1a8/0x770
[  368.614242][T20740]  ? __rcu_read_unlock+0x4f/0x70
[  368.614283][T20740]  ? __fget_files+0x184/0x1c0
[  368.614318][T20740]  ? mutex_lock+0x58/0x90
[  368.614342][T20740]  ksys_read+0xda/0x1a0
[  368.614436][T20740]  __x64_sys_read+0x40/0x50
[  368.614456][T20740]  x64_sys_call+0x2889/0x3000
[  368.614516][T20740]  do_syscall_64+0xd8/0x2a0
[  368.614542][T20740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.614631][T20740] RIP: 0033:0x7f02e3b9e15c
[  368.614647][T20740] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  368.614665][T20740] RSP: 002b:00007f02e2607030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  368.614689][T20740] RAX: ffffffffffffffda RBX: 00007f02e3df5fa0 RCX: 00007f02e3b9e15c
[  368.614702][T20740] RDX: 000000000000000f RSI: 00007f02e26070a0 RDI: 0000000000000009
[  368.614716][T20740] RBP: 00007f02e2607090 R08: 0000000000000000 R09: 0000000000000000
[  368.614729][T20740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.614741][T20740] R13: 00007f02e3df6038 R14: 00007f02e3df5fa0 R15: 00007fff8ed17b18
[  368.614758][T20740]  </TASK>
[  368.833101][T20738] SELinux: failed to load policy
[  368.891406][T20752] IPv6: NLM_F_CREATE should be specified when creating new route
[  368.905099][T20752] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20752 comm=ÿ
[  368.943991][T20756] loop4: detected capacity change from 0 to 128
[  368.951589][T20756] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  369.020284][T20763] loop6: detected capacity change from 0 to 512
[  369.039759][T20763] EXT4-fs error (device loop6): ext4_xattr_inode_iget:441: inode #18: comm syz.6.5781: iget: bad extra_isize 90 (inode size 256)
[  369.056829][T20770] serio: Serial port ttyS3
[  369.061707][T20763] EXT4-fs (loop6): Remounting filesystem read-only
[  369.068411][T20763] EXT4-fs warning (device loop6): ext4_evict_inode:273: xattr delete (err -30)
[  369.077387][T20763] EXT4-fs (loop6): 1 orphan inode deleted
[  369.083794][T20763] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  369.096823][T20763] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.116914][T20773] loop5: detected capacity change from 0 to 1764
[  369.129198][T20773] isofs: isofs_export_get_parent(): child directory not normalized!
[  369.219778][T20784] futex_wake_op: syz.4.5797 tries to shift op by 35; fix this program
[  369.306055][ T4147] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  369.338633][T20793] netlink: 14 bytes leftover after parsing attributes in process `syz.6.5799'.
[  369.470742][T20805] FAULT_INJECTION: forcing a failure.
[  369.470742][T20805] name failslab, interval 1, probability 0, space 0, times 0
[  369.483476][T20805] CPU: 0 UID: 0 PID: 20805 Comm: syz.2.5803 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  369.483495][T20805] Tainted: [W]=WARN
[  369.483499][T20805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  369.483558][T20805] Call Trace:
[  369.483565][T20805]  <TASK>
[  369.483570][T20805]  __dump_stack+0x1d/0x30
[  369.483584][T20805]  dump_stack_lvl+0xe8/0x140
[  369.483659][T20805]  dump_stack+0x15/0x1b
[  369.483669][T20805]  should_fail_ex+0x265/0x280
[  369.483763][T20805]  should_failslab+0x8c/0xb0
[  369.483776][T20805]  kmem_cache_alloc_noprof+0x50/0x480
[  369.483815][T20805]  ? security_file_alloc+0x32/0x100
[  369.483839][T20805]  security_file_alloc+0x32/0x100
[  369.483851][T20805]  init_file+0x5c/0x1c0
[  369.483937][T20805]  alloc_empty_file+0x8b/0x200
[  369.484026][T20805]  alloc_file_pseudo+0xc6/0x160
[  369.484040][T20805]  __shmem_file_setup+0x1de/0x210
[  369.484055][T20805]  shmem_file_setup+0x3b/0x50
[  369.484120][T20805]  __se_sys_memfd_create+0x2ef/0x5f0
[  369.484204][T20805]  __x64_sys_memfd_create+0x31/0x40
[  369.484220][T20805]  x64_sys_call+0x28cb/0x3000
[  369.484310][T20805]  do_syscall_64+0xd8/0x2a0
[  369.484413][T20805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.484428][T20805] RIP: 0033:0x7fec0f91f749
[  369.484443][T20805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.484461][T20805] RSP: 002b:00007fec0e37ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  369.484478][T20805] RAX: ffffffffffffffda RBX: 0000000000000620 RCX: 00007fec0f91f749
[  369.484526][T20805] RDX: 00007fec0e37eef0 RSI: 0000000000000000 RDI: 00007fec0f9a4960
[  369.484534][T20805] RBP: 0000200000001680 R08: 00007fec0e37ebb7 R09: 00007fec0e37ee40
[  369.484540][T20805] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[  369.484547][T20805] R13: 00007fec0e37eef0 R14: 00007fec0e37eeb0 R15: 0000200000000640
[  369.484558][T20805]  </TASK>
[  369.725338][T20812] loop5: detected capacity change from 0 to 1024
[  369.732149][T20812] EXT4-fs: Ignoring removed nobh option
[  369.737901][T20812] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  369.746780][T20812] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  369.756499][T20812] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.5806: inode #4294967295: comm syz.5.5806: iget: illegal inode #
[  369.770607][T20812] EXT4-fs (loop5): no journal found
[  369.775794][T20812] EXT4-fs (loop5): can't get journal size
[  369.782411][T20812] EXT4-fs (loop5): failed to initialize system zone (-22)
[  369.789853][T20812] EXT4-fs (loop5): mount failed
[  369.799090][T20812] netlink: 'syz.5.5806': attribute type 13 has an invalid length.
[  369.858877][T20817] loop5: detected capacity change from 0 to 1024
[  369.865756][T20817] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  370.077876][T20825] futex_wake_op: syz.4.5810 tries to shift op by 144; fix this program
[  370.189210][T20832] loop6: detected capacity change from 0 to 1024
[  370.196119][T20832] ext4: Unknown parameter 'uid>00000000000000000000'
[  370.396538][T20825] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  370.448325][T20840] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.453125][T20842] 9p: Unknown Cache mode or invalid value m
[  370.461707][T20839] tipc: Resetting bearer <eth:syzkaller0>
[  370.475159][T20839] tipc: Disabling bearer <eth:syzkaller0>
[  370.559354][ T3713] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  370.604686][T20850] loop1: detected capacity change from 0 to 1764
[  370.612589][T20850] isofs: isofs_export_get_parent(): child directory not normalized!
