last executing test programs:

1m1.547070019s ago: executing program 2 (id=3170):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000080)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f0000001140)={0x80, 0x1, 0x7d0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000740)='kfree\x00', r4, 0x0, 0x40008003}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
unshare(0x8000000)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r7 = inotify_init1(0x800)
inotify_add_watch(r7, &(0x7f0000000080)='./file0/../file0\x00', 0x950009ba)

1m1.515934851s ago: executing program 2 (id=3171):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = syz_open_dev$usbmon(&(0x7f00000002c0), 0x13dd, 0xc01)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000240), 0x8080, &(0x7f0000000380)=ANY=[@ANYBLOB="7405000000000000007266646e6f3d", @ANYRESHEX=r0, @ANYRESDEC=r1, @ANYRESHEX=r1, @ANYBLOB=',\x00'])
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x8, 0xb, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff73, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r4)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES8=r3, @ANYBLOB="bbfb2bbd7000fddbdf21670000000800c400020000000800c3"], 0x24}}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$unix(r8, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@rights={{0x18, 0x1, 0x1, [r7, r7]}}], 0x18, 0x40000}, 0x4000)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x94)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0xa0800, 0x0)
r10 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x140, 0x0)
ioctl$RTC_UIE_ON(r10, 0x7003)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r11, 0x0, 0x4}, 0x18)
r12 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r13=>0x0})
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r13, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c0002"], 0x44}, 0x1, 0x2}, 0x40000)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x44, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c0000000000000c548dc7914cb11ad63bf3707164aac031971c4be105eb953f86fbc6b204e076aa7a493e796123bbbd8e3b7e62d8fd097cf21d6d431a069ebc0aefd5fce80cc99fb38c771fa46e2c32a95fe99", 0x0, 0x86, 0x0, 0xffffffffffffff80, 0x0, &(0x7f0000000000)="daf9e846ab156efc71b59652333536dbfd26a6d0546366e36eb77dd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x15)

1m1.165988195s ago: executing program 2 (id=3173):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x200, 0x21db}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fe", 0xb}], 0x1)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e000006a001c000000000000000000000008000000", @ANYRES32], 0x38}, 0x4044080)
r2 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x4}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000580)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r3, @ANYRES32, @ANYBLOB="00008000000089692370c5c71b9410ebe067d669230000b70300001d0000008500"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffef8, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x2}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r6, 0x0, r7, 0x0, 0x88000cc, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)

1m0.338323391s ago: executing program 2 (id=3178):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x414, &(0x7f00000000c0)=ANY=[], 0x1, 0x2c7, &(0x7f0000000980)="$eJzs3EFrE2sUxvFzm94mTWmTC5fCvaAedGM3oY0fQIO0IAbU2hR1IUztREPGpMyESorYbMStn6O47E5Qv0A34satuCuC6MIuxBFnMu2knaapNjW1/x+UOcn7PskpJeGkkHf9xtP75aKTKRo16Uuo9Ik0ZEMk/aNq+qt57fPqAQlryNjQ57cnrt+8dTmXz8enVadyM+eyqjpy6sWDh89Ov6oNza6OPI/LWvr2+sfs+7XRtf/Wv83cKzlacrRSramhc9VqzZizTJ0vOeWM6lXLNBxTSxXHtFvWi1Z1YaGuRmV+OLlgm46jRqWuZbOutarW7Load41SRTOZjA4n5Xjr72BPYWV62shFrw2+O+iO0HWDUXfadq4hIgM7Fwsrh9EUAADoLe3nf3/W333+z8/612D+nzyY+V+E+b9LGi232s3/+FPYds5INl+/rZj/AQAAAAAAAAAAAAAAAAAAAAA4CjZcN+W6biq4Bj9xEUmISHD7d/eJ7tjr7/8pOnb+sPtEd4S+uJcQsZ4sFhYL/tVfzxWlJJaYMi4p+eq9HzT59dSl/OS4er64rrvczC8vFmISD/KBdFT+5D8Tfl7lpRXK/y3J8PNnJSX/Rj9/NjI/cO3smVA+Iyl5fUeqYsm89762lX80oXrxSn5bftDbt6vIkxYAAAAAAOhNGd2Ubv38G/PXvQ0J2bnu5/fx/4Ftn6/75f9OjqgEAAAAAAC/zKkvlQ3LMu2IYlVEdlnyiriItIkf1yImPdHGtuKCiPRAG22L4YPrMCEi/j36E/HRD5vxjlJuB3v693g19VoReWAwAAAAgCNsa+jfR+jN4y52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dP2GLCxIX9Tfakc7G/ZE36gNo8T2hU7vN8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6D3fAwAA///IERaQ")
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000000)='./file0/file0\x00')
r0 = creat(&(0x7f0000000280)='./bus\x00', 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@mpls_delroute={0x1c, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x40, 0xfe, 0x0, 0x75465d5d34dd81da, 0x1}}, 0x1c}}, 0x4000)
pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r2 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0)
dup3(r2, r0, 0x0)
finit_module(r2, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x1412, 0x10, 0x70bd2d, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x50001}, 0x4001)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x800, 0x14)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)

1m0.181950768s ago: executing program 2 (id=3180):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000080)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f0000001140)={0x80, 0x1, 0x7d0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000740)='kfree\x00', r4, 0x0, 0x40008003}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
unshare(0x8000000)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r7 = inotify_init1(0x800)
inotify_add_watch(r7, &(0x7f0000000080)='./file0/../file0\x00', 0x950009ba)

59.853921152s ago: executing program 2 (id=3184):
r0 = syz_io_uring_setup(0x4553, &(0x7f0000000400)={0x0, 0x59fc, 0x80, 0x3, 0xbd7f7fff}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYRES8=r1], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x5535, 0x3acd, 0x22, 0x0, 0x0)

59.719158717s ago: executing program 32 (id=3184):
r0 = syz_io_uring_setup(0x4553, &(0x7f0000000400)={0x0, 0x59fc, 0x80, 0x3, 0xbd7f7fff}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYRES8=r1], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x5535, 0x3acd, 0x22, 0x0, 0x0)

47.127118973s ago: executing program 4 (id=3414):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x1d, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESHEX=r0], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$sndseq(r1, &(0x7f0000000180)=[{0x80, 0xbb, 0xf, 0x81, @tick=0xffffffff, {0xd}, {0x9, 0x7}, @time=@time={0x4, 0xc}}, {0x4, 0x7, 0x0, 0xf5, @tick=0xd73, {0x6, 0x8}, {0xd}, @result={0x3, 0xfffffffd}}], 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
pipe2$9p(&(0x7f0000001900), 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})
r5 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa080045fc001c8b00000000029078ffffffff7f0300000000000000010107"], 0x0)
sendmsg(r5, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000340)="4ba72c4cfd81685544f46c3f082ce9b82adeebe12f1e79698112b596017539b9dc7669a06c062bda76d18d2b43780dc9e5ff6fde05997f51f1e4108c98bb21f8d75876e67593b1cb7de459780f719bd15eb06f1b858195262105d014e700463a5683920418bfed9875541b4a58c57293d958ff7ca5a5d4db3553e8e84a26346eb4a2b6354a1a2a6bb1bdc55fadd1", 0x8e}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280), &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x80000000}, &(0x7f00000002c0)=0x8)

47.035728297s ago: executing program 4 (id=3418):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r2)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x64, r4, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write$binfmt_misc(r5, &(0x7f0000000240), 0xfffffecc)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r7, 0x0, 0x7}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x3)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000800)='\x00')
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x2e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000010}, 0x10000840)

46.789175778s ago: executing program 4 (id=3427):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)

46.760489849s ago: executing program 0 (id=3428):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x1d, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESHEX=r0], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$sndseq(r1, &(0x7f0000000180)=[{0x80, 0xbb, 0xf, 0x81, @tick=0xffffffff, {0xd}, {0x9, 0x7}, @time=@time={0x4, 0xc}}, {0x4, 0x7, 0x0, 0xf5, @tick=0xd73, {0x6, 0x8}, {0xd}, @result={0x3, 0xfffffffd}}], 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
pipe2$9p(&(0x7f0000001900), 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})
r5 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa080045fc001c8b00000000029078ffffffff7f0300000000000000010107"], 0x0)
sendmsg(r5, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000340)="4ba72c4cfd81685544f46c3f082ce9b82adeebe12f1e79698112b596017539b9dc7669a06c062bda76d18d2b43780dc9e5ff6fde05997f51f1e4108c98bb21f8d75876e67593b1cb7de459780f719bd15eb06f1b858195262105d014e700463a5683920418bfed9875541b4a58c57293d958ff7ca5a5d4db3553e8e84a26346eb4a2b6354a1a2a6bb1bdc55fadd1", 0x8e}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000280), &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x80000000}, &(0x7f00000002c0)=0x8)

46.760214579s ago: executing program 4 (id=3429):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x414, &(0x7f00000000c0)=ANY=[], 0x1, 0x2c7, &(0x7f0000000980)="$eJzs3EFrE2sUxvFzm94mTWmTC5fCvaAedGM3oY0fQIO0IAbU2hR1IUztREPGpMyESorYbMStn6O47E5Qv0A34satuCuC6MIuxBFnMu2knaapNjW1/x+UOcn7PskpJeGkkHf9xtP75aKTKRo16Uuo9Ik0ZEMk/aNq+qt57fPqAQlryNjQ57cnrt+8dTmXz8enVadyM+eyqjpy6sWDh89Ov6oNza6OPI/LWvr2+sfs+7XRtf/Wv83cKzlacrRSramhc9VqzZizTJ0vOeWM6lXLNBxTSxXHtFvWi1Z1YaGuRmV+OLlgm46jRqWuZbOutarW7Load41SRTOZjA4n5Xjr72BPYWV62shFrw2+O+iO0HWDUXfadq4hIgM7Fwsrh9EUAADoLe3nf3/W333+z8/612D+nzyY+V+E+b9LGi232s3/+FPYds5INl+/rZj/AQAAAAAAAAAAAAAAAAAAAAA4CjZcN+W6biq4Bj9xEUmISHD7d/eJ7tjr7/8pOnb+sPtEd4S+uJcQsZ4sFhYL/tVfzxWlJJaYMi4p+eq9HzT59dSl/OS4er64rrvczC8vFmISD/KBdFT+5D8Tfl7lpRXK/y3J8PNnJSX/Rj9/NjI/cO3smVA+Iyl5fUeqYsm89762lX80oXrxSn5bftDbt6vIkxYAAAAAAOhNGd2Ubv38G/PXvQ0J2bnu5/fx/4Ftn6/75f9OjqgEAAAAAAC/zKkvlQ3LMu2IYlVEdlnyiriItIkf1yImPdHGtuKCiPRAG22L4YPrMCEi/j36E/HRD5vxjlJuB3v693g19VoReWAwAAAAgCNsa+jfR+jN4y52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dP2GLCxIX9Tfakc7G/ZE36gNo8T2hU7vN8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6D3fAwAA///IERaQ")
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000000)='./file0/file0\x00')
pwritev2(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
finit_module(r0, 0x0, 0x0)

46.709898691s ago: executing program 0 (id=3431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xc04002, 0x0, 0x1, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x100000000000000)

46.687468662s ago: executing program 0 (id=3432):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2d}}}, 0x0, 0x0, 0x4, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xffff}}}}}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x48001)
syz_usb_disconnect(r3)
syz_usb_connect$hid(0x6, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0), 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89a2, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)=@l2tp6={0xa, 0x0, 0x7f, @empty, 0x4, 0x4}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="cefdd6f66dbb4c53f6c649b860ef378b310e9593ccb164acb8c1de677495e955b1ab7c673f6b0a5ea6b61c50d42574f9c31a922db11415445664bc2718db9bca874abd6999d8f4ae5bde807d26f9c9f9c647", 0x52}, {&(0x7f0000000340)="d157cb6e8ba5ce8d54ab9f0a8a328d51d7880423bde0559b91b635c5409212b173597f2803e411585f25b9b8f954c104448e5144ff", 0x35}], 0x2, &(0x7f00000003c0)=[@txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}], 0x48}, 0x4000000)

46.683773523s ago: executing program 4 (id=3433):
prctl$PR_SET_TSC(0x1a, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@volatile={0x6, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0]}}, &(0x7f0000000380)=""/67, 0x27, 0x43, 0x0, 0x3, 0x10000}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000740)={r1, 0x20, &(0x7f0000000640)={&(0x7f00000004c0)=""/15, 0xf, <r2=>0x0, &(0x7f0000000500)=""/229, 0xe5}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00'}, 0x18)
socket$tipc(0x1e, 0x5, 0x0)
r4 = perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, @perf_config_ext={0x1, 0x7}, 0x402, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8d}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6, 0x0, 0x1}, 0x18)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000540), 0x80, 0x0)
r8 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000005c0)={0x10})
openat$nci(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @multicast2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

46.529874429s ago: executing program 4 (id=3436):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x1ff}, 0x94)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000040)={'tunl0\x00', <r2=>0x0, 0x8, 0x1, 0x8e, 0xffff6d24, {{0x6, 0x4, 0x1, 0x2e, 0x18, 0x65, 0x0, 0x3, 0x4, 0x0, @loopback, @broadcast, {[@end]}}}}})
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000118110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r4}, 0x10)
sigaltstack(0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f0000000280)={'ip6_vti0\x00', r2, 0x4, 0x5, 0x0, 0x6, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x11}, 0x80, 0x7, 0x7, 0x145}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$SEG6(&(0x7f00000033c0), r1)
sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000003480)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003440)={&(0x7f0000003400)={0x1c, r6, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x840)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000032c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000300)=""/99, 0x63}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/61, 0x3d}, {&(0x7f0000000880)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}, {{&(0x7f00000006c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000780)=""/65, 0x41}, {&(0x7f0000000a00)=""/221, 0xdd}], 0x2}, 0x8}, {{&(0x7f0000000b00)=@sco, 0x80, &(0x7f0000000840)=[{&(0x7f0000000b80)=""/244, 0xf4}, {&(0x7f0000001fc0)=""/4096, 0x1000}, {&(0x7f0000000c80)=""/197, 0xc5}], 0x3, &(0x7f0000000d80)=""/253, 0xfd}, 0x7b000000}, {{&(0x7f0000000e80)=@qipcrtr, 0x80, &(0x7f0000003140)=[{&(0x7f0000000f00)=""/75, 0x4b}, {&(0x7f0000002fc0)=""/121, 0x79}, {&(0x7f0000003040)=""/101, 0x65}, {&(0x7f00000030c0)=""/72, 0x48}, {&(0x7f0000000940)=""/25, 0x19}], 0x5, &(0x7f00000031c0)=""/239, 0xef}, 0x8}], 0x4, 0x40010003, &(0x7f0000003700)={0x77359400})

46.528926049s ago: executing program 33 (id=3436):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x1ff}, 0x94)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000040)={'tunl0\x00', <r2=>0x0, 0x8, 0x1, 0x8e, 0xffff6d24, {{0x6, 0x4, 0x1, 0x2e, 0x18, 0x65, 0x0, 0x3, 0x4, 0x0, @loopback, @broadcast, {[@end]}}}}})
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000118110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r4}, 0x10)
sigaltstack(0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000540)={'ip6gre0\x00', &(0x7f0000000280)={'ip6_vti0\x00', r2, 0x4, 0x5, 0x0, 0x6, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x11}, 0x80, 0x7, 0x7, 0x145}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$SEG6(&(0x7f00000033c0), r1)
sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000003480)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003440)={&(0x7f0000003400)={0x1c, r6, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x840)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000032c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000300)=""/99, 0x63}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/61, 0x3d}, {&(0x7f0000000880)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}, {{&(0x7f00000006c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000780)=""/65, 0x41}, {&(0x7f0000000a00)=""/221, 0xdd}], 0x2}, 0x8}, {{&(0x7f0000000b00)=@sco, 0x80, &(0x7f0000000840)=[{&(0x7f0000000b80)=""/244, 0xf4}, {&(0x7f0000001fc0)=""/4096, 0x1000}, {&(0x7f0000000c80)=""/197, 0xc5}], 0x3, &(0x7f0000000d80)=""/253, 0xfd}, 0x7b000000}, {{&(0x7f0000000e80)=@qipcrtr, 0x80, &(0x7f0000003140)=[{&(0x7f0000000f00)=""/75, 0x4b}, {&(0x7f0000002fc0)=""/121, 0x79}, {&(0x7f0000003040)=""/101, 0x65}, {&(0x7f00000030c0)=""/72, 0x48}, {&(0x7f0000000940)=""/25, 0x19}], 0x5, &(0x7f00000031c0)=""/239, 0xef}, 0x8}], 0x4, 0x40010003, &(0x7f0000003700)={0x77359400})

45.924054825s ago: executing program 0 (id=3443):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000440)='./file0\x00', 0x414, &(0x7f00000000c0)=ANY=[], 0x1, 0x2c7, &(0x7f0000000980)="$eJzs3EFrE2sUxvFzm94mTWmTC5fCvaAedGM3oY0fQIO0IAbU2hR1IUztREPGpMyESorYbMStn6O47E5Qv0A34satuCuC6MIuxBFnMu2knaapNjW1/x+UOcn7PskpJeGkkHf9xtP75aKTKRo16Uuo9Ik0ZEMk/aNq+qt57fPqAQlryNjQ57cnrt+8dTmXz8enVadyM+eyqjpy6sWDh89Ov6oNza6OPI/LWvr2+sfs+7XRtf/Wv83cKzlacrRSramhc9VqzZizTJ0vOeWM6lXLNBxTSxXHtFvWi1Z1YaGuRmV+OLlgm46jRqWuZbOutarW7Load41SRTOZjA4n5Xjr72BPYWV62shFrw2+O+iO0HWDUXfadq4hIgM7Fwsrh9EUAADoLe3nf3/W333+z8/612D+nzyY+V+E+b9LGi232s3/+FPYds5INl+/rZj/AQAAAAAAAAAAAAAAAAAAAAA4CjZcN+W6biq4Bj9xEUmISHD7d/eJ7tjr7/8pOnb+sPtEd4S+uJcQsZ4sFhYL/tVfzxWlJJaYMi4p+eq9HzT59dSl/OS4er64rrvczC8vFmISD/KBdFT+5D8Tfl7lpRXK/y3J8PNnJSX/Rj9/NjI/cO3smVA+Iyl5fUeqYsm89762lX80oXrxSn5bftDbt6vIkxYAAAAAAOhNGd2Ubv38G/PXvQ0J2bnu5/fx/4Ftn6/75f9OjqgEAAAAAAC/zKkvlQ3LMu2IYlVEdlnyiriItIkf1yImPdHGtuKCiPRAG22L4YPrMCEi/j36E/HRD5vxjlJuB3v693g19VoReWAwAAAAgCNsa+jfR+jN4y52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dP2GLCxIX9Tfakc7G/ZE36gNo8T2hU7vN8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6D3fAwAA///IERaQ")
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000000)='./file0/file0\x00')
pwritev2(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
finit_module(r0, 0x0, 0x0)