[  370.648214][T20852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5818'.
[  370.665574][T20848] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.680544][T20847] tipc: Resetting bearer <eth:syzkaller0>
[  370.708146][T20847] tipc: Disabling bearer <eth:syzkaller0>
[  370.836369][T20871] loop1: detected capacity change from 0 to 256
[  370.854378][T20871] FAT-fs (loop1): Directory bread(block 64) failed
[  370.861090][T20871] FAT-fs (loop1): Directory bread(block 65) failed
[  370.863550][T20875] loop4: detected capacity change from 0 to 128
[  370.867740][T20871] FAT-fs (loop1): Directory bread(block 66) failed
[  370.883922][T20871] FAT-fs (loop1): Directory bread(block 67) failed
[  370.890720][T20871] FAT-fs (loop1): Directory bread(block 68) failed
[  370.895645][T20874] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.897434][T20871] FAT-fs (loop1): Directory bread(block 69) failed
[  370.912013][T20871] FAT-fs (loop1): Directory bread(block 70) failed
[  370.919439][T20872] tipc: Resetting bearer <eth:syzkaller0>
[  370.920829][T20871] FAT-fs (loop1): Directory bread(block 71) failed
[  370.931377][T20875] FAT-fs (loop4): Directory bread(block 162) failed
[  370.938392][T20875] FAT-fs (loop4): Directory bread(block 163) failed
[  370.948984][T20872] tipc: Disabling bearer <eth:syzkaller0>
[  370.954943][T20871] FAT-fs (loop1): Directory bread(block 72) failed
[  370.961501][T20871] FAT-fs (loop1): Directory bread(block 73) failed
[  370.979155][T20875] FAT-fs (loop4): Directory bread(block 164) failed
[  370.985768][T20875] FAT-fs (loop4): Directory bread(block 165) failed
[  370.992532][T20875] FAT-fs (loop4): Directory bread(block 166) failed
[  370.999191][T20875] FAT-fs (loop4): Directory bread(block 167) failed
[  371.005864][T20875] FAT-fs (loop4): Directory bread(block 168) failed
[  371.030170][T20875] FAT-fs (loop4): Directory bread(block 169) failed
[  371.041488][T20875] FAT-fs (loop4): Directory bread(block 162) failed
[  371.048595][T20875] FAT-fs (loop4): Directory bread(block 163) failed
[  371.055699][T20875] syz.4.5828: attempt to access beyond end of device
[  371.055699][T20875] loop4: rw=3, sector=226, nr_sectors = 6 limit=128
[  371.068887][T20875] syz.4.5828: attempt to access beyond end of device
[  371.068887][T20875] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128
[  371.094943][T20871] syz.1.5826: attempt to access beyond end of device
[  371.094943][T20871] loop1: rw=0, sector=1736, nr_sectors = 8 limit=256
[  371.144130][T20883] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5830'.
[  371.184508][T20896] netlink: 68 bytes leftover after parsing attributes in process `syz.2.5834'.
[  371.250074][T20905] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5837'.
[  371.288218][T20909] futex_wake_op: syz.1.5839 tries to shift op by 35; fix this program
[  371.825001][T20917] tipc: Started in network mode
[  371.829928][T20917] tipc: Node identity 3acc53315056, cluster identity 4711
[  371.837189][T20917] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  371.845536][T20916] tipc: Resetting bearer <eth:syzkaller0>
[  371.860718][T20916] tipc: Disabling bearer <eth:syzkaller0>
[  372.112975][T20927] loop2: detected capacity change from 0 to 1764
[  372.121048][T20927] isofs: isofs_export_get_parent(): child directory not normalized!
[  372.156467][T20928] loop6: detected capacity change from 0 to 512
[  372.181818][T20928] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  372.213924][T20928] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4193: comm syz.6.5842: Allocating blocks 41-42 which overlap fs metadata
[  372.243390][T20923] lo speed is unknown, defaulting to 1000
[  372.249491][T20928] EXT4-fs error (device loop6): ext4_acquire_dquot:6945: comm syz.6.5842: Failed to acquire dquot type 1
[  372.252260][T20923] lo speed is unknown, defaulting to 1000
[  372.267353][T20928] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  372.282199][T20928] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #12: comm syz.6.5842: corrupted inode contents
[  372.294480][T20928] EXT4-fs error (device loop6): ext4_dirty_inode:6513: inode #12: comm syz.6.5842: mark_inode_dirty error
[  372.306125][T20928] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #12: comm syz.6.5842: corrupted inode contents
[  372.318293][T20928] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #12: comm syz.6.5842: mark_inode_dirty error
[  372.329923][T20928] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #12: comm syz.6.5842: corrupted inode contents
[  372.342044][T20928] EXT4-fs error (device loop6) in ext4_orphan_del:301: Corrupt filesystem
[  372.350849][T20928] EXT4-fs error (device loop6): ext4_do_update_inode:5628: inode #12: comm syz.6.5842: corrupted inode contents
[  372.363142][T20928] EXT4-fs error (device loop6): ext4_truncate:4633: inode #12: comm syz.6.5842: mark_inode_dirty error
[  372.374522][T20928] EXT4-fs error (device loop6) in ext4_process_orphan:343: Corrupt filesystem
[  372.385945][T20928] EXT4-fs (loop6): 1 truncate cleaned up
[  372.392164][T20928] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.447797][T20959] loop2: detected capacity change from 0 to 1024
[  372.462503][T20923] chnl_net:caif_netlink_parms(): no params data found
[  372.509518][T20966] loop5: detected capacity change from 0 to 128
[  372.512743][T20959] EXT4-fs: Ignoring removed oldalloc option
[  372.516650][T20966] FAT-fs (loop5): Directory bread(block 162) failed
[  372.533290][T20966] FAT-fs (loop5): Directory bread(block 163) failed
[  372.540866][T20923] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.546033][T20961] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5853'.
[  372.547922][T20923] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.564057][T20959] EXT4-fs: Ignoring removed nomblk_io_submit option
[  372.569067][T20966] FAT-fs (loop5): Directory bread(block 164) failed
[  372.577387][T20966] FAT-fs (loop5): Directory bread(block 165) failed
[  372.584059][T20966] FAT-fs (loop5): Directory bread(block 166) failed
[  372.590855][T20966] FAT-fs (loop5): Directory bread(block 167) failed
[  372.597730][T20966] FAT-fs (loop5): Directory bread(block 168) failed
[  372.597882][T20923] bridge_slave_0: entered allmulticast mode
[  372.605167][T20966] FAT-fs (loop5): Directory bread(block 169) failed
[  372.625778][T20923] bridge_slave_0: entered promiscuous mode
[  372.632740][T20966] FAT-fs (loop5): Directory bread(block 162) failed
[  372.633666][T20923] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.646515][T20923] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.653596][T20966] FAT-fs (loop5): Directory bread(block 163) failed
[  372.654014][T20923] bridge_slave_1: entered allmulticast mode
[  372.660840][T20959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  372.666565][T20923] bridge_slave_1: entered promiscuous mode
[  372.699557][T20966] syz.5.5854: attempt to access beyond end of device
[  372.699557][T20966] loop5: rw=3, sector=226, nr_sectors = 6 limit=128
[  372.712845][T20966] syz.5.5854: attempt to access beyond end of device
[  372.712845][T20966] loop5: rw=2051, sector=232, nr_sectors = 2 limit=128
[  372.740866][T20923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  372.760088][T20013] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.769691][ T4171] bridge_slave_1: left allmulticast mode
[  372.775466][ T4171] bridge_slave_1: left promiscuous mode
[  372.781235][ T4171] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.795815][ T4171] bridge_slave_0: left allmulticast mode
[  372.796039][T20972] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5855'.
[  372.801528][ T4171] bridge_slave_0: left promiscuous mode
[  372.816199][ T4171] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.824925][T20974] loop5: detected capacity change from 0 to 1764
[  372.840657][T20974] isofs: isofs_export_get_parent(): child directory not normalized!
[  372.865742][T20976] FAULT_INJECTION: forcing a failure.
[  372.865742][T20976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.878812][T20976] CPU: 0 UID: 0 PID: 20976 Comm: syz.5.5857 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  372.878900][T20976] Tainted: [W]=WARN
[  372.878906][T20976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  372.878916][T20976] Call Trace:
[  372.878922][T20976]  <TASK>
[  372.878930][T20976]  __dump_stack+0x1d/0x30
[  372.878958][T20976]  dump_stack_lvl+0xe8/0x140
[  372.879058][T20976]  dump_stack+0x15/0x1b
[  372.879072][T20976]  should_fail_ex+0x265/0x280
[  372.879099][T20976]  should_fail+0xb/0x20
[  372.879125][T20976]  should_fail_usercopy+0x1a/0x20
[  372.879161][T20976]  _copy_from_user+0x1c/0xb0
[  372.879181][T20976]  ___sys_sendmsg+0xc1/0x1d0
[  372.879221][T20976]  __x64_sys_sendmsg+0xd4/0x160
[  372.879329][T20976]  x64_sys_call+0x17ba/0x3000
[  372.879347][T20976]  do_syscall_64+0xd8/0x2a0
[  372.879396][T20976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.879417][T20976] RIP: 0033:0x7f39bffbf749
[  372.879432][T20976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.879447][T20976] RSP: 002b:00007f39bea1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  372.879527][T20976] RAX: ffffffffffffffda RBX: 00007f39c0215fa0 RCX: 00007f39bffbf749
[  372.879540][T20976] RDX: 0000000000040080 RSI: 0000200000000740 RDI: 0000000000000003
[  372.879553][T20976] RBP: 00007f39bea1f090 R08: 0000000000000000 R09: 0000000000000000
[  372.879566][T20976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.879580][T20976] R13: 00007f39c0216038 R14: 00007f39c0215fa0 R15: 00007ffdf1e9a788
[  372.879595][T20976]  </TASK>
[  372.948612][   T29] kauditd_printk_skb: 715 callbacks suppressed
[  372.948626][   T29] audit: type=1400 audit(2000000001.790:48842): avc:  denied  { create } for  pid=20958 comm="syz.2.5852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  373.070055][   T29] audit: type=1400 audit(2000000001.810:48843): avc:  denied  { write } for  pid=20958 comm="syz.2.5852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  373.117155][   T29] audit: type=1400 audit(2000000001.960:48844): avc:  denied  { write } for  pid=20978 comm="syz.5.5858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  373.137028][T20979] loop5: detected capacity change from 0 to 164
[  373.144013][T20979] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  373.152807][T20979] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  373.173201][T20979] Symlink component flag not implemented
[  373.178861][T20979] Symlink component flag not implemented
[  373.193897][T20979] Symlink component flag not implemented (7)
[  373.199973][T20979] Symlink component flag not implemented (116)
[  373.207503][ T4171] bond1 (unregistering): Released all slaves
[  373.223345][T20923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  373.235102][T20979] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5858'.
[  373.276357][T20979] bridge_slave_1: left allmulticast mode
[  373.282091][T20979] bridge_slave_1: left promiscuous mode
[  373.287749][T20979] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.296796][T20979] bridge_slave_0: left promiscuous mode
[  373.302563][T20979] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.320463][T20984] 9p: Unknown Cache mode or invalid value m
[  373.343557][   T29] audit: type=1400 audit(2000000002.190:48845): avc:  denied  { connect } for  pid=20985 comm="syz.6.5860" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  373.364841][   T29] audit: type=1400 audit(2000000002.190:48846): avc:  denied  { write } for  pid=20985 comm="syz.6.5860" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  373.395083][ T4171] tipc: Left network mode
[  373.405221][T20982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5852'.