45.770067641s ago: executing program 0 (id=3445):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff0000000002000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
modify_ldt$write(0x1, &(0x7f0000000080)={0x1000, 0x1000, 0xfffffffffffffffe}, 0x10) (async)
modify_ldt$write(0x1, &(0x7f0000000080)={0x1000, 0x1000, 0xfffffffffffffffe}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000580)={0x1, &(0x7f00000000c0)=[{0x6}]})
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$xdp(0x2c, 0x3, 0x0) (async)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00', <r4=>0x0})
setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300000000000000, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10)
ptrace(0x10, r1) (async)
ptrace(0x10, r1)
fsmount(0xffffffffffffffff, 0x0, 0x20)

45.381601178s ago: executing program 0 (id=3448):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)

45.381165968s ago: executing program 34 (id=3448):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000800)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)

3.789712939s ago: executing program 6 (id=3963):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)=ANY=[@ANYRES16], 0x48)
r1 = shmget$private(0x0, 0x2000, 0x10, &(0x7f0000ff6000/0x2000)=nil)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$rds(r2, 0x0, 0x0)
shmat(r1, &(0x7f0000ffb000/0x2000)=nil, 0x2000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x8, 0x1, 0xe0, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r4}, 0x10)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x9effffff, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
socket(0x2, 0x4, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x9, &(0x7f00000002c0), 0x4, 0x50e, &(0x7f0000000e40)="$eJzs3c1vVF8ZAOD33nZoKYUBZaFGBRFFQ5h+AA1hI2w0hpCYEOPCBdR2aJrOME2nRFpJbJfuSSRxpX+COxcmrFy4c6c7N7gwQSUSauJizL0zbQf6Kf2YXzvPk9zee84Z5j1nhnPO3APTE0DXuhgRSxFxIiIeRUSxlZ+0jrjTPLLHvX/7fGLl7fOJJBqNB/9M8vIsL9r+TOZU6zn7fx4R34v4SbIxbn1hcWa8UinPtdJD89XZofrC4rXptJUzOjYyNnzr+s3RfWvrhepv33x3+t4Pf/+7r7z+09K3f5ZVa/AXp/Oy9nbsp2bTCzHYltcbEfcOIliH9Lb+/nD0ZL3tcxFxKe//xejJ300A4DhrNIrRKLanAYDjLrv/H4wkLbXWAgYjTUul5hre+RhIK7X6/NVi7emTycjXsM5GIX08XSkPt9YKz0YhydIj+fV6evSD9Ivy9Yg4FxEv+k7m5aWJWmWykx98AKCLnfpo/n/X15z/t/fucCoHAByc/k5XAAA4dOZ/AOg+5n8A6D7/x/zv24EAcEy4/weA7mP+B4Dus+P8v3w49QAADsUP7t/PjsZK8/dfr/6m7muT5fpMqfp0ojRRm5stTdVqU5VyaaLR2On5KrXa7MiNtWR9YfFhtfb0yfzD6er4VPlhuXCQjQEAduXchVd/ySb9pdsn8yPa9nIwV8Pxlna6AkDH9HS6AkDH+D4PdK9d3ONbBoBjbpMtej+w5X8RemnzVziqrnzR+j90q72s/1s7gKPt09b/v7Pv9QAOnzkculejkdjzHwC6jDV+YE///g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABdajA/krSU7wW+lP1MS6WI0xFxNgrJ4+lKeTgizkTEn/sKfVl6pNOVBgD2KP170tr/60rx8mB7STEiTiT/6cuuT0TET3/14JfPxufn50ay/H+t5c+/bOUnjU41AgBYdWdjVj5Pj7bObTfy798+n1g9DrOKb+42NxfN4q60jmZJb/Tm5/4oRMTAv5NWuin7vNKzD/GXliPiC+vtf9YWYTBfA2nufPpx/Cz26QOIv/76fxw//SB+mpdl50L+Wnx+H+oC3ebV3eY42ep7WRdr9b80Lubnzft/fz5C7V02/mVjycqG8S9dG/96NsRP8j5/cS29fU3e3PjD9zdkNorNsuWIL/VuFj9Zi59sPv4WLu8ufPz1y1+9tFVZ49cRVzZt/+qO1NV8mB2ar84O1RcWr01Xx6fKU+Uno6NjI2PDt67fHB3K16ibP/+4WYx/3L56ZsvXZjliYIv4/du3P76xfbPX/Oa/j378tW3if+vrm7//57eJn82J39xl/PGBO1tu353Fn1xtf6G9ZMf3P67uFDhtnl7/bXFyl1UFAA5BfWFxZrxSKc/tcJF91tzpMS6O5kUsRezXE+aLEhHxWWhXl1ykse1jfvSJPbfTIxNw0NY7fadrAgAAAAAAAAAAAAAAbKW+sDjTd8Df1up0GwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi+/hcAAP//G4rEcQ==")
lsm_get_self_attr(0xd, 0x0, &(0x7f0000000000), 0x3800)
set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8)
socket(0xa, 0x80805, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0x4}, 0x18)
personality(0xc)
fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2, 0x0, 0xa}, 0x10)

3.032660521s ago: executing program 3 (id=3970):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x40)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
get_robust_list(0x0, &(0x7f0000000540)=0x0, &(0x7f0000000600))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x45c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x1, 0x8, 0x1, 0xff, 0x7}, {0x4, 0x0, 0x3, 0xa159, 0x1000, 0xbebc20}, 0x3, 0x4000000, 0x41e}}, @TCA_TBF_PTAB={0x404, 0x3, [0x104, 0x2, 0xc, 0xfff, 0x0, 0x8ba, 0xa1, 0x4d91, 0x7fffffff, 0x63c4, 0x0, 0x7ffd, 0x400, 0x255, 0x6, 0xc, 0xd81, 0x3, 0xa, 0xa, 0x7, 0x6, 0xc, 0x200, 0xfffffffd, 0x5, 0xb96, 0x7, 0x0, 0xffffffff, 0x200, 0x3, 0x80000001, 0x7c, 0xfffffffc, 0x5, 0x1, 0x2, 0x8, 0x6, 0x1, 0xd, 0x80, 0x400, 0x80, 0x90000000, 0x3800000, 0x0, 0xfffff30b, 0x0, 0xf5, 0x81, 0xfffffffa, 0x80, 0x101, 0x3f, 0xfffffbff, 0x36a5, 0x4, 0x6, 0x7ff, 0x1ba, 0x9, 0xab, 0x6, 0xfffffff7, 0x6, 0x0, 0x3, 0x1, 0x963, 0x1ff, 0x2, 0xfffffffd, 0xa, 0x5, 0x0, 0x3, 0x0, 0xb09, 0x3ff, 0x7, 0x8000, 0x4, 0x8, 0x1000, 0x101, 0x5, 0x3, 0x6, 0x2009, 0x3, 0x1, 0x8762, 0x10008e, 0x80000005, 0xfffff76b, 0x0, 0x4, 0x4275c4e9, 0x8, 0x5, 0x800, 0x4, 0x955, 0x5, 0x6cdf139e, 0x9, 0x3, 0x5, 0x10001, 0xff, 0x80000001, 0xed2, 0x5, 0xfffffffa, 0x10002, 0x18d0, 0x0, 0x3, 0x9486, 0x80, 0x5, 0x80000000, 0xdb, 0x3, 0x80, 0xffff7ffc, 0x5, 0x8, 0x7, 0x1, 0x2, 0x8008, 0x2, 0x8, 0x2, 0x81, 0x3, 0x1, 0x6bf, 0x7, 0xea, 0x4, 0xc1, 0x2, 0x40, 0x5, 0x27f, 0x200, 0x7, 0x40040, 0x7, 0x4, 0x7, 0xff, 0x400, 0x8, 0x7fffffff, 0xfffffff8, 0x8, 0xfffffff4, 0x8, 0xc, 0x96, 0x6, 0x104, 0x62cc, 0x2, 0x7, 0x2eb7, 0x10001, 0xcbf, 0x10000, 0x101, 0x9, 0xfffffffa, 0x1, 0x8, 0x7, 0x8001, 0xf, 0x5, 0x8, 0x8d, 0xffffffff, 0x2, 0x7, 0x1, 0x0, 0xffffffff, 0x494, 0xb, 0x1, 0x1, 0xd1, 0xd, 0x9, 0x1002, 0xffffffff, 0x800, 0x3, 0xfffffffb, 0xffff, 0xff, 0x5, 0xe, 0x401, 0x2, 0x8cc5, 0x8, 0x159, 0xfdfffff7, 0x81, 0x382ae49d, 0x9, 0xffffffff, 0xffff, 0xdf3b, 0x8d, 0x6, 0xfffffef7, 0x89c3, 0x6319da67, 0x5, 0x9, 0x2, 0xfffff801, 0x0, 0x5, 0x5, 0x7, 0x7, 0x7f, 0x7, 0x1, 0x0, 0xffffffff, 0xdfed, 0xb, 0x77, 0x7, 0xff, 0xb331, 0x9, 0x6, 0x9, 0x7, 0x5, 0x400, 0x10001, 0x1, 0x800, 0x6000, 0xfe000000, 0xfffffffd]}]}}]}, 0x45c}}, 0x0)
syz_usb_disconnect(r0)

2.759399243s ago: executing program 6 (id=3971):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r1, 0x0, 0xa}, 0x18)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x1}, 0x1c)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcfffffa, 0x4031, 0xffffffffffffffff, 0x41d1000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2000, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff00000005, 0x1ff}, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x201, 0x0, 0x80}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x1)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x2, {{0x40, 0x1}}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50)
bind$tipc(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
setregid(0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$BTRFS_IOC_SYNC(r4, 0x9408, 0x0)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x7, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r3, 0x3)
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, 0x0, &(0x7f00000001c0)}, 0x20)
syz_open_dev$tty1(0xc, 0x4, 0x4)

2.719985094s ago: executing program 6 (id=3972):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000580)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@noquota}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=")
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x202080, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file2\x00')
unlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

2.634733068s ago: executing program 6 (id=3973):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1b, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000000000000000cb0c", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000200000000000000f44030d044008000000016200000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008", @ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x29)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
dup(0xffffffffffffffff)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve1\x00'})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x18)

2.59798744s ago: executing program 1 (id=3975):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close_range(r2, 0xffffffffffffffff, 0x0)

2.569265971s ago: executing program 1 (id=3976):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000070000000000520000000000950000000000005e5c5bbd290026d1d2adcc0efb5342be17052625dae3ee19642dcce556ceb82d05547db972615bbfef79cf79be037255012a3b0d981b973ebba5313dc6af7ea7adf98ad670d9ca991bab6ef5bd8f3ee541004c6c6fb22ff7fd31da1e02422dca604b50d9b54954d013bfe21f993ddbdb03aedd7a0f0fba5524519ab10d8862dddf9ca46ee850e9a18e2a1287b0baa9ed162254b5026fd538f987c083e1dd3f2b646213ff4b319af6c5385aa209612aed25a9dd8caacf05f50c89150502f8ce9ec9c94f35569bce05d8adbb5769a48a8cb5a8577f08259941ebd93628fa43c52bd3b096e67d33fbe33ee760f5fba90673138335709b60bd65a903ff0cf190e4ec1f9c4104747d7b0000000000000000000000006edc0461c8a65aa2806bee58caf2ce522a549f5c3cec695455073439f64d1a120ab1c09f3c242ce611d7ff1f738b17f866f0cf04d9b33a2311c9c0d6e12307eb5f1b3bcf0b21c85236d98c013ef3ac769e461c32b84d3c08a9eb5154ae37724be7dfcc62fe5ef0fb86d5eb774c8041450b7b"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x4000)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000340)={[{@usrquota}, {@jqfmt_vfsv1}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==")
r1 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r3, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYBLOB="20000000000000000000000007000000440cd1700000000700000e0f940401001400000000000000000600000200000002000000000000001100000000000000000000000100000009000000000000001400000000000000eaffffff0100000006000000000000001400000000000000000000000200000006"], 0x80}}, {{&(0x7f00000010c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=ANY=[], 0x28}}], 0x2, 0x4000004)
shutdown(r3, 0x0)
getsockopt$sock_int(r2, 0x1, 0x26, 0x0, &(0x7f00000000c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800c39fd838bf53a05300000000ff7f0000"], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xbb, &(0x7f000000cf3d)=""/187, 0x0, 0x4d, '\x00', 0x0, @sk_reuseport=0x27}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000040), 0x200080, &(0x7f0000000380)=ANY=[@ANYBLOB="74729bb95b9e03e2e6a5fd0a51616e24190811d09e75aaf919c98cceff42f3e8fef1202eea7107", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',aname=wfdno,\x00'])
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
io_setup(0x8f0, &(0x7f0000002400)=<r6=>0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)
io_submit(r6, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x9, 0xffffffffffffffff, &(0x7f00000001c0)="8bbb1370da59dae18c0e0d7fb25792f7ad5417fd7bcc1a11038bcba6b108335fa484d267c85c6fd90baf15b7", 0x2c, 0x2, 0x0, 0x1, r7}])
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{}, &(0x7f0000000280), &(0x7f0000000680)=r4}, 0x20)
bind$unix(r1, &(0x7f0000000000)=@file={0x1, './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x500, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x4000000, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x6, 0xfff3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x1, 0xffffffff, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x80002, 0x0, 0x1000, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x4000, 0x0, 0x0, 0xfffffffe, 0x5, 0x0, 0x0, 0x272, 0xb, 0x9, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0xe, 0x0, 0x2, 0xfffffffd, 0x0, 0x80007, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xb9a, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x5e, 0x6, 0x8, 0x0, 0x0, 0x1, 0x3, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffff, 0xffff8003, 0x0, 0xffffffff, 0x1, 0x0, 0x800009, 0xfffffffd, 0x0, 0x8, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x2, 0x2000000, 0x100, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0xb6, 0x0, 0x1, 0x0, 0x7, 0x8, 0x0, 0xffffffff, 0xffff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x4000, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x800000, 0x0, 0x5, 0x0, 0x9, 0xfffffffd, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x2, 0x13, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0xaa, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x26c, 0x4, 0x7, 0xffff, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff, 0x2, 0x3, 0x0, 0x19, 0x40000000}, 0x0, 0x100007f, 0x2}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

2.546759722s ago: executing program 6 (id=3977):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="0e000000040000000800000008", @ANYBLOB="5a3b526f2dd17188c2738b76d6dd860b1d78d5464a7a5ba65f849d0f3250e9928d1e8097e2ea781da8b0721c3183224798117cc77d40c567c833e88a02ffbf6d7474bc242b2a71e544f58e54411f8f9f0d29c62d1e02c5486a193d31f96ff1ee5de7f40645dcaba4b6aeb49bae3c851ef3ac3ecaacdcc2fed768dcfe9d8802b2b7c675c3087d7d0813717a75217fb1b33ae8c4b661ba9b8d0d68aad466cffce86e0938362216619f9916345bc4505652c23525973a91af627294a8d27d7d8d2706288ec420c6076a69989187c6eca7b270a64b2f7c2f88", @ANYRESOCT=r0, @ANYRES8=r0, @ANYRES16=r0], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_udp_int(r1, 0x11, 0x1, 0x0, &(0x7f00000000c0))
wait4(0xffffffffffffffff, &(0x7f0000000040), 0x2, &(0x7f0000000140))
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
remap_file_pages(&(0x7f00005fd000/0x4000)=nil, 0x4000, 0x0, 0x5, 0x20000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0xb, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={&(0x7f0000001540), 0x13}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="21000000000000000000000000001000000400", @ANYBLOB="0000003c0cfcaabdf989"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r2}, 0x10)
semget(0x0, 0x2, 0x200)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00'}, 0x10)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0x1, @remote, 'lo\x00'}}, 0x1e)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
r4 = syz_clone(0x10ae0200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r4, 0x0)
move_pages(r4, 0x5, &(0x7f0000000240)=[&(0x7f00005d4000/0x4000)=nil, &(0x7f0000866000/0x4000)=nil, &(0x7f00001da000/0x4000)=nil, &(0x7f00005f3000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f00000002c0)=[0x9], &(0x7f00000014c0)=[0x0, 0x0, 0x0], 0x0)
unshare(0x6a040000)
getsockopt$inet6_buf(r1, 0x29, 0x2b, &(0x7f0000001600)=""/222, &(0x7f0000001500)=0xde)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
mq_open(0x0, 0x42, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000040000000000000000040000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000018c0000000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010200001800e000100636f6e6e6c696d69740000000c000280080001"], 0x110}}, 0x0)

2.450180466s ago: executing program 1 (id=3979):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r2)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x64, r4, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r5}, 0x18)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write$binfmt_misc(r6, &(0x7f0000000240), 0xfffffecc)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r8, 0x0, 0x7}, 0x18)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x3)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000800)='\x00')
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x2e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000010}, 0x10000840)

2.306591332s ago: executing program 3 (id=3980):
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaa"], 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000010c0)=0x8)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={r2, 0x80000000}, &(0x7f00000002c0)=0x8)

2.230112115s ago: executing program 3 (id=3981):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, 0x0, &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
chroot(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')

2.082921982s ago: executing program 6 (id=3984):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup(r2)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb9)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r6, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}], 0x1, 0x4004040)