[  373.416882][T20923] team0: Port device team_slave_0 added
[  373.441661][ T4171] hsr_slave_0: left promiscuous mode
[  373.457348][   T29] audit: type=1326 audit(2000000002.300:48847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20995 comm="syz.6.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  373.481280][   T29] audit: type=1326 audit(2000000002.300:48848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20995 comm="syz.6.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  373.504728][   T29] audit: type=1326 audit(2000000002.300:48849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20995 comm="syz.6.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  373.528330][   T29] audit: type=1326 audit(2000000002.300:48850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20995 comm="syz.6.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  373.551873][   T29] audit: type=1326 audit(2000000002.300:48851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20995 comm="syz.6.5864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  373.575502][ T4171] hsr_slave_1: left promiscuous mode
[  373.581562][ T4171] batman_adv: batadv0: Removing interface: batadv_slave_0
[  373.581675][T12900] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.598071][ T4171] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.639900][ T4171] team0 (unregistering): Port device team_slave_1 removed
[  373.657806][ T4171] team0 (unregistering): Port device team_slave_0 removed
[  373.696042][T20923] team0: Port device team_slave_1 added
[  373.704304][ T1037] lo speed is unknown, defaulting to 1000
[  373.710081][ T1037] infiniband syz2: ib_query_port failed (-19)
[  373.725366][T20923] batman_adv: batadv0: Adding interface: batadv_slave_0
[  373.732460][T20923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  373.758485][T20923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  373.772139][T20923] batman_adv: batadv0: Adding interface: batadv_slave_1
[  373.779141][T20923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  373.805189][T20923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  373.808252][T21013] loop5: detected capacity change from 0 to 512
[  373.830002][T20923] hsr_slave_0: entered promiscuous mode
[  373.836062][T20923] hsr_slave_1: entered promiscuous mode
[  373.843589][T21013] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.856574][T21013] ext4 filesystem being mounted at /425/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  373.866196][T21004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.870182][T21013] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #2: comm syz.5.5871: corrupted inode contents
[  373.875980][T21004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.887534][T21013] EXT4-fs error (device loop5): ext4_dirty_inode:6513: inode #2: comm syz.5.5871: mark_inode_dirty error
[  373.914767][T21013] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #2: comm syz.5.5871: corrupted inode contents
[  373.926998][T21013] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.5871: mark_inode_dirty error
[  373.963512][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.175965][T21027] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5875'.
[  374.184955][T21027] 0ªî{X¹¦: renamed from 
31ªî{X¹¦
[  374.191384][T21027] 0ªî{X¹¦: entered allmulticast mode
[  374.197279][T21027] net_ratelimit: 59 callbacks suppressed
[  374.197291][T21027] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  374.240792][T20923] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  374.249187][T20923] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  374.257386][T20923] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  374.265786][T20923] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  374.302783][T20923] 8021q: adding VLAN 0 to HW filter on device bond0
[  374.317408][T21037] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5877'.
[  374.317491][T20923] 8021q: adding VLAN 0 to HW filter on device team0
[  374.335726][ T4171] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.342868][ T4171] bridge0: port 1(bridge_slave_0) entered forwarding state
[  374.355151][ T4157] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.362289][ T4157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.420929][T20923] 8021q: adding VLAN 0 to HW filter on device batadv0
[  374.443799][T21049] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5879'.
[  374.482871][T21054] netlink: 'syz.6.5881': attribute type 3 has an invalid length.
[  374.609671][T20923] veth0_vlan: entered promiscuous mode
[  374.618810][T20923] veth1_vlan: entered promiscuous mode
[  374.663450][T20923] veth0_macvtap: entered promiscuous mode
[  374.682356][T20923] veth1_macvtap: entered promiscuous mode
[  374.687668][T21083] loop6: detected capacity change from 0 to 1764
[  374.707338][T20923] batman_adv: batadv0: Interface activated: batadv_slave_0
[  374.714869][T21078] loop5: detected capacity change from 0 to 512
[  374.728707][T21078] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  374.728906][T20923] batman_adv: batadv0: Interface activated: batadv_slave_1
[  374.771263][T21078] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.5886: Allocating blocks 41-42 which overlap fs metadata
[  374.786442][ T4154] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  374.806895][ T4154] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  374.810513][T21078] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.5886: Allocating blocks 41-42 which overlap fs metadata
[  374.835664][ T4154] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  374.871711][ T4154] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.872999][T21078] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.5886: Failed to acquire dquot type 1
[  374.916841][T21100] 9p: Unknown Cache mode or invalid value m
[  374.922903][T21078] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  374.960603][T21078] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #12: comm syz.5.5886: corrupted inode contents
[  374.988946][T21078] EXT4-fs error (device loop5): ext4_dirty_inode:6513: inode #12: comm syz.5.5886: mark_inode_dirty error
[  375.000897][T21078] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #12: comm syz.5.5886: corrupted inode contents
[  375.013417][T21078] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #12: comm syz.5.5886: mark_inode_dirty error
[  375.044572][T21078] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #12: comm syz.5.5886: corrupted inode contents
[  375.057596][T21078] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem
[  375.069732][T21078] EXT4-fs error (device loop5): ext4_do_update_inode:5628: inode #12: comm syz.5.5886: corrupted inode contents
[  375.089543][T21078] EXT4-fs error (device loop5): ext4_truncate:4633: inode #12: comm syz.5.5886: mark_inode_dirty error
[  375.103713][T21078] EXT4-fs error (device loop5) in ext4_process_orphan:343: Corrupt filesystem
[  375.123310][T21078] EXT4-fs (loop5): 1 truncate cleaned up
[  375.136874][T21078] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.166946][T21103] lo speed is unknown, defaulting to 1000
[  375.242827][T21103] chnl_net:caif_netlink_parms(): no params data found
[  375.279180][T21103] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.286247][T21103] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.293557][T21103] bridge_slave_0: entered allmulticast mode
[  375.300083][T21103] bridge_slave_0: entered promiscuous mode
[  375.306864][T21103] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.314055][T21103] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.321583][T21103] bridge_slave_1: entered allmulticast mode
[  375.328227][T21103] bridge_slave_1: entered promiscuous mode
[  375.345051][T21103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.355366][T21103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.374659][T21103] team0: Port device team_slave_0 added
[  375.381208][T21103] team0: Port device team_slave_1 added
[  375.396088][T21103] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.403083][T21103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  375.429034][T21103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.440666][T21103] batman_adv: batadv0: Adding interface: batadv_slave_1
[  375.447607][T21103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  375.473575][T21103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  375.485216][T14580] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.503688][T21103] hsr_slave_0: entered promiscuous mode
[  375.510298][T21103] hsr_slave_1: entered promiscuous mode
[  375.516187][T21103] debugfs: 'hsr0' already exists in 'hsr'
[  375.522002][T21103] Cannot create hsr debugfs directory
[  375.767096][T21103] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  375.776354][T21103] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  375.785321][T21103] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  375.794370][T21103] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  375.830236][T21103] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.849254][T21103] 8021q: adding VLAN 0 to HW filter on device team0
[  375.861530][ T4154] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.868640][ T4154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.879231][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.886427][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.917947][   T31] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  375.920472][T21103] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  375.941324][T21141] IPv6: NLM_F_CREATE should be specified when creating new route
[  376.006903][T21103] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.014945][T21158] blktrace: Concurrent blktraces are not allowed on loop12
[  376.128060][T21165] tipc: Started in network mode
[  376.133656][T21165] tipc: Node identity 42948a4556b6, cluster identity 4711
[  376.140981][T21165] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  376.152092][T21173] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5909'.
[  376.179154][T21163] tipc: Resetting bearer <eth:syzkaller0>
[  376.204740][T21163] tipc: Disabling bearer <eth:syzkaller0>
[  376.213907][T21103] veth0_vlan: entered promiscuous mode
[  376.226686][T21103] veth1_vlan: entered promiscuous mode
[  376.238920][T21181] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5912'.
[  376.251143][T21103] veth0_macvtap: entered promiscuous mode
[  376.267681][T21103] veth1_macvtap: entered promiscuous mode
[  376.278115][T21181] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  376.286401][T21181] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  376.306394][T21103] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.318105][T21103] batman_adv: batadv0: Interface activated: batadv_slave_1
[  376.340378][ T4148] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.360375][ T4148] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.384812][ T4148] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  376.404042][ T4148] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  376.517624][T21198] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  376.544153][T21190] tipc: Resetting bearer <eth:syzkaller0>
[  376.551436][T21200] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5918'.
[  376.574161][T21190] tipc: Disabling bearer <eth:syzkaller0>
[  376.606999][T21200] 0ªî{X¹¦: renamed from gretap0
[  376.626133][T21200] 0ªî{X¹¦: entered allmulticast mode
[  376.640262][T21200] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  376.680829][T21208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5920'.
[  376.689923][T21208] netlink: 9 bytes leftover after parsing attributes in process `syz.1.5920'.
[  376.701285][T21208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5920'.
[  376.797985][T21213] loop1: detected capacity change from 0 to 1024
[  376.839800][T21213] EXT4-fs: Ignoring removed orlov option
[  376.859291][T21213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.880331][T21218] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  376.891064][T21225] netlink: 5 bytes leftover after parsing attributes in process `syz.4.5925'.
[  376.900283][T21225] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  376.909952][T21225] 0ªî{X¹¦: entered allmulticast mode
[  376.919745][T21225] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  377.058368][T21231] 9p: Unknown Cache mode or invalid value m
[  377.081394][T21235] loop6: detected capacity change from 0 to 128
[  377.138383][ T4154] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6
[  377.180180][T21245] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5932'.
[  377.220151][ T4148] bridge_slave_1: left allmulticast mode
[  377.225910][ T4148] bridge_slave_1: left promiscuous mode
[  377.231648][ T4148] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.266132][ T4148] bridge_slave_0: left allmulticast mode
[  377.271847][ T4148] bridge_slave_0: left promiscuous mode
[  377.277577][ T4148] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.309112][T21254] blktrace: Concurrent blktraces are not allowed on loop8
[  377.405014][T21260] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5937'.
[  377.441000][ T4148] bond0 (unregistering): Released all slaves
[  377.524078][ T4148] tipc: Left network mode
[  377.567267][T21103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.588252][ T4148] hsr_slave_0: left promiscuous mode
[  377.600424][ T4148] hsr_slave_1: left promiscuous mode
[  377.645187][T21270] loop1: detected capacity change from 0 to 1764
[  377.655111][T21270] isofs: isofs_export_get_parent(): child directory not normalized!
[  377.678477][T21275] blktrace: Concurrent blktraces are not allowed on loop12
[  377.724233][T21265] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  377.738270][T21264] tipc: Resetting bearer <eth:syzkaller0>
[  377.752230][T21264] tipc: Disabling bearer <eth:syzkaller0>
[  377.793700][T21272] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  377.805528][T21271] tipc: Resetting bearer <eth:syzkaller0>
[  377.819426][T21271] tipc: Disabling bearer <eth:syzkaller0>
[  377.948330][T21292] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5948'.
[  377.957462][T21292] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  377.964772][T21292] 0ªî{X¹¦: entered allmulticast mode
[  377.970591][T21292] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  378.428094][T21300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.443777][T21300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.097412][   T29] kauditd_printk_skb: 994 callbacks suppressed
[  379.097425][   T29] audit: type=1326 audit(2000000007.940:49842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.176682][   T29] audit: type=1326 audit(2000000007.970:49843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.200308][   T29] audit: type=1326 audit(2000000007.970:49844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.223976][   T29] audit: type=1326 audit(2000000007.980:49845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.247626][   T29] audit: type=1326 audit(2000000007.980:49846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.271179][   T29] audit: type=1326 audit(2000000007.980:49847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.294717][   T29] audit: type=1326 audit(2000000007.980:49848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.318324][   T29] audit: type=1326 audit(2000000007.980:49849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21322 comm="syz.6.5954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0a3f1f749 code=0x7ffc0000
[  379.439545][   T29] audit: type=1326 audit(2000000008.290:49850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21332 comm="syz.1.5957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c3640f749 code=0x7ffc0000
[  379.472148][   T29] audit: type=1326 audit(2000000008.290:49851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21332 comm="syz.1.5957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c3640f749 code=0x7ffc0000
[  379.508312][T21340] loop4: detected capacity change from 0 to 512
[  379.516988][T21340] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.5959: EA inode hash validation failed
[  379.526938][T21316] chnl_net:caif_netlink_parms(): no params data found
[  379.531264][T21340] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #15: comm syz.4.5959: corrupted inode contents
[  379.548645][T21340] EXT4-fs error (device loop4): ext4_dirty_inode:6513: inode #15: comm syz.4.5959: mark_inode_dirty error
[  379.560443][T21340] EXT4-fs error (device loop4): ext4_do_update_inode:5628: inode #15: comm syz.4.5959: corrupted inode contents
[  379.573068][T21340] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.5959: mark_inode_dirty error
[  379.585520][T21340] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.5959: mark inode dirty (error -117)
[  379.598589][T21340] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -117)
[  379.607783][T21340] EXT4-fs (loop4): 1 orphan inode deleted
[  379.613902][T21340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  379.632004][T21316] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.639314][T21316] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.646789][T21316] bridge_slave_0: entered allmulticast mode
[  379.653426][T21316] bridge_slave_0: entered promiscuous mode