1.839402692s ago: executing program 5 (id=3990):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r1, 0x0, 0xa}, 0x18)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x1}, 0x1c)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcfffffa, 0x4031, 0xffffffffffffffff, 0x41d1000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2000, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff00000005, 0x1ff}, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x201, 0x0, 0x80}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x1)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50)
bind$tipc(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
setregid(0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$BTRFS_IOC_SYNC(r4, 0x9408, 0x0)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x7, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r3, 0x3)
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, 0x0, &(0x7f00000001c0)}, 0x20)
syz_open_dev$tty1(0xc, 0x4, 0x4)

1.753790206s ago: executing program 5 (id=3992):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESDEC=r0], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
socket$inet6(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xdb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)

1.477550627s ago: executing program 1 (id=3995):
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x80000000)
memfd_secret(0x80000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200290000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00"/99])

1.378012182s ago: executing program 1 (id=3996):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup\x00', 0x0, 0x2)
getdents64(r0, &(0x7f0000002300)=""/251, 0x1d)
getdents(r0, 0xfffffffffffffffd, 0x58)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close(r1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r7 = dup3(r5, r6, 0x0)
ioctl$MON_IOCX_GETX(r7, 0x4018920a, 0x0)
connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e24, @empty}, 0x10)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r8 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r4, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000001600)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x85\x99\xab\xa7AkQ\x16$\x15\xcf\x14#\xad\x1f\xce}K\xea\x90.!\xd6z\x9e\xc3\xe5\xbf\xc2c\x02\xdc\x86\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xdc)\x82\xeb\b\xa9\x14\xf86\xdc\x8e$B\xa0\x12Zqeo\xb8Z\xa1{\x9ewcbQ[O\xf3y\x99\xc7\xd29\xb7R\xc4:5wV\x86\xef\x95\xa8\x8f2TmN]0\xb8K\x95vP~\xbd\f>m\n\xb3\xe5\x94\xa7\xd3\xc3_\xc9\xcc\xa0nN\xc14k\xcd\xad\x9d}\xd5$\xaaf\xe8\xdd\xcf\t\xb8\x89\xb5\x94t_\xf0\xfc\x18\xa2\xa2rm@\x9b1~3\xbc8\xde\xe3n~\xd2\xd2')
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

1.220182889s ago: executing program 5 (id=3999):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)=r1}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = mq_open(0x0, 0x8c2, 0x34, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
utimes(0x0, 0x0)
mq_getsetattr(r2, 0x0, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0xd50c076c1b2d1b2e, 0x8c)
symlinkat(&(0x7f0000000080)='./file0\x00', r4, &(0x7f0000000280)='./file0\x00')

1.204575079s ago: executing program 7 (id=4000):
r0 = socket(0x2, 0x3, 0xff)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r0, &(0x7f0000008b80)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000180)="189772100048f5c56a6aeb00ffffffff0bd8", 0x12}], 0x1, 0x0, 0x0, 0x4000}}, {{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0, 0x0, 0x1800}}], 0x2, 0x20000000)

1.160225191s ago: executing program 5 (id=4001):
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa"], 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, 0x0, &(0x7f00000010c0))
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x80000000}, &(0x7f00000002c0)=0x8)

1.159038421s ago: executing program 7 (id=4002):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r1, 0x0, 0xa}, 0x18)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x1}, 0x1c)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcfffffa, 0x4031, 0xffffffffffffffff, 0x41d1000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2000, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff00000005, 0x1ff}, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x201, 0x0, 0x80}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x1)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000003140100c68f7bec9aff068609000200737962320000000008004100736977001400330062726964676530"], 0x38}, 0x1, 0x0, 0x0, 0x44805}, 0x50)
bind$tipc(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18)
setregid(0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$BTRFS_IOC_SYNC(r4, 0x9408, 0x0)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x7, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r3, 0x3)
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, 0x0, &(0x7f00000001c0)}, 0x20)
syz_open_dev$tty1(0xc, 0x4, 0x4)

1.098004013s ago: executing program 5 (id=4003):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/25], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000100)="03", 0x1}, {&(0x7f0000000540)="cf597f56376fd90e8f5e68bb012986a1be1cc721139578aefea50b0fd4ca8f937bf3742604d45fdfd814c33b49ce06353952a9f670e400a094a652345aaa825ee777e6fb842ee8f6300b78d0b8534d70b949a0c393896c586d427d70dabfd90ee9805f8d893989640616207d572846a17396335546d94c2e2b23c484f7534e24eb868bd07f6a86598e0d2757ba6bae990ea6919da1d088b8378d1601219d82092209f11de43aec74474d3141f152e9e09b33826f252c795244e7b12cd1f7d57d3d1470f24ba8e9f3e3", 0xc9}, {&(0x7f0000000340)="306a50be5c210e457d4341c4dd", 0xd}, {&(0x7f00000007c0)="111857b6045567a03c9b55055bf9dbfde419b7a79ab021219872e422acf78c3bba6a78d6fa22736696b75f5d476f9f7f0f3d90f0917f8777e9c87895926c2abefc04a9d7713a052fd48849869cdb43893f3982d3f5e3203ffaef5e1f7c14719f715eb39072c987779e7336cac1d59d96e4a4a29fe963c0bd6b1f", 0x7a}], 0x4}], 0x1, 0x0)
r5 = mq_open(&(0x7f0000000040)='!seli\x1a\x1d!\xa7\x00\x00inux\x00G\xd0\xc6(X', 0x6e93ebbbcc0884f2, 0x10, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedreceive(r5, &(0x7f00000003c0)=""/83, 0x53, 0x8000000000002003, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0xffff, @multicast1}, 0x10)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write(r4, 0x0, 0xfffffffffffffcd5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=ANY=[@ANYBLOB="1c0000005e000101000000000600", @ANYRES32=0x0, @ANYBLOB="04"], 0x1c}], 0x1}, 0x800)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0x2, 0x4fd, &(0x7f0000000b00)="$eJzs3ctvW1kZAPDv3jycyWQmGZgFoAHKMFBQVTtxZ6LRbBhWI4RGQsySRSckThTFiaPYGZrQRbpkj0QlVrDiHwCJBVJX7JFYwI5NWSDxqEANEgsjX19nnIcbq03sNv79pCufe47t75xa9xzrc3NPACPrWkQcRMRkRHwcEbN5fZIf8X77aD3v8aO7y4eP7i4n0Wx+9M8ka2/VRddrWl7O33MqIr7/QcQPkxNB/xhR39vfWKpWKzt5VamxuV2q7+3fXN9cWqusVbbK5cWFxfl3b71TvqCR/vqo9LvffvHhHw6++eNWt2byuu5xXKT20CeO4rSMR8R3LyPYEIzl45l8mhc/1Yu4SGlEfCYi3syu/9kYyz7N445/TN+K/NIGAF5QzeZsNGe7zwGAqy7NcmBJWsxzATORpsViO4f3ekyn1Vq9cWO1tru10s6VzcVEurpercznucK5mEhW18crC1m5c16tlE+c34qI1yLip4WXsvPicq26MswvPgAwwl4+sf7/p9Be/wGAK67r1/zCMPsBAAyO/80HAKPH+g8Ao8f6DwCjx/oPAKPH+g8Ao8f6DwAj5Xsfftg6mof5/a9XPtnb3ah9cnOlUt8obu4uF5drO9vFtVptLbtnz+Z571et1bYX3o7dO6VGpd4o1ff2b2/Wdrcat7P7et+uTAxkVADAk7z25Qd/TiLi4L2XsiO67vd/7lr9xmX3DrhM6bA7AAzN2LA7AAzN6d2+gFEhHw90bdF7r6t66lThpPt9vX2a7xsKPEeuf/4Z8v/AC03+H0bX0+X/fZeHq0D+H0ZXs5nY8x8ARowcP5Cc0979+/98s+ukv9//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4EqayY4kLeZ7gc9EmhaLEa9ExFxMJKvr1cp8RLwaEX8qTBRa5wsRYd8gAHiRpX9L8v2/rs++NXOydbLw30L2GBE/+vlHP7uz1GjsLERMJv86qm/cz+vLw+g/AHCezjrdWcc7Hj+6u9w5Btmfv3+7vbloK+5hfrRbxmM8e5zKcg3T/07y87bW95WxC4h/cC8iPnfW+JMsNzKX73x6Mn4r9isDjZ8ei59mbe3H1r/FZy+gLzBqHrTmn/fPuv7SuJY9nn39T2Uz1LPrzH+Hp+a/9Gj+G+sx/13rN8bbv//OqcrmbLvtXsQXxiMOO2/eNf904ic94r/VZ/y/vPGlN3u1NX8RcT3OGn9yLFapsbldqu/t31zfXFqrrFW2yuXFhcX5d2+9Uy5lOepSJ1N92j/eu/Fqr/it8U/3iD91zvi/1uf4f/m/j3/wlSfE/8ZXz/78X39C/Naa+PU+4y9N/2aqV1sr/kqP8Z/3+d/oM/7Dv+6v9PlUAGAA6nv7G0vVamXnsgvp5YfICknEwQCG0y4UfvWTDwYV6xIL8Xx0Q+F5Kgx7ZgIu26cX/bB7AgAAAAAAAAAAAAAA9DKIPyca9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//2KH0wQ=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x18, 0x15, &(0x7f0000001000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x3}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xe}, @jmp={0x5, 0x1, 0x4, 0x1, 0x6, 0x80, 0xffffffffffffffff}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x9}]}, &(0x7f00000002c0)='syzkaller\x00', 0x7f, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000980)={0x1, 0xe, 0x0, 0x5}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001140)=[0xffffffffffffffff, r7, r7, r7, 0xffffffffffffffff, 0xffffffffffffffff, r2], &(0x7f0000001180)=[{0x0, 0x2, 0xf, 0x6}, {0x1, 0x5, 0x4, 0x9}], 0x10, 0x790}, 0x94)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x2, 0x2, 0x87, 0xffffffff, 0x314})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000001300)={{{@in6=@local, @in6=@private0}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in6=@mcast2}}, &(0x7f00000008c0)=0x16)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r0, r1}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="1804000000000000000000000000681a05529eaa774f5c000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x4c)
pipe2$watch_queue(&(0x7f0000000680), 0x80)

1.086668274s ago: executing program 3 (id=4004):
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000000201050000000000000000000a000001440002802c00018014000300fe8000000000000000000000000000bb14000400fe88000000000000000000000000010106000340000100000c000280050001"], 0x58}, 0x1, 0x0, 0x0, 0x8000014}, 0x10)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002120207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r2, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600"], 0x5b0}, 0x20008001)

1.073277024s ago: executing program 7 (id=4005):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff0200"/51], 0x0)

1.012627308s ago: executing program 3 (id=4006):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), r2)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x64, r4, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x2}, @ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfff}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r5}, 0x18)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
write$binfmt_misc(r6, &(0x7f0000000240), 0xfffffecc)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r7, 0x0, 0x7}, 0x18)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x3)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000800)='\x00')
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x2e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000010}, 0x10000840)

1.012221138s ago: executing program 7 (id=4007):
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x80000000)
memfd_secret(0x80000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200290000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00"/99])

874.032173ms ago: executing program 7 (id=4008):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000040085"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r5, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4)

515.390588ms ago: executing program 1 (id=4009):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x41, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaade4a21c793efd0853c43221114345c0180c20000000800450000280005000000db51486e46037d630d4c130e9997603c424d65ea9dad36e3d2f81111c29b0ba711f8c8764cba4522ef0ac012bbb384a2a02948a476075d68ef9b433c41e3e73d8c01c338381858c182400800d0270cebf1f75b042ba49a102a829aecd7ee4947183e98d06ab3e77b940196a6b4e011113052f3198dc56eb9628b4b4ff3a3b83e9cf5e6e819a130715b8ef7b568aeb67dedb284e1e87508df6503e439ba286a966c5e4e870e58a383fce43d5dfecffd6d4afae04478dc846c2a04fc44ad58bd44c81429c72d53446244dd251f7e581c7d29f90a3ff084c92e8c9ed5b4ed5fe300000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5cc2000090780000"], 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f00000004c0)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x89901)

152.132984ms ago: executing program 3 (id=4010):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESDEC=r0], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
socket$inet6(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7ffff000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xdb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)

116.610745ms ago: executing program 5 (id=4011):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x80642, 0x150)
pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r2, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4, 0x0, 0xb}, 0x18)
setxattr$trusted_overlay_upper(0x0, &(0x7f00000001c0), 0x0, 0x835, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) (async, rerun: 64)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6}, 0x10)
splice(r1, 0x0, r5, 0x0, 0x6, 0x0) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) (async)
setsockopt$inet6_tcp_int(r8, 0x6, 0x18, &(0x7f00000001c0), 0x4) (async)
r9 = socket$l2tp6(0xa, 0x2, 0x73) (async)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f00000004c0)={0xffffffff, 0x1, 0x0, 'queue1\x00', 0xb20})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r10, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100})
getsockopt$IP6T_SO_GET_ENTRIES(r9, 0x29, 0x41, 0xfffffffffffffffd, &(0x7f0000000040)) (async)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000050000000060a010400000000000000000100000008000b400000000028000480240001800b0001007470726f7879000014000280080003400000001108000140000000020900010073797a30000000f2130000001100010000000000000000000700000a16b0c569bde5e4a531748bd9ae72173d388ab29733a4f57ce70fb5cb924ce0b2d66de18138c661a560056036aac21b8d342e8c47d57acb9b6f02928a2e970285cb04150974ffd9a41682582900f42e8b41de60d7a6bb2dc2eb8cb35cc695e270afd534240d48d1dd46869ce8d23c53f917f8ec4379e5ca683574e24cf16339de4943b5d5bb3008c11c5cdf61e23be71ea4597cd16d0d3fd6c88cf37bae831c6dceee93e117d48c864f0aa52d5d11bc6eaa098ce400b89cb352b7baa13601e5e61d9beefbbbb70bc685458e4c3c40dadf8d9b27065c968840bc9e51f812"], 0xc4}}, 0x0)

0s ago: executing program 7 (id=4012):
r0 = socket(0x2, 0x3, 0xff)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r0, &(0x7f0000008b80)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000180)="189772100048f5c56a6aeb00ffffffff0bd8", 0x12}], 0x1, 0x0, 0x0, 0x4000}}, {{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0, 0x0, 0x1800}}], 0x2, 0x20000000)

kernel console output (not intermixed with test programs):