[  379.661850][T21316] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.668899][T21316] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.670248][T21334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.676387][T21316] bridge_slave_1: entered allmulticast mode
[  379.684641][T21334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.691341][T21316] bridge_slave_1: entered promiscuous mode
[  379.717501][T21316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.728932][T21316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.753560][T21316] team0: Port device team_slave_0 added
[  379.760840][T21316] team0: Port device team_slave_1 added
[  379.780178][T21316] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.787137][T21316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.813456][T21316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.824557][ T4174] bridge_slave_1: left allmulticast mode
[  379.830321][ T4174] bridge_slave_1: left promiscuous mode
[  379.836077][ T4174] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.844346][ T4174] bridge_slave_0: left allmulticast mode
[  379.849991][ T4174] bridge_slave_0: left promiscuous mode
[  379.855608][ T4174] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.925427][ T4174] bond1 (unregistering): Released all slaves
[  379.933574][ T4174] bond2 (unregistering): Released all slaves
[  379.942221][T21316] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.949259][T21316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.975415][T21316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.001454][T21316] hsr_slave_0: entered promiscuous mode
[  380.007609][T21316] hsr_slave_1: entered promiscuous mode
[  380.013468][T21316] debugfs: 'hsr0' already exists in 'hsr'
[  380.019206][T21316] Cannot create hsr debugfs directory
[  380.024729][ T4174] tipc: Left network mode
[  380.033202][ T4174] hsr_slave_0: left promiscuous mode
[  380.038884][ T4174] hsr_slave_1: left promiscuous mode
[  380.060685][ T4174] team0 (unregistering): Port device team_slave_1 removed
[  380.070273][ T4174] team0 (unregistering): Port device team_slave_0 removed
[  380.354068][T20923] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.411417][T21363] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  380.423696][T21362] tipc: Resetting bearer <eth:syzkaller0>
[  380.431059][T21372] loop4: detected capacity change from 0 to 128
[  380.438635][T21372] FAT-fs (loop4): Directory bread(block 162) failed
[  380.448110][T21372] FAT-fs (loop4): Directory bread(block 163) failed
[  380.454808][T21372] FAT-fs (loop4): Directory bread(block 164) failed
[  380.466951][T21372] FAT-fs (loop4): Directory bread(block 165) failed
[  380.474385][T21372] FAT-fs (loop4): Directory bread(block 166) failed
[  380.474740][T21362] tipc: Disabling bearer <eth:syzkaller0>
[  380.481260][T21372] FAT-fs (loop4): Directory bread(block 167) failed
[  380.493545][T21372] FAT-fs (loop4): Directory bread(block 168) failed
[  380.500724][T21372] FAT-fs (loop4): Directory bread(block 169) failed
[  380.526350][T21374] loop1: detected capacity change from 0 to 512
[  380.550464][T21372] FAT-fs (loop4): Directory bread(block 162) failed
[  380.559450][T21372] FAT-fs (loop4): Directory bread(block 163) failed
[  380.567866][T21372] syz.4.5971: attempt to access beyond end of device
[  380.567866][T21372] loop4: rw=3, sector=226, nr_sectors = 6 limit=128
[  380.583835][T21374] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  380.588301][T21372] syz.4.5971: attempt to access beyond end of device
[  380.588301][T21372] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128
[  380.625983][T21316] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  380.634871][T21316] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  380.643429][T21374] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.5965: Allocating blocks 41-42 which overlap fs metadata
[  380.644231][T21316] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  380.664442][T21374] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.5965: Allocating blocks 41-42 which overlap fs metadata
[  380.678526][T21374] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.5965: Failed to acquire dquot type 1
[  380.680762][T21316] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  380.690480][T21374] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  380.711178][T21374] EXT4-fs error (device loop1): ext4_do_update_inode:5628: inode #12: comm syz.1.5965: corrupted inode contents
[  380.723434][T21374] EXT4-fs error (device loop1): ext4_dirty_inode:6513: inode #12: comm syz.1.5965: mark_inode_dirty error
[  380.735172][T21374] EXT4-fs error (device loop1): ext4_do_update_inode:5628: inode #12: comm syz.1.5965: corrupted inode contents
[  380.742965][T21316] 8021q: adding VLAN 0 to HW filter on device bond0
[  380.753768][T21374] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #12: comm syz.1.5965: mark_inode_dirty error
[  380.759689][T21316] 8021q: adding VLAN 0 to HW filter on device team0
[  380.765360][T21374] EXT4-fs error (device loop1): ext4_do_update_inode:5628: inode #12: comm syz.1.5965: corrupted inode contents
[  380.775455][ T4138] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.790495][ T4138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.799091][T21374] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[  380.807961][T21374] EXT4-fs error (device loop1): ext4_do_update_inode:5628: inode #12: comm syz.1.5965: corrupted inode contents
[  380.810366][T21316] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  380.829442][T21374] EXT4-fs error (device loop1): ext4_truncate:4633: inode #12: comm syz.1.5965: mark_inode_dirty error
[  380.830267][T21316] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  380.842400][T21374] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[  380.855100][ T4138] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.861088][T21374] EXT4-fs (loop1): 1 truncate cleaned up
[  380.867558][ T4138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.873686][T21374] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.934984][T21316] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.001861][T21316] veth0_vlan: entered promiscuous mode
[  381.011125][T21316] veth1_vlan: entered promiscuous mode
[  381.020921][T21103] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.024548][T21316] veth0_macvtap: entered promiscuous mode
[  381.041654][T21316] veth1_macvtap: entered promiscuous mode
[  381.052540][T21316] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.062996][T21316] batman_adv: batadv0: Interface activated: batadv_slave_1
[  381.073951][ T4148] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.085184][ T4148] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.098563][ T4148] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.108620][ T4148] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.141526][T21405] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  381.148605][T21405] 0ªî{X¹¦: entered allmulticast mode
[  381.154496][T21405] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  381.286237][T21413] loop2: detected capacity change from 0 to 512
[  381.293957][T21413] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  381.308551][T21417] loop4: detected capacity change from 0 to 128
[  381.308568][T21402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.323723][T21417] FAT-fs (loop4): Directory bread(block 162) failed