[T17592] loop0: detected capacity change from 0 to 256
[  266.495771][T17605] bond1: entered allmulticast mode
[  266.501271][T17605] 8021q: adding VLAN 0 to HW filter on device bond1
[  266.508686][T17609] FAULT_INJECTION: forcing a failure.
[  266.508686][T17609] name failslab, interval 1, probability 0, space 0, times 0
[  266.521433][T17609] CPU: 0 UID: 0 PID: 17609 Comm: syz.0.3416 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  266.521470][T17609] Tainted: [W]=WARN
[  266.521533][T17609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  266.521546][T17609] Call Trace:
[  266.521554][T17609]  <TASK>
[  266.521562][T17609]  __dump_stack+0x1d/0x30
[  266.521587][T17609]  dump_stack_lvl+0xe8/0x140
[  266.521602][T17609]  dump_stack+0x15/0x1b
[  266.521652][T17609]  should_fail_ex+0x265/0x280
[  266.521673][T17609]  should_failslab+0x8c/0xb0
[  266.521759][T17609]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  266.521784][T17609]  ? __alloc_skb+0x101/0x320
[  266.521803][T17609]  __alloc_skb+0x101/0x320
[  266.521855][T17609]  netlink_alloc_large_skb+0xbf/0xf0
[  266.521875][T17609]  netlink_sendmsg+0x3cf/0x6b0
[  266.521937][T17609]  ? __pfx_netlink_sendmsg+0x10/0x10
[  266.521949][T17609]  __sock_sendmsg+0x145/0x180
[  266.522071][T17609]  ____sys_sendmsg+0x31e/0x4e0
[  266.522086][T17609]  ___sys_sendmsg+0x17b/0x1d0
[  266.522107][T17609]  __x64_sys_sendmsg+0xd4/0x160
[  266.522122][T17609]  x64_sys_call+0x191e/0x3000
[  266.522210][T17609]  do_syscall_64+0xd2/0x200
[  266.522224][T17609]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  266.522241][T17609]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  266.522285][T17609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.522306][T17609] RIP: 0033:0x7fa96f7af749
[  266.522317][T17609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.522329][T17609] RSP: 002b:00007fa96e20f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.522344][T17609] RAX: ffffffffffffffda RBX: 00007fa96fa05fa0 RCX: 00007fa96f7af749
[  266.522352][T17609] RDX: 0000000000000800 RSI: 0000200000000180 RDI: 0000000000000003
[  266.522361][T17609] RBP: 00007fa96e20f090 R08: 0000000000000000 R09: 0000000000000000
[  266.522368][T17609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.522429][T17609] R13: 00007fa96fa06038 R14: 00007fa96fa05fa0 R15: 00007fff3460e0d8
[  266.522441][T17609]  </TASK>
[  266.528816][T17605] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3415'.
[  266.557788][T17611] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3418'.
[  266.644059][T17619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17619 comm=syz.4.3418
[  266.835045][T17638] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  266.841830][T17639] loop4: detected capacity change from 0 to 128
[  266.858800][T17639] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  266.905836][T15330] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  266.913815][T15330] FAT-fs (loop4): Filesystem has been set read-only
[  266.921153][T15330] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  267.036293][T17653] loop5: detected capacity change from 0 to 128
[  267.089736][T17656] loop3: detected capacity change from 0 to 512
[  267.133812][T17656] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.164913][T17656] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3439: corrupted inode contents
[  267.178185][T17656] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.3439: mark_inode_dirty error
[  267.190097][T17656] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3439: corrupted inode contents
[  267.203460][T17656] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3439: mark_inode_dirty error
[  267.230050][T17656] EXT4-fs error (device loop3): ext4_lookup:1784: inode #18: comm syz.3.3439: 'file0' linked to parent dir
[  267.285527][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.323580][T17658] lo speed is unknown, defaulting to 1000
[  267.464392][T17658] chnl_net:caif_netlink_parms(): no params data found
[  267.471537][   T29] kauditd_printk_skb: 631 callbacks suppressed
[  267.471554][   T29] audit: type=1326 audit(267.525:17964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.526930][   T29] audit: type=1326 audit(267.565:17965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.550142][   T29] audit: type=1326 audit(267.575:17966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.576564][   T29] audit: type=1326 audit(267.615:17967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17672 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.599711][   T29] audit: type=1326 audit(267.625:17968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.697459][T17689] loop0: detected capacity change from 0 to 128
[  267.719392][T17658] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.726911][T17658] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.739296][T17689] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  267.774904][T16259] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  267.776287][T17658] bridge_slave_0: entered allmulticast mode
[  267.783356][T16259] FAT-fs (loop0): Filesystem has been set read-only
[  267.793198][   T29] audit: type=1326 audit(267.675:17969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.818098][   T29] audit: type=1326 audit(267.695:17970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.835803][T16259] FAT-fs (loop0): error, corrupted directory (invalid entries)
[  267.841210][   T29] audit: type=1326 audit(267.705:17971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.841242][   T29] audit: type=1326 audit(267.715:17972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.841335][   T29] audit: type=1326 audit(267.725:17973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17670 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  267.849200][T17658] bridge_slave_0: entered promiscuous mode
[  267.926423][T17658] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.934445][T17658] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.943141][T17658] bridge_slave_1: entered allmulticast mode
[  267.951911][T17658] bridge_slave_1: entered promiscuous mode
[  267.953014][T17692] siw: device registration error -23
[  267.983115][T17658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.994053][T17658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.016870][T17658] team0: Port device team_slave_0 added
[  268.023991][T17658] team0: Port device team_slave_1 added
[  268.041943][T17658] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.049087][T17658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  268.075295][T17658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.090200][T17658] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.097255][T17658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  268.123747][T17658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.156907][T17658] hsr_slave_0: entered promiscuous mode
[  268.169000][T17658] hsr_slave_1: entered promiscuous mode
[  268.185299][T17658] debugfs: 'hsr0' already exists in 'hsr'
[  268.191128][T17658] Cannot create hsr debugfs directory
[  268.254784][ T3559] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  268.266275][ T3559] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.288449][T17703] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  268.363292][ T3559] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  268.373662][ T3559] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.430598][T17715] dummy0: entered promiscuous mode
[  268.436639][T17715] bond_slave_0: entered promiscuous mode
[  268.442673][T17715] bond_slave_0: left promiscuous mode
[  268.449255][T17715] dummy0: left promiscuous mode
[  268.465053][ T3559] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  268.475676][ T3559] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.525961][T17721] loop5: detected capacity change from 0 to 1024
[  268.551411][ T3559] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  268.557101][T17721] EXT4-fs: Ignoring removed orlov option
[  268.561918][ T3559] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.583219][T17721] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.634355][T17699] lo speed is unknown, defaulting to 1000
[  268.650407][T17658] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  268.692788][T17658] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  268.730172][T17658] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  268.803832][T17658] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  268.843223][ T3559] bridge_slave_1: left allmulticast mode
[  268.848927][ T3559] bridge_slave_1: left promiscuous mode
[  268.854699][ T3559] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.865024][ T3559] bridge_slave_0: left allmulticast mode
[  268.870772][ T3559] bridge_slave_0: left promiscuous mode
[  268.876498][ T3559] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.899793][T17734] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3457'.
[  268.920802][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.945821][T17736] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3458'.
[  269.019703][T17738] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=17738 comm=syz.5.3459
[  269.061625][ T3559] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  269.073650][ T3559] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  269.089747][ T3559] bond0 (unregistering): Released all slaves
[  269.106763][T15558] infiniband syb2: ib_query_port failed (-19)
[  269.137387][T17743] loop5: detected capacity change from 0 to 256
[  269.174529][T17699] chnl_net:caif_netlink_parms(): no params data found
[  269.191879][ T3559] tipc: Disabling bearer <udp:syz1>
[  269.197262][ T3559] tipc: Left network mode
[  269.207099][T17750] loop5: detected capacity change from 0 to 1024
[  269.215173][T17750] EXT4-fs: Ignoring removed orlov option
[  269.219407][T17658] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.222951][T17750] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.243878][ T3559] hsr_slave_0: left promiscuous mode
[  269.252073][ T3559] hsr_slave_1: left promiscuous mode
[  269.257928][ T3559] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  269.265529][ T3559] batman_adv: batadv0: Removing interface: batadv_slave_0
[  269.273287][ T3559] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  269.280801][ T3559] batman_adv: batadv0: Removing interface: batadv_slave_1
[  269.290100][ T3559] veth1_macvtap: left promiscuous mode
[  269.295608][ T3559] veth0_macvtap: left promiscuous mode
[  269.301167][ T3559] veth1_vlan: left promiscuous mode
[  269.307384][ T3559] veth0_vlan: left promiscuous mode
[  269.401073][ T3559] team0 (unregistering): Port device team_slave_1 removed
[  269.413548][ T3559] team0 (unregistering): Port device team_slave_0 removed
[  269.459744][ T3422] lo speed is unknown, defaulting to 1000
[  269.465556][ T3422] infiniband syz2: ib_query_port failed (-19)
[  269.493555][T17658] 8021q: adding VLAN 0 to HW filter on device team0
[  269.502256][T17699] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.509580][T17699] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.516843][T17699] bridge_slave_0: entered allmulticast mode
[  269.523858][T17699] bridge_slave_0: entered promiscuous mode
[  269.530786][T17699] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.537952][T17699] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.545218][T17699] bridge_slave_1: entered allmulticast mode
[  269.552798][T17699] bridge_slave_1: entered promiscuous mode
[  269.579535][  T117] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.586790][  T117] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.596538][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.599904][T17699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.620498][  T117] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.627751][  T117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.631786][T17763] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3464'.
[  269.645996][T17658] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  269.657158][T17658] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  269.670681][T17699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.696854][T17763] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17763 comm=syz.5.3464
[  269.698817][T17699] team0: Port device team_slave_0 added
[  269.717131][T17699] team0: Port device team_slave_1 added
[  269.756142][T17699] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.756215][T17699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.756246][T17699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.757272][T17699] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.807372][T17699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.833701][T17699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.879901][T17699] hsr_slave_0: entered promiscuous mode
[  269.880430][T17699] hsr_slave_1: entered promiscuous mode
[  269.880731][T17699] debugfs: 'hsr0' already exists in 'hsr'
[  269.880749][T17699] Cannot create hsr debugfs directory
[  269.993438][T17658] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.120466][T17699] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  270.130258][T17699] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  270.133233][T17699] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  270.147932][T17699] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  270.225514][T17699] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.234582][T17658] veth0_vlan: entered promiscuous mode
[  270.241747][T17658] veth1_vlan: entered promiscuous mode
[  270.245209][T17699] 8021q: adding VLAN 0 to HW filter on device team0
[  270.264395][ T3559] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.271727][ T3559] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.283440][T17658] veth0_macvtap: entered promiscuous mode
[  270.285561][ T3559] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.297254][ T3559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.327146][T17658] veth1_macvtap: entered promiscuous mode
[  270.338975][T17658] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.342667][T17658] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.366191][   T67] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.379118][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  270.380510][   T67] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.380598][   T67] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.380635][   T67] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.403307][T17699] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.511840][T17805] loop5: detected capacity change from 0 to 1024
[  270.518491][T17805] EXT4-fs: Ignoring removed orlov option
[  270.535941][T17805] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.644457][T17699] veth0_vlan: entered promiscuous mode
[  270.654280][T17820] xt_CT: You must specify a L4 protocol and not use inversions on it
[  270.670945][T17699] veth1_vlan: entered promiscuous mode
[  270.769007][T17699] veth0_macvtap: entered promiscuous mode
[  270.781828][T17699] veth1_macvtap: entered promiscuous mode
[  270.794890][T17699] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.813052][T17699] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.834624][   T67] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.843641][T17825] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  270.843655][   T67] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.864658][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.876572][   T67] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.903200][   T67] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.909662][T17827] loop5: detected capacity change from 0 to 256
[  270.934142][T17830] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3471'.
[  270.944211][T17830] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3471'.
[  270.989058][T17840] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17840 comm=syz.7.3475
[  271.064891][T17845] loop3: detected capacity change from 0 to 512
[  271.080128][T17845] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.113556][T17845] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3477: corrupted inode contents
[  271.113731][T17845] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.3477: mark_inode_dirty error
[  271.114013][T17845] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3477: corrupted inode contents
[  271.114164][T17845] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3477: mark_inode_dirty error
[  271.120494][T17845] EXT4-fs error (device loop3): ext4_lookup:1784: inode #18: comm syz.3.3477: 'file0' linked to parent dir
[  271.179484][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.194202][T17830] __nla_validate_parse: 1 callbacks suppressed
[  271.194219][T17830] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  271.272464][T17855] loop3: detected capacity change from 0 to 512
[  271.272832][T17855] EXT4-fs: Ignoring removed i_version option
[  271.272858][T17855] EXT4-fs: Ignoring removed bh option
[  271.328404][T17855] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.398074][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.450757][T17864] ÿÿÿÿÿÿ: renamed from vlan1
[  271.548756][T17869] loop3: detected capacity change from 0 to 128
[  271.573326][T17869] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  271.662204][T17869] Invalid ELF header magic: != ELF
[  271.678973][T17878] FAULT_INJECTION: forcing a failure.
[  271.678973][T17878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  271.679018][T17878] CPU: 0 UID: 0 PID: 17878 Comm: syz.1.3486 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  271.679048][T17878] Tainted: [W]=WARN
[  271.679054][T17878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  271.679065][T17878] Call Trace:
[  271.679112][T17878]  <TASK>
[  271.679121][T17878]  __dump_stack+0x1d/0x30
[  271.679145][T17878]  dump_stack_lvl+0xe8/0x140
[  271.679168][T17878]  dump_stack+0x15/0x1b
[  271.679187][T17878]  should_fail_ex+0x265/0x280
[  271.679221][T17878]  should_fail+0xb/0x20
[  271.679309][T17878]  should_fail_usercopy+0x1a/0x20
[  271.679328][T17878]  _copy_to_user+0x20/0xa0
[  271.679356][T17878]  simple_read_from_buffer+0xb5/0x130
[  271.679383][T17878]  proc_fail_nth_read+0x10e/0x150
[  271.679491][T17878]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  271.679519][T17878]  vfs_read+0x1a8/0x770
[  271.679563][T17878]  ? __cond_resched+0x4e/0x90
[  271.679594][T17878]  ksys_read+0xda/0x1a0
[  271.679685][T17878]  __x64_sys_read+0x40/0x50
[  271.679777][T17878]  x64_sys_call+0x27c0/0x3000
[  271.679840][T17878]  do_syscall_64+0xd2/0x200
[  271.679860][T17878]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  271.679940][T17878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.679964][T17878] RIP: 0033:0x7fb630c3e15c
[  271.679988][T17878] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  271.680007][T17878] RSP: 002b:00007fb62f6a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  271.680049][T17878] RAX: ffffffffffffffda RBX: 00007fb630e95fa0 RCX: 00007fb630c3e15c
[  271.680063][T17878] RDX: 000000000000000f RSI: 00007fb62f6a70a0 RDI: 0000000000000006
[  271.680077][T17878] RBP: 00007fb62f6a7090 R08: 0000000000000000 R09: 0000000000000000
[  271.680090][T17878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  271.680104][T17878] R13: 00007fb630e96038 R14: 00007fb630e95fa0 R15: 00007fff6331bdf8
[  271.680122][T17878]  </TASK>
[  271.681422][  T117] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  271.787717][T17881] loop3: detected capacity change from 0 to 4096
[  271.789762][T17881] EXT4-fs: Ignoring removed nomblk_io_submit option
[  271.797572][T17881] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.920824][T17886] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3489'.
[  271.988224][T17888] FAULT_INJECTION: forcing a failure.
[  271.988224][T17888] name failslab, interval 1, probability 0, space 0, times 0
[  271.988258][T17888] CPU: 1 UID: 0 PID: 17888 Comm: syz.1.3490 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  271.988447][T17888] Tainted: [W]=WARN
[  271.988456][T17888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  271.988469][T17888] Call Trace:
[  271.988476][T17888]  <TASK>
[  271.988484][T17888]  __dump_stack+0x1d/0x30
[  271.988573][T17888]  dump_stack_lvl+0xe8/0x140
[  271.988595][T17888]  dump_stack+0x15/0x1b
[  271.988616][T17888]  should_fail_ex+0x265/0x280
[  271.988664][T17888]  should_failslab+0x8c/0xb0
[  271.988754][T17888]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  271.988786][T17888]  ? __alloc_skb+0x101/0x320
[  271.988857][T17888]  __alloc_skb+0x101/0x320
[  271.988883][T17888]  netlink_alloc_large_skb+0xbf/0xf0
[  271.988942][T17888]  netlink_sendmsg+0x3cf/0x6b0
[  271.988974][T17888]  ? __pfx_netlink_sendmsg+0x10/0x10
[  271.988997][T17888]  __sock_sendmsg+0x145/0x180
[  271.989019][T17888]  ____sys_sendmsg+0x31e/0x4e0
[  271.989060][T17888]  ___sys_sendmsg+0x17b/0x1d0
[  271.989092][T17888]  __x64_sys_sendmsg+0xd4/0x160
[  271.989114][T17888]  x64_sys_call+0x191e/0x3000
[  271.989134][T17888]  do_syscall_64+0xd2/0x200
[  271.989191][T17888]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  271.989270][T17888]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  271.989303][T17888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.989324][T17888] RIP: 0033:0x7fb630c3f749
[  271.989382][T17888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.989402][T17888] RSP: 002b:00007fb62f6a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  271.989484][T17888] RAX: ffffffffffffffda RBX: 00007fb630e95fa0 RCX: 00007fb630c3f749
[  271.989524][T17888] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000004
[  271.989538][T17888] RBP: 00007fb62f6a7090 R08: 0000000000000000 R09: 0000000000000000
[  271.989552][T17888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.989566][T17888] R13: 00007fb630e96038 R14: 00007fb630e95fa0 R15: 00007fff6331bdf8
[  271.989587][T17888]  </TASK>
[  272.138978][T17896] xt_SECMARK: invalid mode: 2
[  272.393650][T17900] loop6: detected capacity change from 0 to 1024
[  272.410953][T17894] syzkaller0: entered promiscuous mode
[  272.510599][T17894] syzkaller0: entered allmulticast mode
[  272.533292][T17900] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  272.580403][T17906] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  272.622212][T17908] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  272.624945][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.705201][T17916] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  272.705201][T17916]    program syz.7.3500 not setting count and/or reply_len properly
[  272.715392][T17919] netlink: 'syz.3.3497': attribute type 8 has an invalid length.
[  272.738759][T17916] netlink: 'syz.7.3500': attribute type 10 has an invalid length.
[  272.747727][T17916] ipvlan0: entered allmulticast mode
[  272.750041][T17921] loop5: detected capacity change from 0 to 512
[  272.753089][T17916] veth0_vlan: entered allmulticast mode
[  272.766139][T17921] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  272.768678][T17916] team0: Device ipvlan0 failed to register rx_handler
[  272.801951][T17919] bridge0: entered promiscuous mode
[  272.809125][T17921] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.831490][T17926] netlink: 96 bytes leftover after parsing attributes in process `syz.7.3503'.
[  272.865301][T17928] loop3: detected capacity change from 0 to 512
[  272.872455][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.887166][T17928] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[  272.919731][   T29] kauditd_printk_skb: 199 callbacks suppressed
[  272.919749][   T29] audit: type=1326 audit(272.978:18171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  272.928586][T17933] loop5: detected capacity change from 0 to 2048
[  272.959726][T17933] msdos: Unknown parameter ' '
[  272.968185][   T29] audit: type=1326 audit(273.008:18172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  272.991787][   T29] audit: type=1326 audit(273.008:18173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.015072][   T29] audit: type=1326 audit(273.008:18174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.038264][   T29] audit: type=1326 audit(273.008:18175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.061272][   T29] audit: type=1326 audit(273.008:18176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.084519][   T29] audit: type=1326 audit(273.008:18177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.107576][   T29] audit: type=1326 audit(273.008:18178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.130522][   T29] audit: type=1326 audit(273.008:18179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.153592][   T29] audit: type=1326 audit(273.008:18180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17931 comm="syz.1.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  273.234003][T17944] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98
[  273.341312][T17946] loop3: detected capacity change from 0 to 1024
[  273.349226][T17946] EXT4-fs: Ignoring removed orlov option
[  273.358472][T17946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  273.414486][T17959] loop5: detected capacity change from 0 to 1024
[  273.421649][T17959] EXT4-fs: Ignoring removed orlov option
[  273.429692][T17959] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.553483][T17962] xt_CT: You must specify a L4 protocol and not use inversions on it
[  273.614338][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.635042][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.659721][T17964] loop6: detected capacity change from 0 to 1024
[  273.662972][T17966] loop5: detected capacity change from 0 to 512
[  273.667192][T17964] EXT4-fs: Ignoring removed orlov option
[  273.679422][T17966] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  273.683838][T17964] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.714463][T17966] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.761733][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.806218][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.852405][T17981] xt_CT: You must specify a L4 protocol and not use inversions on it
[  273.862379][T17980] FAULT_INJECTION: forcing a failure.
[  273.862379][T17980] name failslab, interval 1, probability 0, space 0, times 0
[  273.875135][T17980] CPU: 0 UID: 0 PID: 17980 Comm: syz.1.3519 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  273.875252][T17980] Tainted: [W]=WARN
[  273.875259][T17980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  273.875301][T17980] Call Trace:
[  273.875308][T17980]  <TASK>
[  273.875319][T17980]  __dump_stack+0x1d/0x30
[  273.875345][T17980]  dump_stack_lvl+0xe8/0x140
[  273.875368][T17980]  dump_stack+0x15/0x1b
[  273.875384][T17980]  should_fail_ex+0x265/0x280
[  273.875441][T17980]  should_failslab+0x8c/0xb0
[  273.875468][T17980]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  273.875541][T17980]  ? __alloc_skb+0x101/0x320
[  273.875572][T17980]  __alloc_skb+0x101/0x320
[  273.875596][T17980]  ? audit_log_start+0x342/0x720
[  273.875701][T17980]  audit_log_start+0x3a0/0x720
[  273.875719][T17980]  ? __account_obj_stock+0x211/0x350
[  273.875764][T17980]  audit_seccomp+0x48/0x100
[  273.875803][T17980]  ? __seccomp_filter+0x82d/0x1250
[  273.875837][T17980]  __seccomp_filter+0x83e/0x1250
[  273.875867][T17980]  ? do_dentry_open+0x914/0xa20
[  273.875886][T17980]  ? __rcu_read_unlock+0x4f/0x70
[  273.875914][T17980]  ? mntput_no_expire+0x6f/0x440
[  273.875988][T17980]  __secure_computing+0x82/0x150
[  273.876015][T17980]  syscall_trace_enter+0xcf/0x1e0
[  273.876058][T17980]  do_syscall_64+0xac/0x200
[  273.876081][T17980]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  273.876258][T17980]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  273.876287][T17980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.876352][T17980] RIP: 0033:0x7fb630c3e15c
[  273.876368][T17980] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  273.876426][T17980] RSP: 002b:00007fb62f6a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  273.876448][T17980] RAX: ffffffffffffffda RBX: 00007fb630e95fa0 RCX: 00007fb630c3e15c
[  273.876463][T17980] RDX: 000000000000000f RSI: 00007fb62f6a70a0 RDI: 0000000000000007
[  273.876477][T17980] RBP: 00007fb62f6a7090 R08: 0000000000000000 R09: 0000000000000000
[  273.876489][T17980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  273.876502][T17980] R13: 00007fb630e96038 R14: 00007fb630e95fa0 R15: 00007fff6331bdf8
[  273.876522][T17980]  </TASK>
[  274.179381][T17987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3518'.
[  274.233738][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  274.258500][T18001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3525'.
[  274.414121][T18014] FAULT_INJECTION: forcing a failure.
[  274.414121][T18014] name failslab, interval 1, probability 0, space 0, times 0
[  274.426817][T18014] CPU: 1 UID: 0 PID: 18014 Comm: syz.5.3530 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  274.426848][T18014] Tainted: [W]=WARN
[  274.426889][T18014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  274.426903][T18014] Call Trace:
[  274.426931][T18014]  <TASK>
[  274.426939][T18014]  __dump_stack+0x1d/0x30
[  274.426963][T18014]  dump_stack_lvl+0xe8/0x140
[  274.426984][T18014]  dump_stack+0x15/0x1b
[  274.427001][T18014]  should_fail_ex+0x265/0x280
[  274.427121][T18014]  should_failslab+0x8c/0xb0
[  274.427155][T18014]  kmem_cache_alloc_noprof+0x50/0x480
[  274.427188][T18014]  ? skb_ext_add+0xd4/0x380
[  274.427259][T18014]  ? ip_rcv_finish_core+0x315/0xb60
[  274.427284][T18014]  skb_ext_add+0xd4/0x380
[  274.427314][T18014]  ? ksys_write+0xda/0x1a0
[  274.427337][T18014]  ? __x64_sys_write+0x40/0x50
[  274.427371][T18014]  ? x64_sys_call+0x2802/0x3000
[  274.427430][T18014]  ? percpu_counter_add_batch+0xb6/0x130
[  274.427579][T18014]  xfrm_input+0x554/0x3cc0
[  274.427607][T18014]  vti_input+0x386/0x410
[  274.427626][T18014]  vti_rcv_proto+0x77/0x90
[  274.427643][T18014]  ? __pfx_xfrm4_esp_rcv+0x10/0x10
[  274.427706][T18014]  xfrm4_esp_rcv+0x4e/0xd0
[  274.427724][T18014]  ? __pfx_xfrm4_esp_rcv+0x10/0x10
[  274.427741][T18014]  ip_protocol_deliver_rcu+0x423/0x780
[  274.427766][T18014]  ip_local_deliver_finish+0x1fc/0x2f0
[  274.427791][T18014]  ip_local_deliver+0xe8/0x1c0
[  274.427885][T18014]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  274.427905][T18014]  ip_rcv_finish+0x194/0x1c0
[  274.427933][T18014]  ip_rcv+0x62/0x140
[  274.427955][T18014]  ? __pfx_ip_rcv_finish+0x10/0x10
[  274.427979][T18014]  ? __pfx_ip_rcv+0x10/0x10
[  274.428025][T18014]  __netif_receive_skb+0xff/0x270
[  274.428045][T18014]  ? tun_rx_batched+0xc7/0x430
[  274.428070][T18014]  netif_receive_skb+0x4b/0x2e0
[  274.428089][T18014]  ? tun_rx_batched+0xc7/0x430
[  274.428158][T18014]  tun_rx_batched+0xfc/0x430
[  274.428189][T18014]  tun_get_user+0x1f36/0x26e0
[  274.428227][T18014]  ? ref_tracker_alloc+0x1f2/0x2f0
[  274.428381][T18014]  tun_chr_write_iter+0x15e/0x210
[  274.428415][T18014]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  274.428493][T18014]  vfs_write+0x52a/0x960
[  274.428518][T18014]  ksys_write+0xda/0x1a0
[  274.428541][T18014]  __x64_sys_write+0x40/0x50
[  274.428567][T18014]  x64_sys_call+0x2802/0x3000
[  274.428639][T18014]  do_syscall_64+0xd2/0x200
[  274.428664][T18014]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  274.428692][T18014]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  274.428736][T18014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.428761][T18014] RIP: 0033:0x7fb05c07e1ff
[  274.428781][T18014] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  274.428803][T18014] RSP: 002b:00007fb05aae7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  274.428827][T18014] RAX: ffffffffffffffda RBX: 00007fb05c2d5fa0 RCX: 00007fb05c07e1ff
[  274.428842][T18014] RDX: 00000000000000be RSI: 0000200000000000 RDI: 00000000000000c8
[  274.428898][T18014] RBP: 00007fb05aae7090 R08: 0000000000000000 R09: 0000000000000000
[  274.428954][T18014] R10: 00000000000000be R11: 0000000000000293 R12: 0000000000000001
[  274.428969][T18014] R13: 00007fb05c2d6038 R14: 00007fb05c2d5fa0 R15: 00007ffc497c8b38
[  274.429046][T18014]  </TASK>
[  274.844457][T18020] Invalid ELF header magic: != ELF
[  274.989655][T18027] siw: device registration error -23
[  275.064067][T18038] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  275.070732][T18040] loop3: detected capacity change from 0 to 512
[  275.099507][T18040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.134308][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.160820][T18049] Invalid ELF header magic: != ELF
[  275.224848][T18054] loop3: detected capacity change from 0 to 512
[  275.248481][T18054] EXT4-fs: Ignoring removed i_version option
[  275.254557][T18054] EXT4-fs: Ignoring removed bh option
[  275.299045][T18054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.390145][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.480261][T18070] siw: device registration error -23
[  275.726627][T18080] syzkaller1: entered promiscuous mode
[  275.732149][T18080] syzkaller1: entered allmulticast mode
[  275.868600][T18087] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  275.903781][T18090] loop5: detected capacity change from 0 to 512
[  275.933468][T18090] EXT4-fs: Ignoring removed i_version option
[  275.940553][T18090] EXT4-fs: Ignoring removed bh option
[  275.963844][T18099] loop3: detected capacity change from 0 to 512
[  275.980852][T18102] loop7: detected capacity change from 0 to 512
[  276.000507][T18090] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.024791][T18099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.040515][T18102] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.105178][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.115097][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.138261][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.175563][T18117] loop3: detected capacity change from 0 to 1024
[  276.187787][T18117] EXT4-fs: Ignoring removed orlov option
[  276.197478][T18115] loop5: detected capacity change from 0 to 1024
[  276.198380][T18117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.239871][T18115] EXT4-fs: Ignoring removed orlov option
[  276.339713][T18126] xt_CT: You must specify a L4 protocol and not use inversions on it
[  276.352999][T18128] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  276.403299][T18129] xt_CT: You must specify a L4 protocol and not use inversions on it
[  276.501656][T18131] loop7: detected capacity change from 0 to 4096
[  276.541300][T18131] loop7: detected capacity change from 0 to 512
[  276.553341][T18131] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  276.566709][T18131] EXT4-fs (loop7): 1 truncate cleaned up
[  276.711012][T18146] lo speed is unknown, defaulting to 1000
[  276.721274][T18146] lo speed is unknown, defaulting to 1000
[  276.728626][T18146] lo speed is unknown, defaulting to 1000
[  276.737202][T18146] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  276.749848][T18146] lo speed is unknown, defaulting to 1000
[  276.757738][T18146] lo speed is unknown, defaulting to 1000
[  276.771391][T18146] lo speed is unknown, defaulting to 1000
[  276.779056][T18146] lo speed is unknown, defaulting to 1000
[  276.785607][T18146] lo speed is unknown, defaulting to 1000
[  276.786711][T18150] loop5: detected capacity change from 0 to 512
[  276.793162][T18146] lo speed is unknown, defaulting to 1000
[  276.811387][T18150] EXT4-fs: Ignoring removed i_version option
[  276.817465][T18150] EXT4-fs: Ignoring removed bh option
[  276.894657][T18158] loop7: detected capacity change from 0 to 128
[  276.974232][T18158] loop7: detected capacity change from 0 to 512
[  276.990025][T18158] EXT4-fs (loop7): orphan cleanup on readonly fs
[  276.997820][T18158] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.3581: bad orphan inode 13
[  277.009279][T18158] ext4_test_bit(bit=12, block=18) = 1
[  277.014700][T18158] is_bad_inode(inode)=0
[  277.019900][T18158] NEXT_ORPHAN(inode)=2130706432
[  277.024761][T18158] max_ino=32
[  277.028983][T18158] i_nlink=1
[  277.049040][T18158] binfmt_misc: register: failed to install interpreter file ./file2
[  277.161872][T18171] loop7: detected capacity change from 0 to 512
[  277.181918][T18173] siw: device registration error -23
[  277.212263][T18171] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #2: comm syz.7.3583: corrupted inode contents
[  277.235605][T18171] EXT4-fs error (device loop7): ext4_dirty_inode:6517: inode #2: comm syz.7.3583: mark_inode_dirty error
[  277.250123][T18171] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #2: comm syz.7.3583: corrupted inode contents
[  277.274047][T18171] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #2: comm syz.7.3583: mark_inode_dirty error
[  277.373324][T18179] EXT4-fs error (device loop7): ext4_lookup:1784: inode #18: comm syz.7.3583: 'file0' linked to parent dir
[  277.381174][T18183] netlink: 7 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.397525][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.406729][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.440598][T18186] netlink: 'syz.6.3589': attribute type 2 has an invalid length.
[  277.452817][T18183] netlink: 7 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.470376][T18191] loop7: detected capacity change from 0 to 512
[  277.486454][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.495461][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.505434][T18191] EXT4-fs: Ignoring removed i_version option
[  277.511618][T18191] EXT4-fs: Ignoring removed bh option
[  277.686828][T18183] netlink: 7 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.695913][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.705009][T18183] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3589'.
[  277.738913][T18198] syzkaller0: entered promiscuous mode
[  277.744547][T18198] syzkaller0: entered allmulticast mode
[  277.775175][T18198] xt_SECMARK: invalid mode: 2
[  277.806304][T18198] loop3: detected capacity change from 0 to 1024
[  277.956989][   T29] kauditd_printk_skb: 1291 callbacks suppressed
[  277.957132][   T29] audit: type=1326 audit(278.014:19467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  277.991520][   T29] audit: type=1326 audit(278.044:19468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.016247][   T29] audit: type=1326 audit(278.044:19469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.039775][   T29] audit: type=1326 audit(278.044:19470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.063971][   T29] audit: type=1326 audit(278.044:19471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.066852][T18219] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3596'.
[  278.088381][   T29] audit: type=1326 audit(278.044:19472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.124382][   T29] audit: type=1326 audit(278.044:19473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.148355][   T29] audit: type=1326 audit(278.044:19474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.172289][   T29] audit: type=1326 audit(278.044:19475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.195483][T18219] loop6: detected capacity change from 0 to 512
[  278.202638][   T29] audit: type=1326 audit(278.074:19476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18213 comm="syz.1.3593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  278.230015][T18219] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  278.238841][T18219] EXT4-fs (loop6): orphan cleanup on readonly fs
[  278.249147][T18219] EXT4-fs error (device loop6): ext4_do_update_inode:5632: inode #16: comm syz.6.3596: corrupted inode contents
[  278.261322][T18219] EXT4-fs (loop6): Remounting filesystem read-only
[  278.268454][T18219] EXT4-fs (loop6): 1 truncate cleaned up
[  278.274469][   T67] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  278.285136][   T67] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  278.296359][   T67] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  278.332790][T18215] lo speed is unknown, defaulting to 1000
[  278.402188][T18230] loop5: detected capacity change from 0 to 512
[  278.411123][T18230] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  278.421321][T18230] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  278.431626][T18230] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  278.432855][T18234] syz.3.3602 (18234): /proc/18233/oom_adj is deprecated, please use /proc/18233/oom_score_adj instead.
[  278.441864][T18230] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  278.461923][T18230] System zones: 0-2, 18-18, 34-35
[  278.487127][T18230] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3600: bg 0: block 353: padding at end of block bitmap is not set
[  278.511411][T18239] loop3: detected capacity change from 0 to 512
[  278.518753][T18239] EXT4-fs: Ignoring removed i_version option
[  278.524866][T18239] EXT4-fs: Ignoring removed bh option
[  278.567466][T18244] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18244 comm=syz.3.3605
[  278.812912][T18258] loop6: detected capacity change from 0 to 128
[  278.820802][T18258] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  278.990425][T18273] FAULT_INJECTION: forcing a failure.
[  278.990425][T18273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.003839][T18273] CPU: 0 UID: 0 PID: 18273 Comm: syz.1.3617 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  279.003880][T18273] Tainted: [W]=WARN
[  279.003888][T18273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  279.003958][T18273] Call Trace:
[  279.003967][T18273]  <TASK>
[  279.003975][T18273]  __dump_stack+0x1d/0x30
[  279.004001][T18273]  dump_stack_lvl+0xe8/0x140
[  279.004055][T18273]  dump_stack+0x15/0x1b
[  279.004075][T18273]  should_fail_ex+0x265/0x280
[  279.004110][T18273]  should_fail+0xb/0x20
[  279.004129][T18273]  should_fail_usercopy+0x1a/0x20
[  279.004248][T18273]  _copy_to_user+0x20/0xa0
[  279.004274][T18273]  simple_read_from_buffer+0xb5/0x130
[  279.004303][T18273]  proc_fail_nth_read+0x10e/0x150
[  279.004368][T18273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  279.004400][T18273]  vfs_read+0x1a8/0x770
[  279.004463][T18273]  ? __rcu_read_unlock+0x4f/0x70
[  279.004490][T18273]  ? __fget_files+0x184/0x1c0
[  279.004581][T18273]  ksys_read+0xda/0x1a0
[  279.004608][T18273]  __x64_sys_read+0x40/0x50
[  279.004654][T18273]  x64_sys_call+0x27c0/0x3000
[  279.004677][T18273]  do_syscall_64+0xd2/0x200
[  279.004700][T18273]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  279.004737][T18273]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  279.004887][T18273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.004910][T18273] RIP: 0033:0x7fb630c3e15c