[  381.324453][T21402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.330665][T21417] FAT-fs (loop4): Directory bread(block 163) failed
[  381.339858][T21413] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.5979: Allocating blocks 41-42 which overlap fs metadata
[  381.358950][T21413] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.5979: Allocating blocks 41-42 which overlap fs metadata
[  381.359338][T21417] FAT-fs (loop4): Directory bread(block 164) failed
[  381.373211][T21417] FAT-fs (loop4): Directory bread(block 165) failed
[  381.373234][T21417] FAT-fs (loop4): Directory bread(block 166) failed
[  381.393279][T21417] FAT-fs (loop4): Directory bread(block 167) failed
[  381.400030][T21417] FAT-fs (loop4): Directory bread(block 168) failed
[  381.406865][T21417] FAT-fs (loop4): Directory bread(block 169) failed
[  381.434877][T21417] FAT-fs (loop4): Directory bread(block 162) failed
[  381.442228][T21417] FAT-fs (loop4): Directory bread(block 163) failed
[  381.443213][T21413] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.5979: Failed to acquire dquot type 1
[  381.449368][T21417] syz.4.5981: attempt to access beyond end of device
[  381.449368][T21417] loop4: rw=3, sector=226, nr_sectors = 6 limit=128
[  381.473509][T21417] syz.4.5981: attempt to access beyond end of device
[  381.473509][T21417] loop4: rw=2051, sector=232, nr_sectors = 2 limit=128
[  381.493923][T21424] loop6: detected capacity change from 0 to 128
[  381.511401][T21424] FAT-fs (loop6): Directory bread(block 162) failed
[  381.518040][T21424] FAT-fs (loop6): Directory bread(block 163) failed
[  381.519920][T21413] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  381.540719][T21413] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #12: comm syz.2.5979: corrupted inode contents
[  381.548441][T21424] FAT-fs (loop6): Directory bread(block 164) failed
[  381.559441][T21413] EXT4-fs error (device loop2): ext4_dirty_inode:6513: inode #12: comm syz.2.5979: mark_inode_dirty error
[  381.571472][T21413] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #12: comm syz.2.5979: corrupted inode contents
[  381.579665][T21424] FAT-fs (loop6): Directory bread(block 165) failed
[  381.583983][T21413] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.5979: mark_inode_dirty error
[  381.598195][T21424] FAT-fs (loop6): Directory bread(block 166) failed
[  381.607579][T21413] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #12: comm syz.2.5979: corrupted inode contents
[  381.607918][T21424] FAT-fs (loop6): Directory bread(block 167) failed
[  381.627276][T21413] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem
[  381.628361][T21424] FAT-fs (loop6): Directory bread(block 168) failed
[  381.636806][T21413] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #12: comm syz.2.5979: corrupted inode contents
[  381.642514][T21424] FAT-fs (loop6): Directory bread(block 169) failed
[  381.649103][T21424] FAT-fs (loop6): Directory bread(block 162) failed
[  381.655224][T21413] EXT4-fs error (device loop2): ext4_truncate:4633: inode #12: comm syz.2.5979: mark_inode_dirty error
[  381.661177][T21424] FAT-fs (loop6): Directory bread(block 163) failed
[  381.677090][T21413] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem
[  381.679110][T21424] syz.6.5983: attempt to access beyond end of device
[  381.679110][T21424] loop6: rw=3, sector=226, nr_sectors = 6 limit=128
[  381.687936][T21413] EXT4-fs (loop2): 1 truncate cleaned up
[  381.696282][T21424] syz.6.5983: attempt to access beyond end of device
[  381.696282][T21424] loop6: rw=2051, sector=232, nr_sectors = 2 limit=128
[  381.708008][T21413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.754268][T21316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.776832][T21430] __nla_validate_parse: 4 callbacks suppressed
[  381.776847][T21430] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5984'.
[  381.818520][T21434] loop2: detected capacity change from 0 to 1764
[  381.828419][T21434] isofs: isofs_export_get_parent(): child directory not normalized!
[  381.840722][T21432] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  381.851025][T21431] tipc: Resetting bearer <eth:syzkaller0>
[  381.862835][T21431] tipc: Disabling bearer <eth:syzkaller0>
[  381.874754][T21436] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5988'.
[  381.883951][T21436] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  381.892112][T21436] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  381.949508][T21442] loop6: detected capacity change from 0 to 128
[  381.956765][T21442] FAT-fs (loop6): Directory bread(block 162) failed
[  381.963859][T21442] FAT-fs (loop6): Directory bread(block 163) failed
[  381.971007][T21442] FAT-fs (loop6): Directory bread(block 164) failed
[  381.977814][T21442] FAT-fs (loop6): Directory bread(block 165) failed
[  381.984642][T21442] FAT-fs (loop6): Directory bread(block 166) failed
[  381.991465][T21442] FAT-fs (loop6): Directory bread(block 167) failed
[  381.998100][T21442] FAT-fs (loop6): Directory bread(block 168) failed
[  382.005019][T21442] FAT-fs (loop6): Directory bread(block 169) failed
[  382.009240][T21444] netlink: 'syz.2.5992': attribute type 3 has an invalid length.
[  382.020885][T21442] FAT-fs (loop6): Directory bread(block 162) failed
[  382.027714][T21442] FAT-fs (loop6): Directory bread(block 163) failed
[  382.035045][T21442] syz.6.5991: attempt to access beyond end of device
[  382.035045][T21442] loop6: rw=3, sector=226, nr_sectors = 6 limit=128
[  382.048572][T21442] syz.6.5991: attempt to access beyond end of device
[  382.048572][T21442] loop6: rw=2051, sector=232, nr_sectors = 2 limit=128
[  382.112230][T21453] loop1: detected capacity change from 0 to 128
[  382.119690][T21453] FAT-fs (loop1): Directory bread(block 162) failed
[  382.126359][T21453] FAT-fs (loop1): Directory bread(block 163) failed
[  382.133301][T21453] FAT-fs (loop1): Directory bread(block 164) failed
[  382.139954][T21453] FAT-fs (loop1): Directory bread(block 165) failed
[  382.146658][T21453] FAT-fs (loop1): Directory bread(block 166) failed
[  382.154014][T21453] FAT-fs (loop1): Directory bread(block 167) failed
[  382.162571][T21453] FAT-fs (loop1): Directory bread(block 168) failed
[  382.170249][T21453] FAT-fs (loop1): Directory bread(block 169) failed
[  382.178380][T21453] FAT-fs (loop1): Directory bread(block 162) failed
[  382.185680][T21453] FAT-fs (loop1): Directory bread(block 163) failed
[  382.193367][T21453] syz.1.5996: attempt to access beyond end of device
[  382.193367][T21453] loop1: rw=3, sector=226, nr_sectors = 6 limit=128
[  382.207099][T21453] syz.1.5996: attempt to access beyond end of device
[  382.207099][T21453] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128
[  382.285350][T21467] futex_wake_op: syz.1.6003 tries to shift op by 35; fix this program
[  382.296185][T21465] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6002'.
[  382.326811][T21470] IPv6: NLM_F_CREATE should be specified when creating new route
[  382.334798][T21470] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  382.342014][T21470] IPv6: NLM_F_CREATE should be set when creating new route
[  382.395425][T21481] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6009'.
[  382.432669][T21484] netlink: 5 bytes leftover after parsing attributes in process `syz.5.6011'.
[  382.441877][T21484] 0ªî{X¹¦: renamed from 
31ªî{X¹¦ (while UP)
[  382.450416][T21484] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  382.561754][T21493] loop5: detected capacity change from 0 to 128
[  382.569484][T21493] FAT-fs (loop5): Directory bread(block 162) failed
[  382.576279][T21493] FAT-fs (loop5): Directory bread(block 163) failed
[  382.583154][T21493] FAT-fs (loop5): Directory bread(block 164) failed
[  382.589936][T21493] FAT-fs (loop5): Directory bread(block 165) failed
[  382.596642][T21493] FAT-fs (loop5): Directory bread(block 166) failed
[  382.603427][T21493] FAT-fs (loop5): Directory bread(block 167) failed
[  382.610116][T21493] FAT-fs (loop5): Directory bread(block 168) failed
[  382.616719][T21493] FAT-fs (loop5): Directory bread(block 169) failed
[  382.624473][T21493] FAT-fs (loop5): Directory bread(block 162) failed
[  382.631331][T21493] FAT-fs (loop5): Directory bread(block 163) failed
[  382.678792][T21495] netlink: 164 bytes leftover after parsing attributes in process `syz.5.6015'.
[  382.911949][T21520] 9p: Unknown Cache mode or invalid value m
[  382.921560][T21522] netlink: 164 bytes leftover after parsing attributes in process `syz.5.6026'.
[  382.947511][T21526] 9p: Unknown Cache mode or invalid value m
[  383.075652][T21531] loop6: detected capacity change from 0 to 128
[  383.083469][T21531] FAT-fs (loop6): Directory bread(block 162) failed
[  383.090745][T21531] FAT-fs (loop6): Directory bread(block 163) failed
[  383.097515][T21531] FAT-fs (loop6): Directory bread(block 164) failed
[  383.104321][T21531] FAT-fs (loop6): Directory bread(block 165) failed
[  383.111069][T21531] FAT-fs (loop6): Directory bread(block 166) failed
[  383.117848][T21531] FAT-fs (loop6): Directory bread(block 167) failed
[  383.125123][T21531] FAT-fs (loop6): Directory bread(block 168) failed
[  383.131889][T21531] FAT-fs (loop6): Directory bread(block 169) failed
[  383.139779][T21531] FAT-fs (loop6): Directory bread(block 162) failed
[  383.146435][T21531] FAT-fs (loop6): Directory bread(block 163) failed
[  383.203706][T21533] tipc: Started in network mode
[  383.208611][T21533] tipc: Node identity 26150cd7de64, cluster identity 4711
[  383.215904][T21533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  383.223587][T21532] tipc: Resetting bearer <eth:syzkaller0>
[  383.235675][T21532] tipc: Disabling bearer <eth:syzkaller0>
[  383.338450][T21548] 9p: Unknown Cache mode or invalid value m
[  383.354387][T21552] netlink: 44 bytes leftover after parsing attributes in process `syz.5.6037'.
[  383.386261][T21551] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  383.394283][T21550] tipc: Resetting bearer <eth:syzkaller0>
[  383.416255][T21550] tipc: Disabling bearer <eth:syzkaller0>
[  383.499098][    C0] ==================================================================
[  383.507205][    C0] BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick
[  383.514415][    C0] 
[  383.516739][    C0] read-write to 0xffff8881000734b8 of 8 bytes by interrupt on cpu 1:
[  383.524792][    C0]  wq_worker_tick+0x60/0x230
[  383.529378][    C0]  sched_tick+0x11a/0x270
[  383.533703][    C0]  update_process_times+0x15f/0x190
[  383.538894][    C0]  tick_nohz_handler+0x249/0x2d0
[  383.543821][    C0]  __hrtimer_run_queues+0x20f/0x5a0
[  383.549022][    C0]  hrtimer_interrupt+0x21a/0x460
[  383.553972][    C0]  __sysvec_apic_timer_interrupt+0x5f/0x1d0
[  383.559868][    C0]  sysvec_apic_timer_interrupt+0x6f/0x80
[  383.565487][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  383.571457][    C0]  kcsan_setup_watchpoint+0x415/0x430
[  383.576834][    C0]  n_tty_receive_buf_common+0x3d9/0xbe0
[  383.582368][    C0]  n_tty_receive_buf2+0x33/0x40
[  383.587212][    C0]  tty_ldisc_receive_buf+0x66/0xf0
[  383.592310][    C0]  tty_port_default_receive_buf+0x59/0x90
[  383.598015][    C0]  flush_to_ldisc+0x148/0x340
[  383.602684][    C0]  process_scheduled_works+0x4ce/0x9d0
[  383.608126][    C0]  worker_thread+0x582/0x770
[  383.612700][    C0]  kthread+0x489/0x510
[  383.616759][    C0]  ret_from_fork+0x13f/0x270
[  383.621335][    C0]  ret_from_fork_asm+0x1a/0x30
[  383.626087][    C0] 
[  383.628393][    C0] read-write to 0xffff8881000734b8 of 8 bytes by interrupt on cpu 0:
[  383.636446][    C0]  wq_worker_tick+0x60/0x230
[  383.641038][    C0]  sched_tick+0x11a/0x270
[  383.645372][    C0]  update_process_times+0x15f/0x190
[  383.650560][    C0]  tick_nohz_handler+0x249/0x2d0
[  383.655485][    C0]  __hrtimer_run_queues+0x20f/0x5a0
[  383.660676][    C0]  hrtimer_interrupt+0x21a/0x460
[  383.665607][    C0]  __sysvec_apic_timer_interrupt+0x5f/0x1d0
[  383.671497][    C0]  sysvec_apic_timer_interrupt+0x6f/0x80
[  383.677116][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  383.683083][    C0]  _raw_spin_unlock_irq+0x2f/0x50
[  383.688108][    C0]  process_scheduled_works+0x486/0x9d0
[  383.693552][    C0]  worker_thread+0x582/0x770
[  383.698126][    C0]  kthread+0x489/0x510
[  383.702185][    C0]  ret_from_fork+0x13f/0x270
[  383.706762][    C0]  ret_from_fork_asm+0x1a/0x30
[  383.711512][    C0] 
[  383.713818][    C0] value changed: 0x0000000000269ad0 -> 0x000000000026c1e0
[  383.720915][    C0] 
[  383.723229][    C0] Reported by Kernel Concurrency Sanitizer on:
[  383.729367][    C0] CPU: 0 UID: 0 PID: 4174 Comm: kworker/u8:57 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  383.740912][    C0] Tainted: [W]=WARN
[  383.744701][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  383.754739][    C0] Workqueue: events_unbound flush_to_ldisc
[  383.760534][    C0] ==================================================================