[  279.004971][T18273] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  279.004991][T18273] RSP: 002b:00007fb62f6a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  279.005016][T18273] RAX: ffffffffffffffda RBX: 00007fb630e95fa0 RCX: 00007fb630c3e15c
[  279.005031][T18273] RDX: 000000000000000f RSI: 00007fb62f6a70a0 RDI: 0000000000000004
[  279.005045][T18273] RBP: 00007fb62f6a7090 R08: 0000000000000000 R09: 0000000000000000
[  279.005059][T18273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.005074][T18273] R13: 00007fb630e96038 R14: 00007fb630e95fa0 R15: 00007fff6331bdf8
[  279.005094][T18273]  </TASK>
[  279.263789][T18282] loop3: detected capacity change from 0 to 1024
[  279.272746][T18282] EXT4-fs: Ignoring removed orlov option
[  279.339723][T18284] lo speed is unknown, defaulting to 1000
[  279.642246][T18290] loop5: detected capacity change from 0 to 128
[  280.018656][T18290] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  280.104320][T18295] xt_CT: You must specify a L4 protocol and not use inversions on it
[  280.157601][T18302] loop5: detected capacity change from 0 to 256
[  280.272972][T18305] loop5: detected capacity change from 0 to 512
[  280.697383][T18324] loop7: detected capacity change from 0 to 512
[  280.940275][T18335] loop6: detected capacity change from 0 to 256
[  280.963701][T18337] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  280.994859][T18342] loop3: detected capacity change from 0 to 512
[  281.051566][T18349] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  281.464367][T18377] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  281.609018][T18382] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  281.641977][T18387] loop7: detected capacity change from 0 to 128
[  281.650120][T18387] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  281.694176][T18390] loop7: detected capacity change from 0 to 1024
[  281.702260][T18390] EXT4-fs: Ignoring removed orlov option
[  281.829792][T18397] xt_CT: You must specify a L4 protocol and not use inversions on it
[  281.883809][T18402] loop6: detected capacity change from 0 to 1024
[  281.891857][T18402] EXT4-fs: Ignoring removed orlov option
[  281.965774][T18410] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  282.018010][T18414] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.108476][T18420] loop5: detected capacity change from 0 to 128
[  282.115445][T18420] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  282.178443][ T2262] Bluetooth: hci0: Frame reassembly failed (-84)
[  282.263908][T18431] loop6: detected capacity change from 0 to 1024
[  282.271189][T18431] EXT4-fs: Ignoring removed orlov option
[  282.392260][T18438] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.552813][T18444] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  282.570109][T18442] __nla_validate_parse: 3 callbacks suppressed
[  282.570121][T18442] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3678'.
[  282.602108][T18447] loop3: detected capacity change from 0 to 512
[  282.611497][T18449] loop6: detected capacity change from 0 to 128
[  282.621590][T18447] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3680: corrupted inode contents
[  282.626240][T18449] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  282.635044][T18447] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.3680: mark_inode_dirty error
[  282.655573][T18447] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3680: corrupted inode contents
[  282.667645][T18447] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3680: mark_inode_dirty error
[  282.684609][T18447] EXT4-fs error (device loop3): ext4_lookup:1784: inode #18: comm syz.3.3680: 'file0' linked to parent dir
[  282.723613][T18456] loop3: detected capacity change from 0 to 512
[  282.724388][T18456] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  282.739852][T18456] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  282.740426][T18456] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  282.757819][T18456] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  282.757853][T18456] System zones: 0-2, 18-18, 34-35
[  282.772560][T18456] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3683: bg 0: block 353: padding at end of block bitmap is not set
[  282.830708][T18462] lo speed is unknown, defaulting to 1000
[  282.887409][T18462] vhci_hcd: invalid port number 9
[  282.933561][T18462] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3685'.
[  283.003912][T18476] netlink: 'syz.3.3690': attribute type 4 has an invalid length.
[  283.015378][T18476] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3690'.
[  283.020750][   T29] kauditd_printk_skb: 455 callbacks suppressed
[  283.020767][   T29] audit: type=1326 audit(283.074:19926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18472 comm="syz.1.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  283.055334][   T29] audit: type=1326 audit(283.074:19927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18472 comm="syz.1.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  283.079078][   T29] audit: type=1326 audit(283.074:19928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18472 comm="syz.1.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  283.103275][   T29] audit: type=1326 audit(283.074:19929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18472 comm="syz.1.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  283.159809][T18479] FAULT_INJECTION: forcing a failure.
[  283.159809][T18479] name failslab, interval 1, probability 0, space 0, times 0
[  283.173259][T18479] CPU: 1 UID: 0 PID: 18479 Comm: syz.3.3691 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  283.173339][T18479] Tainted: [W]=WARN
[  283.173343][T18479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  283.173351][T18479] Call Trace:
[  283.173355][T18479]  <TASK>
[  283.173361][T18479]  __dump_stack+0x1d/0x30
[  283.173378][T18479]  dump_stack_lvl+0xe8/0x140
[  283.173391][T18479]  dump_stack+0x15/0x1b
[  283.173403][T18479]  should_fail_ex+0x265/0x280
[  283.173430][T18479]  should_failslab+0x8c/0xb0
[  283.173516][T18479]  __kmalloc_noprof+0xa5/0x570
[  283.173533][T18479]  ? security_prepare_creds+0x52/0x120
[  283.173596][T18479]  security_prepare_creds+0x52/0x120
[  283.173627][T18479]  prepare_creds+0x34a/0x4c0
[  283.173648][T18479]  lookup_user_key+0x12a/0xd10
[  283.173680][T18479]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  283.173852][T18479]  __se_sys_add_key+0x268/0x350
[  283.173873][T18479]  __x64_sys_add_key+0x67/0x80
[  283.173949][T18479]  x64_sys_call+0x28c8/0x3000
[  283.173964][T18479]  do_syscall_64+0xd2/0x200
[  283.173977][T18479]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  283.174018][T18479]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  283.174038][T18479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.174052][T18479] RIP: 0033:0x7f54196cf749
[  283.174102][T18479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.174114][T18479] RSP: 002b:00007f541812f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  283.174129][T18479] RAX: ffffffffffffffda RBX: 00007f5419925fa0 RCX: 00007f54196cf749
[  283.174139][T18479] RDX: 00002000000000c0 RSI: 0000000000000000 RDI: 0000200000000040
[  283.174189][T18479] RBP: 00007f541812f090 R08: ffffffffffffffff R09: 0000000000000000
[  283.174198][T18479] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  283.174206][T18479] R13: 00007f5419926038 R14: 00007f5419925fa0 R15: 00007ffe02d5ebd8
[  283.174219][T18479]  </TASK>
[  283.193422][T18462] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3685'.
[  283.392789][   T29] audit: type=1400 audit(283.444:19930): avc:  denied  { create } for  pid=18482 comm="syz.3.3692" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_socket permissive=1
[  283.465235][   T29] audit: type=1326 audit(283.514:19931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18482 comm="syz.3.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54196cf749 code=0x7ffc0000
[  283.489839][   T29] audit: type=1326 audit(283.544:19932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18482 comm="syz.3.3692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54196cf749 code=0x7ffc0000
[  283.601737][T18496] loop6: detected capacity change from 0 to 512
[  283.608834][T18496] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  283.618013][T18496] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  283.647069][T18496] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended
[  283.656596][T18496] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  283.664707][T18496] System zones: 0-2, 18-18, 34-35
[  284.115073][T18505] loop7: detected capacity change from 0 to 512
[  284.138483][T18505] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #4: comm syz.7.3699: corrupted inode contents
[  284.150602][T18505] EXT4-fs error (device loop7): ext4_dirty_inode:6517: inode #4: comm syz.7.3699: mark_inode_dirty error
[  284.162686][T18505] EXT4-fs error (device loop7): ext4_do_update_inode:5632: inode #4: comm syz.7.3699: corrupted inode contents
[  284.174723][T18505] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #4: comm syz.7.3699: mark_inode_dirty error
[  284.186207][T18505] Quota error (device loop7): write_blk: dquota write failed
[  284.193692][T18505] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  284.203656][T18505] EXT4-fs error (device loop7): ext4_acquire_dquot:6945: comm syz.7.3699: Failed to acquire dquot type 1
[  284.215919][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  284.380353][T18510] $Hÿ: renamed from bond0
[  284.386608][T18510] $Hÿ: entered promiscuous mode
[  284.405045][T18510] lo speed is unknown, defaulting to 1000
[  284.556468][T18519] IPv6: NLM_F_CREATE should be specified when creating new route
[  284.556482][T18519] FAULT_INJECTION: forcing a failure.
[  284.556482][T18519] name failslab, interval 1, probability 0, space 0, times 0
[  284.556516][T18519] CPU: 0 UID: 0 PID: 18519 Comm: syz.7.3702 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  284.556547][T18519] Tainted: [W]=WARN
[  284.556553][T18519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  284.556603][T18519] Call Trace:
[  284.556611][T18519]  <TASK>
[  284.556618][T18519]  __dump_stack+0x1d/0x30
[  284.556643][T18519]  dump_stack_lvl+0xe8/0x140
[  284.556664][T18519]  dump_stack+0x15/0x1b
[  284.556684][T18519]  should_fail_ex+0x265/0x280
[  284.556748][T18519]  ? fib6_new_table+0x97/0x210
[  284.556777][T18519]  should_failslab+0x8c/0xb0
[  284.556810][T18519]  __kmalloc_cache_noprof+0x4c/0x4a0
[  284.556853][T18519]  fib6_new_table+0x97/0x210
[  284.556897][T18519]  ip6_route_info_create+0xaf/0x390
[  284.556958][T18519]  ip6_route_add+0x49/0x170
[  284.557022][T18519]  inet6_rtm_newroute+0x112/0x1020
[  284.557110][T18519]  ? bsearch+0x95/0xc0
[  284.557133][T18519]  ? __pfx_cmp_ex_search+0x10/0x10
[  284.557216][T18519]  ? strncpy_from_kernel_nofault+0x78/0x130
[  284.557240][T18519]  ? __memcg_slab_free_hook+0x135/0x230
[  284.557333][T18519]  ? selinux_capable+0x31/0x40
[  284.557355][T18519]  ? security_capable+0x83/0x90
[  284.557383][T18519]  ? ns_capable+0x7d/0xb0
[  284.557432][T18519]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[  284.557462][T18519]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  284.557511][T18519]  netlink_rcv_skb+0x123/0x220
[  284.557544][T18519]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  284.557575][T18519]  rtnetlink_rcv+0x1c/0x30
[  284.557612][T18519]  netlink_unicast+0x5c0/0x690
[  284.557646][T18519]  netlink_sendmsg+0x58b/0x6b0
[  284.557671][T18519]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.557696][T18519]  __sock_sendmsg+0x145/0x180
[  284.557752][T18519]  ____sys_sendmsg+0x31e/0x4e0
[  284.557773][T18519]  ___sys_sendmsg+0x17b/0x1d0
[  284.557806][T18519]  __x64_sys_sendmsg+0xd4/0x160
[  284.557833][T18519]  x64_sys_call+0x191e/0x3000
[  284.557867][T18519]  do_syscall_64+0xd2/0x200
[  284.557967][T18519]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  284.557992][T18519]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  284.558085][T18519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.558112][T18519] RIP: 0033:0x7f3e228cf749
[  284.558131][T18519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.558210][T18519] RSP: 002b:00007f3e21337038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  284.558231][T18519] RAX: ffffffffffffffda RBX: 00007f3e22b25fa0 RCX: 00007f3e228cf749
[  284.558246][T18519] RDX: 0000000020040844 RSI: 0000200000000340 RDI: 0000000000000005
[  284.558262][T18519] RBP: 00007f3e21337090 R08: 0000000000000000 R09: 0000000000000000
[  284.558276][T18519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.558289][T18519] R13: 00007f3e22b26038 R14: 00007f3e22b25fa0 R15: 00007ffd5c604838
[  284.558307][T18519]  </TASK>
[  284.823114][T18525] loop5: detected capacity change from 0 to 512
[  284.919226][T18529] serio: Serial port ptm0
[  285.071231][T18535] loop7: detected capacity change from 0 to 1024
[  285.078592][T18535] EXT4-fs: Ignoring removed orlov option
[  285.084439][T18535] EXT4-fs: Ignoring removed nomblk_io_submit option
[  285.217715][T18541] FAULT_INJECTION: forcing a failure.
[  285.217715][T18541] name failslab, interval 1, probability 0, space 0, times 0
[  285.230424][T18541] CPU: 0 UID: 0 PID: 18541 Comm: syz.5.3710 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  285.230525][T18541] Tainted: [W]=WARN
[  285.230533][T18541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  285.230578][T18541] Call Trace:
[  285.230584][T18541]  <TASK>
[  285.230592][T18541]  __dump_stack+0x1d/0x30
[  285.230694][T18541]  dump_stack_lvl+0xe8/0x140
[  285.230717][T18541]  dump_stack+0x15/0x1b
[  285.230736][T18541]  should_fail_ex+0x265/0x280
[  285.230768][T18541]  should_failslab+0x8c/0xb0
[  285.230829][T18541]  kmem_cache_alloc_noprof+0x50/0x480
[  285.230861][T18541]  ? dst_alloc+0xbd/0x100
[  285.230898][T18541]  dst_alloc+0xbd/0x100
[  285.230926][T18541]  ? ip_route_input_rcu+0x122/0x1cd0
[  285.230962][T18541]  ip_route_output_key_hash_rcu+0xf29/0x1380
[  285.230997][T18541]  ip_route_output_key_hash+0x63/0xa0
[  285.231032][T18541]  tcp_v4_connect+0x3e4/0xaf0
[  285.231133][T18541]  __inet_stream_connect+0x169/0x7d0
[  285.231154][T18541]  ? _raw_spin_unlock_bh+0x36/0x40
[  285.231272][T18541]  ? release_sock+0x116/0x150
[  285.231303][T18541]  ? _raw_spin_unlock_bh+0x36/0x40
[  285.231332][T18541]  ? lock_sock_nested+0x112/0x140
[  285.231453][T18541]  ? selinux_netlbl_socket_connect+0x115/0x130
[  285.231480][T18541]  inet_stream_connect+0x44/0x70
[  285.231502][T18541]  ? __pfx_inet_stream_connect+0x10/0x10
[  285.231602][T18541]  __sys_connect+0x1f2/0x2b0
[  285.231631][T18541]  __x64_sys_connect+0x3f/0x50
[  285.231708][T18541]  x64_sys_call+0x2c0c/0x3000
[  285.231772][T18541]  do_syscall_64+0xd2/0x200
[  285.231795][T18541]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  285.231827][T18541]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  285.231921][T18541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.231960][T18541] RIP: 0033:0x7fb05c07f749
[  285.231976][T18541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.231995][T18541] RSP: 002b:00007fb05aae7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  285.232019][T18541] RAX: ffffffffffffffda RBX: 00007fb05c2d5fa0 RCX: 00007fb05c07f749
[  285.232072][T18541] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  285.232086][T18541] RBP: 00007fb05aae7090 R08: 0000000000000000 R09: 0000000000000000
[  285.232100][T18541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.232115][T18541] R13: 00007fb05c2d6038 R14: 00007fb05c2d5fa0 R15: 00007ffc497c8b38
[  285.232137][T18541]  </TASK>
[  285.557524][T17699] EXT4-fs unmount: 40 callbacks suppressed
[  285.557547][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.590685][   T29] audit: type=1326 audit(285.644:19933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18549 comm="syz.5.3714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  285.617243][T18550] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  285.771036][T18562] loop7: detected capacity change from 0 to 512
[  285.779030][T18562] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  285.789014][T18562] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem
[  285.799173][T18562] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended
[  285.809783][T18562] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  285.820668][T18562] System zones: 0-2, 18-18, 34-35
[  285.827217][T18562] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.906956][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.945539][T18565] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3719'.
[  285.979458][T18568] loop7: detected capacity change from 0 to 1024
[  285.986732][T18568] EXT4-fs: Ignoring removed orlov option
[  285.994778][T18568] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.068891][T18574] xt_CT: You must specify a L4 protocol and not use inversions on it
[  286.212106][T18584] loop6: detected capacity change from 0 to 512
[  286.219678][T18584] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  286.232231][T18584] EXT4-fs (loop6): 1 truncate cleaned up
[  286.238661][T18584] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  286.302006][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.349678][T18587] loop6: detected capacity change from 0 to 512
[  286.358033][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.367257][T18587] EXT4-fs: Invalid want_extra_isize 2048
[  286.383922][T18587] netlink: 'syz.6.3729': attribute type 22 has an invalid length.
[  286.408548][T18589] loop7: detected capacity change from 0 to 2048
[  286.415311][T18589] msdos: Unknown parameter ' '
[  286.475332][T18596] loop3: detected capacity change from 0 to 512
[  286.482442][T18596] EXT4-fs: Ignoring removed i_version option
[  286.488738][T18596] EXT4-fs: Ignoring removed bh option
[  286.514931][T18596] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.546184][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.568594][T18604] loop3: detected capacity change from 0 to 128
[  286.575587][T18604] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  286.622954][T18607] loop3: detected capacity change from 0 to 1024
[  286.630940][T18607] EXT4-fs: Ignoring removed orlov option
[  286.640620][T18607] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.724674][T18609] xt_CT: You must specify a L4 protocol and not use inversions on it
[  286.893096][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.968822][T18619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3739'.
[  286.979094][T18619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18619 comm=syz.3.3739
[  287.283149][T18624] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3742'.
[  287.283698][T18624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18624 comm=syz.5.3742
[  287.299918][T18627] loop7: detected capacity change from 0 to 1024
[  287.317521][T18627] EXT4-fs: Ignoring removed orlov option
[  287.327619][T18627] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.409806][T18632] xt_CT: You must specify a L4 protocol and not use inversions on it
[  287.736082][ T3501] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  287.792185][T18636] loop6: detected capacity change from 0 to 4096
[  287.792525][T18636] EXT4-fs: Ignoring removed mblk_io_submit option
[  287.792627][T18636] EXT4-fs: test_dummy_encryption option not supported
[  287.800661][T18636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.800786][T18636] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.801386][T18636] dummy0: entered promiscuous mode
[  287.801698][T18636] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3744'.
[  287.811861][T18636] dummy0 (unregistering): left promiscuous mode
[  287.864432][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.958952][T18640] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3746'.
[  288.084305][   T29] kauditd_printk_skb: 115 callbacks suppressed
[  288.084322][   T29] audit: type=1400 audit(288.134:20049): avc:  denied  { bind } for  pid=18646 comm="syz.3.3750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  288.297685][T18657] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  288.891738][T18667] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3757'.
[  288.901569][T18667] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18667 comm=syz.5.3757
[  289.167631][  T117] Bluetooth: hci0: Frame reassembly failed (-84)
[  289.448051][T18695] netlink: 176 bytes leftover after parsing attributes in process `syz.1.3769'.
[  289.455535][   T29] audit: type=1400 audit(289.504:20050): avc:  denied  { connect } for  pid=18694 comm="syz.1.3769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  289.477881][   T29] audit: type=1326 audit(289.514:20051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.477936][   T29] audit: type=1326 audit(289.514:20052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.477966][   T29] audit: type=1326 audit(289.514:20053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.477996][   T29] audit: type=1326 audit(289.514:20054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.478025][   T29] audit: type=1326 audit(289.514:20055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.478065][   T29] audit: type=1326 audit(289.514:20056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.478087][   T29] audit: type=1326 audit(289.514:20057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.478110][   T29] audit: type=1326 audit(289.514:20058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18694 comm="syz.1.3769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  289.722505][T18702] FAULT_INJECTION: forcing a failure.
[  289.722505][T18702] name failslab, interval 1, probability 0, space 0, times 0
[  289.722536][T18702] CPU: 0 UID: 0 PID: 18702 Comm: syz.7.3771 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  289.722565][T18702] Tainted: [W]=WARN
[  289.722571][T18702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  289.722584][T18702] Call Trace:
[  289.722591][T18702]  <TASK>
[  289.722600][T18702]  __dump_stack+0x1d/0x30
[  289.722646][T18702]  dump_stack_lvl+0xe8/0x140
[  289.722732][T18702]  dump_stack+0x15/0x1b
[  289.722749][T18702]  should_fail_ex+0x265/0x280
[  289.722803][T18702]  ? ctnetlink_alloc_filter+0x4d/0x550
[  289.722835][T18702]  should_failslab+0x8c/0xb0
[  289.722860][T18702]  __kmalloc_cache_noprof+0x4c/0x4a0
[  289.722972][T18702]  ctnetlink_alloc_filter+0x4d/0x550
[  289.722997][T18702]  ctnetlink_del_conntrack+0x420/0x4f0
[  289.723020][T18702]  nfnetlink_rcv_msg+0x4c6/0x590
[  289.723058][T18702]  netlink_rcv_skb+0x123/0x220
[  289.723133][T18702]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  289.723166][T18702]  nfnetlink_rcv+0x167/0x16c0
[  289.723206][T18702]  ? kmem_cache_free+0xe4/0x3d0
[  289.723253][T18702]  ? __kfree_skb+0x109/0x150
[  289.723280][T18702]  ? nlmon_xmit+0x4f/0x60
[  289.723305][T18702]  ? consume_skb+0x49/0x150
[  289.723342][T18702]  ? nlmon_xmit+0x4f/0x60
[  289.723366][T18702]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  289.723416][T18702]  ? __dev_queue_xmit+0x1200/0x2000
[  289.723466][T18702]  ? __dev_queue_xmit+0x182/0x2000
[  289.723549][T18702]  ? ref_tracker_free+0x37d/0x3e0
[  289.723589][T18702]  ? __netlink_deliver_tap+0x4dc/0x500
[  289.723612][T18702]  netlink_unicast+0x5c0/0x690
[  289.723646][T18702]  netlink_sendmsg+0x58b/0x6b0
[  289.723730][T18702]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.723751][T18702]  __sock_sendmsg+0x145/0x180
[  289.723835][T18702]  ____sys_sendmsg+0x31e/0x4e0
[  289.723858][T18702]  ___sys_sendmsg+0x17b/0x1d0
[  289.723891][T18702]  __x64_sys_sendmsg+0xd4/0x160
[  289.723915][T18702]  x64_sys_call+0x191e/0x3000
[  289.724011][T18702]  do_syscall_64+0xd2/0x200
[  289.724034][T18702]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  289.724064][T18702]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  289.724122][T18702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.724145][T18702] RIP: 0033:0x7f3e228cf749
[  289.724162][T18702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.724250][T18702] RSP: 002b:00007f3e21337038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  289.724271][T18702] RAX: ffffffffffffffda RBX: 00007f3e22b25fa0 RCX: 00007f3e228cf749
[  289.724285][T18702] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[  289.724298][T18702] RBP: 00007f3e21337090 R08: 0000000000000000 R09: 0000000000000000
[  289.724312][T18702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.724326][T18702] R13: 00007f3e22b26038 R14: 00007f3e22b25fa0 R15: 00007ffd5c604838
[  289.724363][T18702]  </TASK>
[  289.932788][T18709] netlink: 'syz.7.3774': attribute type 3 has an invalid length.
[  289.933109][T18710] tmpfs: Bad value for 'nr_inodes'
[  290.165628][T18715] loop7: detected capacity change from 0 to 1024
[  290.166299][T18715] EXT4-fs: Ignoring removed orlov option
[  290.203083][T18720] siw: device registration error -23
[  290.207613][T18715] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.305482][T18724] xt_CT: You must specify a L4 protocol and not use inversions on it
[  290.348115][T18725] netlink: 176 bytes leftover after parsing attributes in process `syz.1.3780'.
[  290.572448][T18730] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3782'.
[  290.619214][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.649325][T18734] loop5: detected capacity change from 0 to 2048
[  290.656484][T18734] msdos: Unknown parameter ' '
[  290.702787][T18738] loop6: detected capacity change from 0 to 256
[  290.713588][T18740] loop7: detected capacity change from 0 to 512
[  290.729694][T18740] EXT4-fs: Ignoring removed i_version option
[  290.735811][T18740] EXT4-fs: Ignoring removed bh option
[  290.762892][T18740] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.773202][T18742] lo speed is unknown, defaulting to 1000
[  290.812070][T18749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3789'.
[  290.821592][T18749] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18749 comm=syz.1.3789
[  290.847735][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.896894][T18755] loop7: detected capacity change from 0 to 512
[  290.904219][T18755] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  290.920265][T18755] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.951016][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.044970][T18763] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3793'.
[  291.176264][ T3501] Bluetooth: hci0: command 0x1003 tx timeout
[  291.182471][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  291.366667][T18770] loop6: detected capacity change from 0 to 4096
[  291.367047][T18770] EXT4-fs: Ignoring removed mblk_io_submit option
[  291.367120][T18770] EXT4-fs: test_dummy_encryption option not supported
[  291.386390][T18770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  291.409446][T18770] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  291.459531][T18770] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3795'.
[  291.531657][T18783] loop5: detected capacity change from 0 to 512
[  291.531993][T18783] EXT4-fs: Ignoring removed i_version option
[  291.544476][T18783] EXT4-fs: Ignoring removed bh option
[  291.589611][T18783] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.663651][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.728493][T18792] loop3: detected capacity change from 0 to 512
[  291.750737][T18792] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  291.790830][T18796] loop5: detected capacity change from 0 to 512
[  291.805503][T18792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.842109][T18794] syzkaller0: entered promiscuous mode
[  291.848679][T18794] syzkaller0: entered allmulticast mode
[  291.871414][T18796] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.895341][T18799] xt_SECMARK: invalid mode: 2
[  291.923501][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.945698][T18796] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.3805: corrupted inode contents
[  291.961481][T18796] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.3805: mark_inode_dirty error
[  291.974439][T18796] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.3805: corrupted inode contents
[  291.988209][T18796] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.3805: mark_inode_dirty error
[  292.028864][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.062153][T18806] loop3: detected capacity change from 0 to 256
[  292.085097][T18814] loop5: detected capacity change from 0 to 2048
[  292.094599][T18814] msdos: Unknown parameter ' '
[  292.099316][  T117] Bluetooth: hci0: Frame reassembly failed (-84)
[  292.189253][T18822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3814'.
[  292.199425][T18822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18822 comm=syz.3.3814
[  292.346483][T18826] ip6t_srh: unknown srh match flags  4000
[  292.366443][T18826] loop7: detected capacity change from 0 to 512
[  292.373846][T18826] EXT4-fs (loop7): can't read group descriptor 0
[  292.968751][T18834] syzkaller0: entered promiscuous mode
[  292.968847][T18834] syzkaller0: entered allmulticast mode
[  292.973590][T18834] xt_SECMARK: invalid mode: 2
[  293.115260][T18842] loop3: detected capacity change from 0 to 2048
[  293.122875][T18842] msdos: Unknown parameter ' '
[  293.329189][T18849] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  293.359263][   T29] kauditd_printk_skb: 110 callbacks suppressed
[  293.359279][   T29] audit: type=1400 audit(293.414:20169): avc:  denied  { name_bind } for  pid=18850 comm="syz.7.3826" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  293.365241][T18851] sch_fq: defrate 53322 ignored.
[  293.429599][   T29] audit: type=1107 audit(293.484:20170): pid=18852 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  293.444322][T18840] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(13)
[  293.450942][T18840] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  293.458885][T18840] vhci_hcd vhci_hcd.0: Device attached
[  293.467437][T18854] vhci_hcd: connection closed
[  293.467612][   T67] vhci_hcd: stop threads
[  293.476844][   T67] vhci_hcd: release socket
[  293.481275][   T67] vhci_hcd: disconnect device
[  293.515704][T18857] siw: device registration error -23
[  293.535320][T18859] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3829'.
[  293.545507][T18859] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18859 comm=syz.7.3829
[  294.028561][T18866] netlink: 256 bytes leftover after parsing attributes in process `syz.5.3833'.
[  294.145874][ T3501] Bluetooth: hci0: command 0x1003 tx timeout
[  294.145948][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  294.278275][T18878] loop6: detected capacity change from 0 to 256
[  294.278456][T18879] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3837'.
[  294.298615][T18881] loop5: detected capacity change from 0 to 512
[  294.299209][T18881] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  294.313616][T18881] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.435283][T18881] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.3838: deleted inode referenced: 16
[  294.447379][   T29] audit: type=1400 audit(294.484:20171): avc:  denied  { rename } for  pid=18880 comm="syz.5.3838" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  294.459025][T18889] loop7: detected capacity change from 0 to 2048
[  294.477913][T18889] msdos: Unknown parameter ' '
[  294.478746][T18881] netlink: 176 bytes leftover after parsing attributes in process `syz.5.3838'.
[  294.513099][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.656846][T18892] FAULT_INJECTION: forcing a failure.
[  294.656846][T18892] name failslab, interval 1, probability 0, space 0, times 0
[  294.670266][T18892] CPU: 1 UID: 0 PID: 18892 Comm: syz.5.3841 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  294.670373][T18892] Tainted: [W]=WARN
[  294.670442][T18892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  294.670450][T18892] Call Trace:
[  294.670455][T18892]  <TASK>
[  294.670486][T18892]  __dump_stack+0x1d/0x30
[  294.670503][T18892]  dump_stack_lvl+0xe8/0x140
[  294.670538][T18892]  dump_stack+0x15/0x1b
[  294.670550][T18892]  should_fail_ex+0x265/0x280
[  294.670655][T18892]  should_failslab+0x8c/0xb0
[  294.670684][T18892]  __kmalloc_noprof+0xa5/0x570
[  294.670714][T18892]  ? alloc_pipe_info+0x1c9/0x350
[  294.670757][T18892]  alloc_pipe_info+0x1c9/0x350
[  294.670819][T18892]  splice_direct_to_actor+0x592/0x680
[  294.670870][T18892]  ? kstrtouint_from_user+0x9f/0xf0
[  294.670883][T18892]  ? __pfx_direct_splice_actor+0x10/0x10
[  294.670898][T18892]  ? __rcu_read_unlock+0x4f/0x70
[  294.670914][T18892]  ? get_pid_task+0x96/0xd0
[  294.670937][T18892]  ? avc_policy_seqno+0x15/0x30
[  294.670950][T18892]  ? selinux_file_permission+0x1e4/0x320
[  294.670969][T18892]  do_splice_direct+0xda/0x150
[  294.670983][T18892]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  294.671081][T18892]  do_sendfile+0x380/0x650
[  294.671110][T18892]  __x64_sys_sendfile64+0x105/0x150
[  294.671143][T18892]  x64_sys_call+0x2bb4/0x3000
[  294.671163][T18892]  do_syscall_64+0xd2/0x200
[  294.671182][T18892]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  294.671210][T18892]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  294.671230][T18892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.671245][T18892] RIP: 0033:0x7fb05c07f749
[  294.671257][T18892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.671270][T18892] RSP: 002b:00007fb05aac6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  294.671356][T18892] RAX: ffffffffffffffda RBX: 00007fb05c2d6090 RCX: 00007fb05c07f749
[  294.671372][T18892] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[  294.671381][T18892] RBP: 00007fb05aac6090 R08: 0000000000000000 R09: 0000000000000000
[  294.671389][T18892] R10: 0000000000000453 R11: 0000000000000246 R12: 0000000000000001
[  294.671397][T18892] R13: 00007fb05c2d6128 R14: 00007fb05c2d6090 R15: 00007ffc497c8b38
[  294.671410][T18892]  </TASK>
[  294.937181][T18896] netlink: 'syz.1.3843': attribute type 13 has an invalid length.
[  295.078084][T18907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  295.086731][T18907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  295.114670][T18907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3846'.
[  295.177248][T18910] tap0: tun_chr_ioctl cmd 1074025677
[  295.182798][T18910] tap0: linktype set to 805
[  295.221301][T18910] SELinux: failed to load policy
[  295.316494][ T2262] Bluetooth: hci0: Frame reassembly failed (-84)
[  295.371987][T18924] loop7: detected capacity change from 0 to 128
[  295.422517][   T29] audit: type=1107 audit(295.474:20172): pid=18925 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  295.438014][T18926] siw: device registration error -23
[  295.469498][   T29] audit: type=1107 audit(295.524:20173): pid=18927 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  295.480679][T18928] siw: device registration error -23
[  295.608557][T18936] FAULT_INJECTION: forcing a failure.
[  295.608557][T18936] name failslab, interval 1, probability 0, space 0, times 0
[  295.621392][T18936] CPU: 0 UID: 0 PID: 18936 Comm: syz.5.3860 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  295.621426][T18936] Tainted: [W]=WARN
[  295.621434][T18936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  295.621502][T18936] Call Trace:
[  295.621555][T18936]  <TASK>
[  295.621562][T18936]  __dump_stack+0x1d/0x30
[  295.621579][T18936]  dump_stack_lvl+0xe8/0x140
[  295.621592][T18936]  dump_stack+0x15/0x1b
[  295.621604][T18936]  should_fail_ex+0x265/0x280
[  295.621630][T18936]  should_failslab+0x8c/0xb0
[  295.621649][T18936]  kmem_cache_alloc_noprof+0x50/0x480
[  295.621741][T18936]  ? skb_clone+0x151/0x1f0
[  295.621755][T18936]  skb_clone+0x151/0x1f0
[  295.621768][T18936]  __netlink_deliver_tap+0x2c9/0x500
[  295.621785][T18936]  netlink_unicast+0x66b/0x690
[  295.621805][T18936]  netlink_sendmsg+0x58b/0x6b0
[  295.621819][T18936]  ? __pfx_netlink_sendmsg+0x10/0x10
[  295.621832][T18936]  __sock_sendmsg+0x145/0x180
[  295.621848][T18936]  ____sys_sendmsg+0x31e/0x4e0
[  295.621918][T18936]  ___sys_sendmsg+0x17b/0x1d0
[  295.621940][T18936]  __x64_sys_sendmsg+0xd4/0x160
[  295.622033][T18936]  x64_sys_call+0x191e/0x3000
[  295.622048][T18936]  do_syscall_64+0xd2/0x200
[  295.622122][T18936]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  295.622155][T18936]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  295.622188][T18936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.622208][T18936] RIP: 0033:0x7fb05c07f749
[  295.622226][T18936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.622246][T18936] RSP: 002b:00007fb05aae7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  295.622268][T18936] RAX: ffffffffffffffda RBX: 00007fb05c2d5fa0 RCX: 00007fb05c07f749
[  295.622320][T18936] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  295.622328][T18936] RBP: 00007fb05aae7090 R08: 0000000000000000 R09: 0000000000000000
[  295.622336][T18936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.622344][T18936] R13: 00007fb05c2d6038 R14: 00007fb05c2d5fa0 R15: 00007ffc497c8b38
[  295.622358][T18936]  </TASK>
[  295.849971][  T117] Bluetooth: hci1: Frame reassembly failed (-84)
[  295.857877][T18938] Bluetooth: hci1: Frame reassembly failed (-90)
[  296.078276][T18940] loop6: detected capacity change from 0 to 2048
[  296.085035][T18940] msdos: Unknown parameter ' '
[  296.308326][T18944] FAULT_INJECTION: forcing a failure.
[  296.308326][T18944] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.322344][T18944] CPU: 1 UID: 0 PID: 18944 Comm: syz.7.3864 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  296.322368][T18944] Tainted: [W]=WARN
[  296.322374][T18944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  296.322381][T18944] Call Trace:
[  296.322426][T18944]  <TASK>
[  296.322431][T18944]  __dump_stack+0x1d/0x30
[  296.322448][T18944]  dump_stack_lvl+0xe8/0x140
[  296.322535][T18944]  dump_stack+0x15/0x1b
[  296.322550][T18944]  should_fail_ex+0x265/0x280
[  296.322575][T18944]  should_fail+0xb/0x20
[  296.322658][T18944]  should_fail_usercopy+0x1a/0x20
[  296.322672][T18944]  _copy_from_user+0x1c/0xb0
[  296.322688][T18944]  sel_write_load+0x192/0x380
[  296.322790][T18944]  ? __pfx_sel_write_load+0x10/0x10
[  296.322804][T18944]  vfs_write+0x269/0x960
[  296.322819][T18944]  ? __rcu_read_unlock+0x4f/0x70
[  296.322850][T18944]  ? __fget_files+0x184/0x1c0
[  296.322913][T18944]  ksys_write+0xda/0x1a0
[  296.322929][T18944]  __x64_sys_write+0x40/0x50
[  296.323003][T18944]  x64_sys_call+0x2802/0x3000
[  296.323057][T18944]  do_syscall_64+0xd2/0x200
[  296.323109][T18944]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  296.323127][T18944]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  296.323183][T18944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.323197][T18944] RIP: 0033:0x7f3e228cf749
[  296.323209][T18944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.323221][T18944] RSP: 002b:00007f3e21337038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  296.323236][T18944] RAX: ffffffffffffffda RBX: 00007f3e22b25fa0 RCX: 00007f3e228cf749
[  296.323314][T18944] RDX: 000000000000ffa8 RSI: 0000200000000000 RDI: 0000000000000006
[  296.323326][T18944] RBP: 00007f3e21337090 R08: 0000000000000000 R09: 0000000000000000
[  296.323334][T18944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.323343][T18944] R13: 00007f3e22b26038 R14: 00007f3e22b25fa0 R15: 00007ffd5c604838
[  296.323356][T18944]  </TASK>
[  297.336271][ T3590] Bluetooth: hci0: command 0x1003 tx timeout
[  297.341217][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  297.380118][   T29] audit: type=1107 audit(297.434:20174): pid=18952 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  297.810516][   T29] audit: type=1326 audit(297.864:20175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.6.3869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  297.834033][T18959] loop6: detected capacity change from 0 to 1024
[  297.834617][T18959] EXT4-fs: Ignoring removed orlov option
[  297.841863][   T29] audit: type=1326 audit(297.864:20176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.6.3869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  297.850127][T18959] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.871071][   T29] audit: type=1326 audit(297.864:20177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.6.3869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  297.906876][T18959] xt_CT: You must specify a L4 protocol and not use inversions on it
[  297.915775][   T29] audit: type=1326 audit(297.864:20178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.6.3869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7961d5f783 code=0x7ffc0000
[  297.915970][ T3501] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  297.950784][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.121894][T18970] netlink: 124 bytes leftover after parsing attributes in process `syz.6.3874'.
[  298.138006][T18970] loop6: detected capacity change from 0 to 1764
[  298.303880][T18989] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  298.358865][ T6742] Bluetooth: hci0: Frame reassembly failed (-84)
[  298.521375][T18996] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3882'.
[  298.706445][T19001] loop6: detected capacity change from 0 to 4096
[  298.713305][T19001] EXT4-fs: Ignoring removed mblk_io_submit option
[  298.719930][T19001] EXT4-fs: test_dummy_encryption option not supported
[  298.736618][T19001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.745325][T19001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.775455][T19001] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3884'.
[  298.833804][T19005] loop5: detected capacity change from 0 to 512
[  298.848845][T19005] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.877787][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.008488][T19014] siw: device registration error -23
[  299.038077][T19016] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3889'.
[  299.050925][T19018] loop3: detected capacity change from 0 to 512
[  299.074955][T19020] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  299.088163][T19018] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.120472][T19018] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3890: corrupted inode contents
[  299.140715][T19018] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.3890: mark_inode_dirty error
[  299.162933][T19018] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.3890: corrupted inode contents
[  299.179879][   T29] kauditd_printk_skb: 37 callbacks suppressed
[  299.179961][   T29] audit: type=1326 audit(299.234:20216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.187381][T19018] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3890: mark_inode_dirty error
[  299.210920][   T29] audit: type=1326 audit(299.234:20217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.246626][   T29] audit: type=1326 audit(299.234:20218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.254277][T19027] EXT4-fs error (device loop3): ext4_lookup:1784: inode #18: comm syz.3.3890: 'file0' linked to parent dir
[  299.271042][   T29] audit: type=1326 audit(299.234:20219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.306898][   T29] audit: type=1326 audit(299.234:20220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb05c07df90 code=0x7ffc0000
[  299.331352][   T29] audit: type=1326 audit(299.234:20221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb05c080f77 code=0x7ffc0000
[  299.355585][   T29] audit: type=1326 audit(299.234:20222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.379932][   T29] audit: type=1326 audit(299.234:20223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fb05c080f77 code=0x7ffc0000
[  299.403177][   T29] audit: type=1326 audit(299.234:20224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb05c07e3aa code=0x7ffc0000
[  299.426333][   T29] audit: type=1326 audit(299.234:20225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19025 comm="syz.5.3893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  299.453814][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.518706][T19034] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3896'.
[  299.600388][T19039] infiniband syz!: set down
[  299.604957][T19039] infiniband syz!: added team_slave_0
[  299.618585][T19039] RDS/IB: syz!: added
[  299.623127][T19039] smc: adding ib device syz! with port count 1
[  299.631048][T19041] IPv6: NLM_F_CREATE should be specified when creating new route
[  299.639069][T19039] smc:    ib device syz! port 1 has no pnetid
[  300.261849][T19048] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3901'.
[  300.343818][T19052] netlink: 'syz.5.3903': attribute type 21 has an invalid length.
[  300.351948][T19052] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3903'.
[  300.361096][T19052] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3903'.
[  300.398808][ T3571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  300.413061][T19055] loop5: detected capacity change from 0 to 512
[  300.428034][T19055] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.442794][T19055] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.3904: corrupted inode contents
[  300.455656][T19055] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.3904: mark_inode_dirty error
[  300.468301][T19055] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.3904: corrupted inode contents
[  300.480860][T19055] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.3904: mark_inode_dirty error
[  300.494100][T19055] EXT4-fs error (device loop5): ext4_lookup:1784: inode #18: comm syz.5.3904: 'file0' linked to parent dir
[  300.519177][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.649678][T19069] netlink: 'syz.1.3909': attribute type 4 has an invalid length.
[  301.831877][T19076] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3912'.
[  302.328865][T19088] loop5: detected capacity change from 0 to 256
[  302.343786][ T2262] Bluetooth: hci0: Frame reassembly failed (-84)
[  302.489406][T19095] loop5: detected capacity change from 0 to 512
[  302.578140][T19095] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.950853][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.028861][T19116] syzkaller0: entered promiscuous mode
[  304.034459][T19116] syzkaller0: entered allmulticast mode
[  304.191613][   T29] kauditd_printk_skb: 175 callbacks suppressed
[  304.191631][   T29] audit: type=1326 audit(304.244:20401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19108 comm="syz.5.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  304.222288][   T29] audit: type=1326 audit(304.264:20402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.245499][   T29] audit: type=1326 audit(304.274:20403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.268588][   T29] audit: type=1326 audit(304.274:20404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19108 comm="syz.5.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  304.292136][   T29] audit: type=1326 audit(304.284:20405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.315442][   T29] audit: type=1326 audit(304.284:20406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19108 comm="syz.5.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb05c07f749 code=0x7ffc0000
[  304.367354][   T29] audit: type=1326 audit(304.374:20407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.390540][   T29] audit: type=1326 audit(304.384:20408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.390800][ T3571] Bluetooth: hci0: command 0x1003 tx timeout
[  304.414023][   T29] audit: type=1326 audit(304.394:20409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.414100][   T29] audit: type=1326 audit(304.404:20410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19113 comm="syz.1.3924" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fb630c3f749 code=0x7ffc0000
[  304.466436][ T3501] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  304.484232][T19124] loop7: detected capacity change from 0 to 4096
[  304.491532][T19124] EXT4-fs: Ignoring removed mblk_io_submit option
[  304.498267][T19124] EXT4-fs: test_dummy_encryption option not supported
[  304.512444][T19124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.521133][T19124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.530011][T19124] dummy0: entered promiscuous mode
[  304.535530][T19124] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3927'.
[  304.548334][T19124] dummy0 (unregistering): left promiscuous mode
[  304.618217][T19128] bridge0: entered promiscuous mode
[  304.624919][T19128] bridge0: port 3(macsec1) entered blocking state
[  304.632271][T19128] bridge0: port 3(macsec1) entered disabled state
[  304.639843][T19128] macsec1: entered allmulticast mode
[  304.645230][T19128] bridge0: entered allmulticast mode
[  304.653975][T19128] macsec1: left allmulticast mode
[  304.660041][T19128] bridge0: left allmulticast mode
[  304.667187][T19128] bridge0: left promiscuous mode
[  304.681859][T19129] loop5: detected capacity change from 0 to 512
[  304.688641][T19129] EXT4-fs: Ignoring removed i_version option
[  304.694711][T19129] EXT4-fs: Ignoring removed bh option
[  304.751205][T19129] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.124298][T19142] siw: device registration error -23
[  305.181774][T19147] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3934'.
[  305.214505][T19152] FAULT_INJECTION: forcing a failure.
[  305.214505][T19152] name failslab, interval 1, probability 0, space 0, times 0
[  305.228173][T19152] CPU: 1 UID: 0 PID: 19152 Comm: syz.6.3937 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  305.228211][T19152] Tainted: [W]=WARN
[  305.228219][T19152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  305.228260][T19152] Call Trace:
[  305.228269][T19152]  <TASK>
[  305.228277][T19152]  __dump_stack+0x1d/0x30
[  305.228375][T19152]  dump_stack_lvl+0xe8/0x140
[  305.228449][T19152]  dump_stack+0x15/0x1b
[  305.228470][T19152]  should_fail_ex+0x265/0x280
[  305.228510][T19152]  should_failslab+0x8c/0xb0
[  305.228629][T19152]  __kmalloc_noprof+0xa5/0x570
[  305.228729][T19152]  ? kobject_get_path+0x92/0x1c0
[  305.228758][T19152]  kobject_get_path+0x92/0x1c0
[  305.228863][T19152]  input_devices_seq_show+0x36/0x470
[  305.228968][T19152]  seq_read_iter+0x636/0x950
[  305.228989][T19152]  seq_read+0x270/0x2b0
[  305.229010][T19152]  ? __pfx_seq_read+0x10/0x10
[  305.229026][T19152]  proc_reg_read+0x128/0x1c0
[  305.229045][T19152]  ? __pfx_proc_reg_read+0x10/0x10
[  305.229080][T19152]  vfs_readv+0x3fb/0x690
[  305.229115][T19152]  __x64_sys_preadv+0xfd/0x1c0
[  305.229150][T19152]  x64_sys_call+0x282e/0x3000
[  305.229176][T19152]  do_syscall_64+0xd2/0x200
[  305.229201][T19152]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  305.229257][T19152]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  305.229330][T19152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.229354][T19152] RIP: 0033:0x7f7961d5f749
[  305.229372][T19152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.229391][T19152] RSP: 002b:00007f79607bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  305.229411][T19152] RAX: ffffffffffffffda RBX: 00007f7961fb5fa0 RCX: 00007f7961d5f749
[  305.229457][T19152] RDX: 0000000000000001 RSI: 00002000000015c0 RDI: 0000000000000003
[  305.229532][T19150] loop3: detected capacity change from 0 to 2048
[  305.229553][T19152] RBP: 00007f79607bf090 R08: 000000000000d215 R09: 0000000000000000
[  305.229569][T19152] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[  305.229580][T19152] R13: 00007f7961fb6038 R14: 00007f7961fb5fa0 R15: 00007ffff6524708
[  305.229598][T19152]  </TASK>
[  305.446587][T19150] msdos: Unknown parameter ' '
[  305.472813][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.542173][T19160] loop6: detected capacity change from 0 to 512
[  305.563454][T19160] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  305.588014][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.768232][T19180] netlink: 27 bytes leftover after parsing attributes in process `syz.5.3948'.
[  305.782930][T19180] loop5: detected capacity change from 0 to 512
[  305.791885][T19180] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  305.802229][T19180] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities
[  306.015686][T19184] loop5: detected capacity change from 0 to 128
[  306.038398][T19184] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  306.046337][T19184] FAT-fs (loop5): Filesystem has been set read-only
[  306.053370][T19184] syz.5.3950: attempt to access beyond end of device
[  306.053370][T19184] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  306.067848][T19184] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  306.075974][T19184] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  306.084449][T19184] syz.5.3950: attempt to access beyond end of device
[  306.084449][T19184] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.097958][T19184] syz.5.3950: attempt to access beyond end of device
[  306.097958][T19184] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.111592][T19183] syz.5.3950: attempt to access beyond end of device
[  306.111592][T19183] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.125404][T19183] syz.5.3950: attempt to access beyond end of device
[  306.125404][T19183] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.139045][T19184] syz.5.3950: attempt to access beyond end of device
[  306.139045][T19184] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.155872][T19186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3951'.
[  306.165048][T19186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3951'.
[  306.175772][T19183] syz.5.3950: attempt to access beyond end of device
[  306.175772][T19183] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.191184][T19184] syz.5.3950: attempt to access beyond end of device
[  306.191184][T19184] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.213699][T19186] loop3: detected capacity change from 0 to 512
[  306.221883][T19186] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  306.231731][T19188] syz.5.3950: attempt to access beyond end of device
[  306.231731][T19188] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.245092][T19184] syz.5.3950: attempt to access beyond end of device
[  306.245092][T19184] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[  306.262646][T19186] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  306.319360][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  306.397790][T19192] siw: device registration error -23
[  306.489414][T19196] loop6: detected capacity change from 0 to 512
[  306.519748][T19196] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  306.578319][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.749380][T19208] loop3: detected capacity change from 0 to 512
[  306.764853][T19208] EXT4-fs error (device loop3): ext4_init_orphan_info:581: comm syz.3.3955: inode #0: comm syz.3.3955: iget: illegal inode #
[  306.861202][T19210] lo speed is unknown, defaulting to 1000
[  307.104648][T19208] EXT4-fs (loop3): get orphan inode failed
[  307.255197][T19208] EXT4-fs (loop3): mount failed
[  307.643156][T19202] netlink: 204 bytes leftover after parsing attributes in process `syz.3.3955'.
[  307.906863][  T117] Bluetooth: hci0: Frame reassembly failed (-84)
[  308.701085][T19221] lo speed is unknown, defaulting to 1000
[  309.289660][T19224] loop6: detected capacity change from 0 to 512
[  309.311411][T19224] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  309.347284][T19224] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.398972][T19224] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.3961: deleted inode referenced: 16
[  309.426904][   T29] kauditd_printk_skb: 50 callbacks suppressed
[  309.426919][   T29] audit: type=1400 audit(309.484:20461): avc:  denied  { setattr } for  pid=19223 comm="syz.6.3961" name="file0" dev="loop6" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  309.482768][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.751128][T19229] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3962'.
[  309.922432][T19232] loop6: detected capacity change from 0 to 512
[  309.953036][T19232] EXT4-fs error (device loop6): ext4_init_orphan_info:581: comm syz.6.3963: inode #0: comm syz.6.3963: iget: illegal inode #
[  309.975966][ T3501] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  309.979431][ T3571] Bluetooth: hci0: command 0x1003 tx timeout
[  310.009570][T19232] EXT4-fs (loop6): get orphan inode failed
[  310.047940][T19232] EXT4-fs (loop6): mount failed
[  310.107784][   T29] audit: type=1326 audit(310.164:20462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.131762][   T29] audit: type=1326 audit(310.164:20463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.225587][   T29] audit: type=1326 audit(310.224:20464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.248869][   T29] audit: type=1326 audit(310.224:20465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.272048][   T29] audit: type=1326 audit(310.224:20466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.284881][T19239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  310.295091][   T29] audit: type=1326 audit(310.254:20467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.319202][T19239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.326405][   T29] audit: type=1326 audit(310.254:20468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.357343][   T29] audit: type=1326 audit(310.254:20469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.380565][   T29] audit: type=1326 audit(310.254:20470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19230 comm="syz.6.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f7961d5f749 code=0x7ffc0000
[  310.419480][T19239] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.451152][T19244] loop7: detected capacity change from 0 to 1024
[  310.482385][T19244] EXT4-fs: Ignoring removed orlov option
[  310.500846][T19244] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.528094][T19239] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.620347][T19239] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.672159][T19239] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.692074][T19254] xt_CT: You must specify a L4 protocol and not use inversions on it
[  310.755448][   T67] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  310.772212][   T67] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  310.785108][   T67] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  310.812294][   T67] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  310.845759][T19256] siw: device registration error -23
[  310.880492][T19258] loop6: detected capacity change from 0 to 512
[  310.888562][T19258] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  310.908506][T19258] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.927629][T19258] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.3972: deleted inode referenced: 16
[  310.953853][T17658] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.068578][T19270] lo speed is unknown, defaulting to 1000
[  311.115102][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.142148][T19273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3979'.
[  311.151959][T19273] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19273 comm=syz.1.3979
[  311.484400][T19285] loop5: detected capacity change from 0 to 512
[  311.603065][T19285] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.631092][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.721826][T19299] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3988'.
[  311.803081][T19306] loop7: detected capacity change from 0 to 512
[  311.807721][T19306] EXT4-fs: Ignoring removed i_version option
[  311.817926][T19306] EXT4-fs: Ignoring removed bh option
[  311.858614][T19306] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.880255][T19308] loop5: detected capacity change from 0 to 1024
[  311.880850][T19308] EXT4-fs: Ignoring removed orlov option
[  311.920732][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.928352][T19308] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.076315][T19315] xt_CT: You must specify a L4 protocol and not use inversions on it
[  312.368634][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.451865][T19335] siw: device registration error -23
[  312.539958][T19345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4006'.
[  312.554799][T19345] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19345 comm=syz.3.4006
[  312.605663][T19347] loop7: detected capacity change from 0 to 512
[  312.629272][T19347] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.671255][T17699] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.819695][T19343] loop5: detected capacity change from 0 to 512
[  312.837686][T19343] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.4003: bad orphan inode 11862016
[  312.838242][T19343] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  313.470484][T16819] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  313.498160][T19362] loop3: detected capacity change from 0 to 1024
[  313.505749][T19362] EXT4-fs: Ignoring removed orlov option
[  313.529733][T19362] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.620855][T19362] ==================================================================
[  313.628982][T19362] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode
[  313.637269][T19362] 
[  313.639603][T19362] write to 0xffff8881191fad10 of 4 bytes by task 19371 on cpu 0:
[  313.647333][T19362]  writeback_single_inode+0x150/0x3f0
[  313.652738][T19362]  sync_inode_metadata+0x5b/0x90
[  313.657693][T19362]  generic_buffers_fsync_noflush+0xd9/0x120
[  313.663871][T19362]  ext4_sync_file+0x1ab/0x690
[  313.668570][T19362]  vfs_fsync_range+0x10d/0x130
[  313.673352][T19362]  ext4_buffered_write_iter+0x34f/0x3c0
[  313.678939][T19362]  ext4_file_write_iter+0x387/0xf60
[  313.684230][T19362]  iter_file_splice_write+0x666/0xa60
[  313.689610][T19362]  direct_splice_actor+0x156/0x2a0
[  313.694839][T19362]  splice_direct_to_actor+0x312/0x680
[  313.700236][T19362]  do_splice_direct+0xda/0x150
[  313.705193][T19362]  do_sendfile+0x380/0x650
[  313.709669][T19362]  __x64_sys_sendfile64+0x105/0x150
[  313.714992][T19362]  x64_sys_call+0x2bb4/0x3000
[  313.719688][T19362]  do_syscall_64+0xd2/0x200
[  313.724214][T19362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.730132][T19362] 
[  313.732467][T19362] read to 0xffff8881191fad10 of 4 bytes by task 19362 on cpu 1:
[  313.740117][T19362]  __mark_inode_dirty+0x191/0x750
[  313.745165][T19362]  ext4_write_inline_data_end+0x3e5/0x5f0
[  313.750915][T19362]  ext4_write_end+0x3d7/0x730
[  313.755606][T19362]  generic_perform_write+0x312/0x490
[  313.760914][T19362]  ext4_buffered_write_iter+0x1ee/0x3c0
[  313.766482][T19362]  ext4_file_write_iter+0x387/0xf60
[  313.771789][T19362]  iter_file_splice_write+0x666/0xa60
[  313.777173][T19362]  direct_splice_actor+0x156/0x2a0
[  313.782306][T19362]  splice_direct_to_actor+0x312/0x680
[  313.787706][T19362]  do_splice_direct+0xda/0x150
[  313.792568][T19362]  do_sendfile+0x380/0x650
[  313.797106][T19362]  __x64_sys_sendfile64+0x105/0x150
[  313.802338][T19362]  x64_sys_call+0x2bb4/0x3000
[  313.807219][T19362]  do_syscall_64+0xd2/0x200
[  313.811757][T19362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.817768][T19362] 
[  313.820116][T19362] value changed: 0x00000070 -> 0x00000002
[  313.826174][T19362] 
[  313.828692][T19362] Reported by Kernel Concurrency Sanitizer on:
[  313.834865][T19362] CPU: 1 UID: 0 PID: 19362 Comm: syz.3.4010 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  313.846372][T19362] Tainted: [W]=WARN
[  313.850197][T19362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  313.860266][T19362] ==================================================================
[  313.892802][T19372] xt_CT: You must specify a L4 protocol and not use inversions on it
[  314.078398][T16695] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.